Hello Anthony!
Thank you for the help.
I was able to successfully install and run Squid.
Thank you to all the help I got from this group!
Yes I didn't install any DNS on my server.
Now for the firewall... I am still thinking whether to do it the hard way (a friend of mine lent me a book in iptables today) or get the shorewall firewall and make things easier.
I just got a basic rule right now.
Block everyone else except me.
Funny thing happened... I even blocked myself a while ago.
Had to run to the server room and change all the config.
Again, thank you for the help folks! I really appreciate this. Especially on the recent attacks on windows servers. I want to protect not only the linux servers but also the windows users.
Fritz Mesedilla
--- + Basta Ikaw Lord > -----Original Message----- > From: Anthony M. Rasat [mailto:anton@kaltengpos.com] > Sent: Wednesday, August 27, 2003 6:07 PM > To: squid-users@squid-cache.org > Subject: Re: [squid-users] firewall and squid > > > Hi Fritz, > > I believe that it would be much depending on how is your > network configured. > You don't really need a firewall application running in the > same machine as > your http cache if you have a dedicated firewall protecting > your network : > better to re-fine tune that firewall instead of giving an > extra load on your > http cache machine. > > However a real life example is here with me : I'm running > Squid-2.5.STABLE3 > in the same machine that configured as DMZ-style firewall, 3 network > interface - to internal network, to optional (behind firewall but > transparent to users in internet since it uses internet IP > address) and > internet interface. It firewalls connections from internet > but at the same > time caches http objects. Of course it doesn't act as DNS > server since that > would propagate a security concern. > > It has been up since - errm, I lost count - around nine > months ago. The > hardware isn't impressive either, it's just a Pentium 4 1.6 > GHz with 128MB > RAM and (sadly) IDE drive 20 GB running Slackware 8.1 kernel > 2.4.20. Enough > for a network with under 50 hosts. > > You will only need to concern about two things : a) your > firewall rules > should not block name services (destination port 53 on TCP and/or UDP, > depending on your setup), and b) your firewall rules should > not block your > http cache's http port (source port 3128 or 8080, depending > on your setup). > > > Regards, > > Anthony M. Rasat > PT. Kalteng Pos Press > Palangkaraya - Indonesia.- > > > > ----- Original Message ----- > From: "Fritz Mesedilla" <fritz.mesedilla@overturemedia.com> > To: <squid-users@squid-cache.org> > Sent: Wednesday, August 27, 2003 11:45 AM > Subject: [squid-users] firewall and squid > > > > Hello! I'm quite new here. > > Would it be possible for me to have squid and a firewall on > the same server? > I'm concerned about security and also on budget. > > Thanks in advance. > > Fritz Mesedilla > --- > + Basta Ikaw Lord > > ---------------------------------------------------------------------- > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the sender immediately by e-mail and delete this e-mail from your > system. Please note that any views or opinions presented in this > email are solely those of the author and do not necessarily represent > those of the company. Finally, the recipient should check this email > and any attachments for the presence of viruses. The company accepts > no liability for any damage caused by any virus transmitted by this > email. > > Overture Media, Inc. > Direct Line: (632) 635-4785 > Trunkline: (632) 631-8971 Local 146 > Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. > Ortigas Ave., > Quezon City 1100 > > ---------------------------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately by e-mail and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Overture Media, Inc. Direct Line: (632) 635-4785 Trunkline: (632) 631-8971 Local 146 Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 1100Received on Wed Aug 27 2003 - 04:47:51 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:08 MST