Sure, ofcourece there must be a firewall on-board that controls the
ip-forwarding and the internal interface shoud be on a private address
space.
Graz
-----Original Message-----
From: Squid Support (Henrik Nordstrom) [mailto:hno@marasystems.com]
Sent: Friday, May 24, 2002 12:26 PM
To: Sommariva Graziano; Hamed Abangar
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Cache and Firewall in one machine
Please note that on most OS:es making Squid only listen on the "internal
interface" is not sufficient to protect Squid from "the evil outside". You
must also use firewalling to make sure this address cannot be contacted from
the outside.
If you do not know what I am talking about, try plugging a machine on the
outside network and add a route for the internal network via the external IP
address of your Squid server...
Regards
Henrik
Sommariva Graziano wrote:
> I would suggest to setup squid to listen only on the internal interface
and
> p;ossibli tu run chrooted.
>
> Graz
>
> -----Original Message-----
> From: Marc Elsen [mailto:marc.elsen@imec.be]
> Sent: Friday, May 24, 2002 11:13 AM
> To: Hamed Abangar
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Cache and Firewall in one machine
>
> Hamed Abangar wrote:
> > Dear members....
> >
> > I have a linux rh7.2 machine in my company...I'm configuring this box
> > to act as my network firewall (iptables and ipchains) for protecting
> > my network from outside(internet)...this box has 2 LAN card (one valid
> > ip and on private ip)......Can this machine be my network cache with
> > setting up squid on it!!...please send some detail for howto or
> > usefull link for help me...
>
> I would advised against doing this.
> It's better to use a different box for SQUID.
>
> The firewall box can then protect your SQUID host according
> to you security policy requirements (for example).
>
>
> M.
>
> > Thanks
> >
> > Hamed Abangar
> >
> > ----------------------------------------------------------------------
> > Do You Yahoo!?
> > LAUNCH - Your Yahoo! Music Experience
-- Basic free Squid support provided thanks to MARA Systems AB Your source of advanced reverse proxy solutions or customized Squid solutions. http://www.marasystems.com/products/Received on Fri May 24 2002 - 04:38:49 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:13 MST