Joe Tseng wrote:
I am working on setting up a test network using a squid proxy connected to a firewall (proxy and firewall are both Linux). Can anyone tell me what are best practices for setting up the proxy to be transparent? Currently I have my proxy to the firewall sitting in a DMZ isolated from both the intranet and external network. I was hoping to have the traffic flow as such (but it's not quite working right):
webclient -> firewall -> proxy -> firewall -> webserver
webserver -> firewall -> proxy -> firewall -> webclient
Is this even the right way to go about doing this? If not what is?
All of mine have Squid in the path between clients and the Internet.
"best practice" means to have Squid in a box with sufficient capacity.
In my cases, that means enough disk space. My setups have the firewall
and Squid being the same box, but that's a convenience thing, and you do
need a firewall of some kind to force the transparent proxy. If it's
convenient to put the squid box in the path as I do, then that's the way
to do it.
Security considerations might mandate a separate box, some of the data
cached may be sensitive.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
