Re: squid inside firewall

From: Carlos Maltzahn <>
Date: Wed, 16 Sep 1998 16:18:28 -0600 (MDT)

Depending on your expected load, you might want to run Squid on a
different machine than your firewall. I know of two configurations:

1. Keep the proxy inside the firewall and only allow tcp requests from
the proxy machine to go out through the fire wall.

2. Keep the proxy outside the firewall and only allow tcp requests to the
proxy port/machine to go out through the fire wall. You might also want to
disallow any requests to the proxy from outside.

The second configuration is less safe unless you have some scheme that
quickly detects whether the outside proxy machine has been hacked.

I recommend reading the book "Web Proxy Servers" by Ari Luotonen, Prentice
Hall, 1998, ISBN 0-13-680612-0. It has lots of firewall stuff in it.
O'Reilly also published a good but more general book on firewalls.


On Wed, 16 Sep 1998, Hans Petter Fasteng wrote:

    This question has fore shure bean asked a lot of times, and I have looked
    in the users quide and in the FAQ, and found some info, but I do not
    understand what I read, I understand but I do not know enoth about
    firewalls to know what to do. I have a firewall (linux 2.0.35) with two
    network cards in it it has squid running and working (I used the computer
    without a firewall before it was asign the firwall duty). Now I wold like
    the users on the firewall network to be able to use www from inside, how
    do I configure squid, do I need to put pu an extra squid on the same
    computer to act as a parrent to make the access work? Plase tell me how
    this works and whay it is like this.
    Thanks in advace
Received on Wed Sep 16 1998 - 15:19:57 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:03 MST