On Thursday 20 October 2005 19:04, Derrick MacPherson wrote:
> I've gotten my authentication working as I want in my test environment,
> I'm now looking to put my squid box into our production environment. I
> am wondering if I can get some suggestions; what I was thinking of doing
> is putting 3 nics in the box, one with an IP on the lan, the other 2 in
> a bridge that I will put in between either our LAN and our firewall
> (pix, hopefully to be replaced soon) OR our firewall and our internet
> router.
That very much depends on your network setup. We run a DMZ topology which
means:
Internet
|
Firewall---DMZ
|
LAN
In that case we'd put the proxy in the DMZ with one interface. Multiple
interfaces can quickly become a burden because you have to care about
routing more than you probably want. This way the rules are simple...
LAN -> DMZ Port 3128
DMZ -> Internet Port 80 + 1024-65535
Besides you didn't tell which mode you plan to run Squid in. Forward?
Interception? Reverse?
Kind Regards
Christoph
-- ~ ~ ".signature" [Modified] 1 line --100%-- 1,48 AllReceived on Thu Oct 20 2005 - 12:16:35 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Nov 01 2005 - 12:00:04 MST