> On Aug 8, 2006, at 11:11 AM, Gary W. Smith wrote:
> >We have ours behind so the squid server gets the protection of the
> >firewall. We then use the firewall for transparent proxing of
> >requests.
> >That is, we don't let anything go out port 80 unless the request is
> >from
> >squid server. All traffic destined for port 80 is then redirected to
> >the squid server/port.
On 08.08.06 20:40, donovan wrote:
> so you're using the second method.
> Thats what i figured was the best option. I'm currently using that
> method, but exploring with redundancy between two pix's. I was
> wondering if anyone had any experience with the other two
> configurations?
It's possible - many people run servers in "demilitarised zones", but I
think having squid on the same network than clients gives you ability to
better control who accesses it, e.g. using ident lookups, see their IP
addresses/DNS names, HW addresses or using things like ntlm authentication.
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents DeseaseReceived on Wed Aug 09 2006 - 06:06:44 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:02 MDT