RE: [squid-users] Basic Config Question

I run squid in a DMZ and have no problem getting usage information from it. The only issue I could see a firewall causing is if your firewall is using NAT (Network Address Translation) or PAT (Port Address Translation), you could not determine which machine the request came from, unless you look fast enough while the firewall still has the translation defined. In our case the inside hosts are exempted from translation when accessing the Squid server, however these are DHCP addresses, so they don't really mean to much, as the PC that received that address can change. Basically it really depends on the firewall, its configuration and which usage information you want as to whether or not it would cause a problem. If you do bypass the firewall, I would recommend installing a software based firewall, or using one already built-in to your Squid host operating system to protect your Squid server.

If this is indeed the point your consult was trying to make, I must agree with Squidly, you may need a better consultant, he/she should have been easily able to explain this as the reason.

Thanks,
     Dean Weimer
     Network Administrator
     Orscheln Management Co.

-----Original Message-----
From: Joel Jaeggli [mailto:joelja_at_bogus.com]
Sent: Thursday, May 29, 2008 11:24 AM
To: Squidly
Cc: squid-users_at_squid-cache.org
Subject: Re: [squid-users] Basic Config Question

Squidly wrote:
> I have a consultant telling me that I need to have my squid server
> dual homed and bypassing my firewall for squid to be able to properly
> report usage. Is this the case? Is there some other reason this config
> is required?

reporting and connectivity are separate issues.

measuring octets between the cache and the internet and the cache and
the clients ought to be easy enough, or you need a better consultant.
Received on Thu May 29 2008 - 19:24:03 MDT