Squid and firewall - how?

From: Karsten Spang <krs@dont-contact.us>
Date: Tue, 07 Jan 97 15:45:39 +0100


I am in the process of setting up squid for use from behind a firewall.
I have checked the mailing list archives and found out that using squid
as an application gateway, although possible, is probably not a good
idea. But how should I set up things then? I see a number of
possibilities, but I am not sure which of them are feasible.

1: Run squid on an internal machine, let it use the firewall as its
parent. The firewall uses fwtk hhtp-gw. Is squid able to communicate
with http-gw, if I declare it as the parent?
This is the solution I like best from an administration and security
point of view.

2: Run squid on a machine on the outside, use plug-gw to direct calls
to the proxy on the firewall to the outside squid. This is more or less
as safe as 1, but requires everything to be sent through the firewall,
which could mean a performance hit.

3: Run squid on both the inside and the outside, use plug-gw to let the
internal squid connect to the outside. This costs more in machines and
administration, but probably gives optimum performance.

Any comments?

E-mail: krs@kampsax.dk Karsten Spang
Phone: +45 36 39 08 00 Kampsax Technology
Fax: +45 36 77 03 01 P.O. Box 1142
WWW: http://www.kampsax.dk/~krs DK-2650 Hvidovre
Received on Tue Jan 07 1997 - 06:57:19 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:00 MST