RE: [squid-users] dual nic setup for SQUID

From: Peter Kassies <p.kassies@dont-contact.us>
Date: Wed, 6 Jun 2001 15:46:05 +0200

Mike,

My knowledge on bordermanager is limited. But I think it is the firewall
solution provided by novell.
You current network schema bypasses the bordermanager, so now hackers have
two systems to hack instead of one.

Better would be to place squid on the same network as the end users. Point
the browsers to the squid server, it doesn't matter if the bordermanager is
the default gateway of the enduser systems.

Then allow your proxyserver to connect via the bordermanager to the
internet. I only have checkpoint firewall experience and it isn't to
difficult there.
It uses rules to allow/deny systems connecting to other networks via the
firewall, I suppose bordermanager works the same.

Peter
  -----Oorspronkelijk bericht-----
  Van: Mike Singleton [mailto:MSingle@davita.com]
  Verzonden: Wednesday, June 06, 2001 3:03 PM
  Aan: p.kassies@ptt-post.nl
  CC: squid-users@squid-cache.org
  Onderwerp: RE: [squid-users] dual nic setup for SQUID

  Here is the way that our network is laid out..

  Internet ---------------------BorderManager-----------------------End User
LAN
      |
|
      |
|
      +-------------------------------SQUID---------------------

  The def. route for end user lan is the bordermanger, however, you can
manually configure IE for the squid server. I think bordermanager is the
culprit here.

>>> "Peter Kassies" <p.kassies@ptt-post.nl> 06/06/01 03:23AM >>>

  Mike,

  Here is a little drawing (how it sorta looks in our network)

      internet
          |
      firewall---------------------------------------- dmz lan
                                  |
                              proxyserver
                                  |
                  -------------------------------------- end user lan

  So what you have to do is configure the nics with a different ipadres. Of
course the ipadres for the internal side is the ipaddress on the end user
lan.
  I have proxy listning to port 8080 so all endusers have to configure the
internal ipadres of the proxyserver and the port in their browser.

  The proxyserver has a dns on the internet in its /etc/resolv.conf and
resolves all urls and fetches the content from websites on the internet.

  Peter

    -----Oorspronkelijk bericht-----
    Van: Mike Singleton [mailto:MSingle@davita.com]
    Verzonden: Tuesday, June 05, 2001 6:25 PM
    Aan: p.kassies@ptt-post.nl
    Onderwerp: RE: [squid-users] dual nic setup for SQUID

    Cool... thanks... but I have a few questions...
    How do I configure Squid to listen inside??

>>> "Peter Kassies" <p.kassies@ptt-post.nl> 06/05/01 09:22AM >>>

    Shouldn't be to difficult. I have the same on my network.
    First make sure squid is listning to your "inside" network ipadres.

    Then make sure de default gateway of the system is pointing to the
internet via your other nic.
    Make sure the server can access a dns for resolving urls.

    Peter

      -----Oorspronkelijk bericht-----
      Van: Mike Singleton [mailto:MSingle@davita.com]
      Verzonden: Tuesday, June 05, 2001 6:11 PM
      Aan: >
      Onderwerp: [squid-users] dual nic setup for SQUID

      I have a RH7.1 and with dual nics. How do I setup squid and/or
routing? When the workstation is set for the the SQUID server, I cannot get
outside the network...
Received on Wed Jun 06 2001 - 07:46:05 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:30 MST