Depending on your expected load, you might want to run Squid on a
different machine than your firewall. I know of two configurations:
1. Keep the proxy inside the firewall and only allow tcp requests from
the proxy machine to go out through the fire wall.
2. Keep the proxy outside the firewall and only allow tcp requests to the
proxy port/machine to go out through the fire wall. You might also want to
disallow any requests to the proxy from outside.
The second configuration is less safe unless you have some scheme that
quickly detects whether the outside proxy machine has been hacked.
I recommend reading the book "Web Proxy Servers" by Ari Luotonen, Prentice
Hall, 1998, ISBN 0-13-680612-0. It has lots of firewall stuff in it.
O'Reilly also published a good but more general book on firewalls.
Carlos
On Wed, 16 Sep 1998, Hans Petter Fasteng wrote:
This question has fore shure bean asked a lot of times, and I have looked
in the users quide and in the FAQ, and found some info, but I do not
understand what I read, I understand but I do not know enoth about
firewalls to know what to do. I have a firewall (linux 2.0.35) with two
network cards in it it has squid running and working (I used the computer
without a firewall before it was asign the firwall duty). Now I wold like
the users on the firewall network to be able to use www from inside, how
do I configure squid, do I need to put pu an extra squid on the same
computer to act as a parrent to make the access work? Plase tell me how
this works and whay it is like this.
Thanks in advace
-hans
Received on Wed Sep 16 1998 - 15:19:57 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:03 MST