Hi !
For saving IP-Addresses when Squid is accelerating about 30 public
accessible Webs (using the Host 'httpd_accel_uses_host_header' is not an
option), I thought of redirecting the requests into a 192.168.x.y-Network.
With the machine Squid is running on using 2 network-cards - the first one
aliased with all the official IP-Addresses and the second one is a Gateway
to the local net where squid will find the real servers - I know there has
to be a strict routing table. To do so, it should be guaranteed, that only
the Squid-Box is able to connect into this subnet.
But : Some Webs are updated by clients using M$-Frontpage. Their
originating from our subnet (the official one) so I need to grant them
access to the Webserver in the 192.168.x.y-Network.
My idea is : Since we have only one physical connection to the Internet
using a CISCO, I thought of blocking all outgoing and incoming requests
for the classified network. For beeing more user-friendly, I thougt of
setting up two DNS-Servers, an external and an internal one.
The external DNS only keeps the most nescessary informations about our
web. The internal one holds more information : Even the classified network
is listed there. The users have to use the internal one, since only this
DNS-Server is able to connect to the external DNS, his DNS-GW.
I would like someone neutral to analyse my idea and correcting me / giving
me hints/tips/tricks on problematic issues. So : If you think this
wouldn't work, please write me.
Or do you know of any alternatives ?????
thanks a lot, sascha
Received on Sun Apr 05 1998 - 08:16:15 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:35 MST