Re: squid as relay, or plug-gw (fwd)

From: Bruce Campbell <>
Date: Mon, 1 Jun 1998 14:08:15 +1000 (EST)

On Sun, 31 May 1998, Ricardo Kleemann wrote:

> plug-gw was suggested but it may not be ideal since it runs off inetd.

plug-gw -daemon

works for me, and the number of these running have bugger-all load on our
firewall machine (a lowend 486 ;) )

> Someone else mentioned tcpserver, and I'm confused as to whether tcpserver
> would work for what I need.

tcpserver (as far as I know) is kinda a inetd with limits? *shrug*

> Now I'm also hearing about masquerading...

Ok, you can have:

Firewalled Client -> Firewall -> Squid outside firewall -> Internet

Firewalled Clients -> Firewall running Squid -> Internet


Firewalled Clients -> Squid -> Firewall -> Squid -> Internet
                      Inside Outside
                      Firewall Firewall
                 (hmmm, squid inside logo? ;) )

With all of the above, the Firewall can play with the packets:

Invoke a plug-gw or equiv from inetd or equiv (per transaction hole)

Have a dedicated plug-gw or equiv passing connections through (permanent

Route blocking, ie the clients behind the firewall have real IPs, but are
not routed directly, but can reach the squid box (firewall does strict

Or finally, masquarading, where the firewall keeps track of each
packet/tcp stream, and makes it appear to be comming from the firewall
itself when its really coming from a machine behind the firewall.

That should give you a few ideas about what to do. Personally, plug-gw
-daemon works ;)


Its the simple things that matter.
Received on Mon Jun 01 1998 - 00:10:34 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:36 MST