Re: [squid-users] Cache and Firewall in one machine

From: Squid Support (Henrik Nordstrom) <hno@dont-contact.us>
Date: Fri, 24 May 2002 12:25:42 +0200

Please note that on most OS:es making Squid only listen on the "internal
interface" is not sufficient to protect Squid from "the evil outside". You
must also use firewalling to make sure this address cannot be contacted from
the outside.

If you do not know what I am talking about, try plugging a machine on the
outside network and add a route for the internal network via the external IP
address of your Squid server...

Regards
Henrik

Sommariva Graziano wrote:
> I would suggest to setup squid to listen only on the internal interface and
> p;ossibli tu run chrooted.
>
> Graz
>
> -----Original Message-----
> From: Marc Elsen [mailto:marc.elsen@imec.be]
> Sent: Friday, May 24, 2002 11:13 AM
> To: Hamed Abangar
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Cache and Firewall in one machine
>
> Hamed Abangar wrote:
> > Dear members....
> >
> > I have a linux rh7.2 machine in my company...I'm configuring this box
> > to act as my network firewall (iptables and ipchains) for protecting
> > my network from outside(internet)...this box has 2 LAN card (one valid
> > ip and on private ip)......Can this machine be my network cache with
> > setting up squid on it!!...please send some detail for howto or
> > usefull link for help me...
>
> I would advised against doing this.
> It's better to use a different box for SQUID.
>
> The firewall box can then protect your SQUID host according
> to you security policy requirements (for example).
>
>
> M.
>
> > Thanks
> >
> > Hamed Abangar
> >
> > ----------------------------------------------------------------------
> > Do You Yahoo!?
> > LAUNCH - Your Yahoo! Music Experience

-- 
Basic free Squid support provided thanks to MARA Systems AB
Your source of advanced reverse proxy solutions or customized
Squid solutions. http://www.marasystems.com/products/
Received on Fri May 24 2002 - 04:25:59 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:13 MST