Re: [squid-users] Squid setup questions

From: Tek Bahadur Limbu <teklimbu@dont-contact.us>
Date: Wed, 19 Sep 2007 12:05:38 +0545

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Antonio,

On Tue, 18 Sep 2007 17:00:25 -0400
"Antonio Pereira" <apereira@duocom.ca> wrote:

> Ok Great.
>
> I have a hardware based firewall.
>
> What setup in the way of the squid box is best physically take the cable
> from the firewall and put 2 nics on the squid box and plug 1 nic to the
> firewall and the other to the backbone switch. Or just use 1 nic on the
> squid box and put a rule in the firewall to allow only outbound http
> traffic from the squid box.
> Right now everyone defaults to the firewall and all http traffic goes
> out to the internet. We also have VPN and web and ssl traffic coming is
> from inbound http.

I think the best layout would be to put 2 NIC cards on the Squid box. Like you said, plug the 1st cable to the firewall and the 2nd cable to your backbone switch where the 4 other sites connect.

The following diagram may represent the simple layout.

                         
                             Internet
                                |
                                |
                                |
                   Transparent Squid Bridge Box
                                |
                                |
                        Backbone Switch
                                |
                                |
        -------------------------------------------------
        | | | |
        | | | |
      Site1 Site2 Site3 Site4

I would like the Squid box to run in transparent bridging mode. This way, you don't have to change anything on your network. Furthermore if your Squid box should go down, which is unlikely, you just reconnect the cable from your backbone switch to your firewall and everything becomes normal again!

Since we won't be running any firewall except for intercepting web requests to Squid's port, your VPN and SSL traffic should not get hampered.

In fact, I am using this setup on a Debian shaper box and so far it is working great.

Hope it helps.

Thanking you...

>
> Thanks again
>
> -----Original Message-----
> From: Tek Bahadur Limbu [mailto:teklimbu@wlink.com.np]
> Sent: Tuesday, September 18, 2007 4:13 PM
> To: Antonio Pereira
> Cc: squid-users@squid-cache.org
> Subject: Re: [squid-users] Squid setup questions
>
> Hi Antonio,
>
> Antonio Pereira wrote:
> > Hello,
> >
> > I have pretty much redundant question but I would like some opinions
> > before I venture into this possible solution.
> >
> > I have 4 sites on an MPLS network that access the internet via 1
> > location, at this 1 location there is already a firewall. What I would
> > like to do is start blocking web sites and start block web traffic.
> >
> > What is the best setup with squid for this type of setup? What
> documents
> > should I read for this type of setup?
>
> Not sure about MPLS networking. However, in your case, it should be
> simple. Just run Squid transparently on the gateway (firewall) from
> where all 4 sites gets access to the internet.
>
> Adding SquidGuard or DansGuardian or even custom ACLs will provide you
> with all the web blocking functionalities.
>
> Thanking you...
>
>
> >
> > Thanks in advance
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
>
> With best regards and good wishes,
>
> Yours sincerely,
>
> Tek Bahadur Limbu
>
> System Administrator
>
> (TAG/TDG Group)
> Jwl Systems Department
>
> Worldlink Communications Pvt. Ltd.
>
> Jawalakhel, Nepal
>
> http://www.wlink.com.np
>
>
>

- --

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

System Administrator

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal
http://wlink.com.np/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)

iD8DBQFG8L+zfpE0pz+xqQQRAg/rAJ4sgpGJzJr+snPl3H7CAleqqWE7nwCgq+g4
0MkQ4qe+lfsTRoAMKwIITio=
=Sobk
-----END PGP SIGNATURE-----
Received on Wed Sep 19 2007 - 00:21:13 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT