Re: [squid-users] Squid on DMZ

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 16 Jun 2009 11:59:45 +1200

On Mon, 15 Jun 2009 11:47:46 -0300, JoĆ£o Kuchnier
<joao.kuchnier_at_gmail.com>
wrote:
> Hi everyone!
>
> Today I'm running squid on firewall and it is very easy to manage.
> Despite of that, we are trying to decentralize services and adding new
> virtual machines on DMZ for each of the servers we need.
>
> I would like to know if you recommend to install Squid on DMZ, if it
> is use to manage and how I could manage rules on firewall (we use
> shorewall).

I don't have any recommendations either way. The pros and cons balance out
for most intents and purposes. If its working fine for you as-is then there
really isn't anything to fix.

If you do make the move, be aware that with interception the firewall will
need to take into account the squid box IP and make exceptions. Also an
added flow of traffic client->router->squid->router->internet which does
not currently occur on the internal router interface. This effectively
doubles or triples the internal HTTP traffic load on the router.

Amos
Received on Mon Jun 15 2009 - 23:59:51 MDT

This archive was generated by hypermail 2.2.0 : Tue Jun 16 2009 - 12:00:03 MDT