RE: [squid-users] Squid behind a NAT/FW

> -----Original Message----- From: colonyofcrumbs@bellsouth.net
> [mailto:colonyofcrumbs@bellsouth.net] Sent: Tuesday, May 17, 2005
> 10:56 AM To: squid-users@squid-cache.org Subject: [squid-users] Squid
> behind a NAT/FW
>
>
> Greetings,
>
> I already have a machine at the gateway of my network performing NAT
> and FW tasks. I'd like to configure a proxy behind that machine in
> order to log/report user's web usage, control Internet access and
> possibly even schedule when the Internet is accessible and when it
> shouldn't be (i.e. allowing employees to only access the Internet
> during their lunch hours). From what I've read, it seems like Squid
> should help me in this quest.
>
> The problem is I haven't found too many documents on putting squid
> behind a FW. It seems like most focus on it being the actual NAT or
> gateway.
>
> Here's my questions:
>
> 1) Is it possible to run squid behind a FW?
>

Yes. Set the squid server up with unlimited access to the outside world (or
just tcp ports 80 and 443, perhaps a few others), and block all other
clients, hence "forcing" internet access through Squid. Special execptions
may have to be made for non supported applications (VOIP, Video
Teleconferencing, etc.).

> 2) Can you run Squid on one network card?
>

Yes. As far as I know, most Squid installations are only using one network
card.

> 3) If two network cards are required and it can run behind a FW,
> should the machine be setup just as a basic router (i.e.
> 192.168.1.0/25 to/from 192.168.1.128/25) before Squid is added?
>
> I appreciate any help you can provide.
>
> Thank you for your time,
>
> Joshua

Just set up a Squid caching proxy as you would without the firewall. Then
make sure that the squid proxy can resolve DNS, and make web requests.

Chris
Received on Tue May 17 2005 - 16:28:33 MDT