Relinghaus@aol.com wrote:
>
> Proxying works fine until I start the Firewall (ipchains). Squid cannot
> directly access
> the outside world any longer because only a few ports are allowed by the
> firewall. I cannot use never_direct because I don't run a parent cache. How
> do I configure squid/ipchains without tearing down my firewall?
All you have to do it to add two ipchains rules. One that allows your
users to talk to squid and one that allows squid to talk to the outside
world. A neat bandwidth saving trick is to block outgoing access to
port 80, 8080, 81 etc so all your users are forced to go via the proxy.
See the IPChains HOWTO for detailed information - it's an excellent
read.
-- Martin Brooks, Systems Administrator martin@gointernet.co.uk --------------------------- Go Internet Ltd 36 Gloucester Avenue NW1 7BB London UK Phone +44-(0)20-7419 0001 Fax +44-(0)20-7419 6519Received on Fri Feb 25 2000 - 00:38:43 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:34 MST