On Tue, 16 Jun 2009 08:43:29 -0300, JoĆ£o Kuchnier
<joao.kuchnier_at_gmail.com>
wrote:
> Thanks for your help!
>
> I manage how to configure rules on shorewall fixing squid on DMZ:
> http://www.shorewall.net/Shorewall_Squid_Usage.html
>
> In addition of HTTP traffic loading, this extra flow interfere on
> Internet browsing speed?
Some small transfer time increase. But nothing serious unless it causes a
full bandwidth pipe.
Just be aware of it in your network design and monitoring (some graphs can
show 'huge' mysterious jump in bandwidth when its turned on).
Amos
>
> JoĆ£o
>
>> > Hi everyone!
>> >
>> > Today I'm running squid on firewall and it is very easy to manage.
>> > Despite of that, we are trying to decentralize services and adding new
>> > virtual machines on DMZ for each of the servers we need.
>> >
>> > I would like to know if you recommend to install Squid on DMZ, if it
>> > is use to manage and how I could manage rules on firewall (we use
>> > shorewall).
>
>> > I don't have any recommendations either way. The pros and cons balance
>> > out
>> > for most intents and purposes. If its working fine for you as-is then
>> > there
>> > really isn't anything to fix.
>> >
>> > If you do make the move, be aware that with interception the firewall
>> > will
>> > need to take into account the squid box IP and make exceptions. Also
an
>> > added flow of traffic client->router->squid->router->internet which
>> > does
>> > not currently occur on the internal router interface. This effectively
>> > doubles or triples the internal HTTP traffic load on the router.
>
>> > Amos
>
> JoĆ£o K.
Received on Wed Jun 17 2009 - 03:16:17 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 17 2009 - 12:00:04 MDT