On Thu, 2005-10-20 at 20:16 +0200, Christoph Haas wrote:
> On Thursday 20 October 2005 19:04, Derrick MacPherson wrote:
> > I've gotten my authentication working as I want in my test environment,
> > I'm now looking to put my squid box into our production environment. I
> > am wondering if I can get some suggestions; what I was thinking of doing
> > is putting 3 nics in the box, one with an IP on the lan, the other 2 in
> > a bridge that I will put in between either our LAN and our firewall
> > (pix, hopefully to be replaced soon) OR our firewall and our internet
> > router.
> 
> That very much depends on your network setup. We run a DMZ topology which
> means:
> 
>  Internet
>     |
>  Firewall---DMZ
>     |
>    LAN
> 
> In that case we'd put the proxy in the DMZ with one interface. Multiple
> interfaces can quickly become a burden because you have to care about
> routing more than you probably want. This way the rules are simple...
> 
> LAN -> DMZ   Port 3128
> DMZ -> Internet Port 80 + 1024-65535
> 
> Besides you didn't tell which mode you plan to run Squid in. Forward?
> Interception? Reverse?
Our network looks like:
 
 Internet
    |
 Firewall---DMZ
    |
   LAN
We are wanting to either have a forward or interception proxy, though
I'm unsure of the reasons for choosing one over the other, can someone
explain that to me?
Received on Thu Oct 20 2005 - 15:01:26 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:05 MST