On Sun, 31 May 1998, Ricardo Kleemann wrote:
> plug-gw was suggested but it may not be ideal since it runs off inetd.
plug-gw -daemon
works for me, and the number of these running have bugger-all load on our
firewall machine (a lowend 486 ;) )
> Someone else mentioned tcpserver, and I'm confused as to whether tcpserver
> would work for what I need.
tcpserver (as far as I know) is kinda a inetd with limits? *shrug*
> Now I'm also hearing about masquerading...
Ok, you can have:
Firewalled Client -> Firewall -> Squid outside firewall -> Internet
or
Firewalled Clients -> Firewall running Squid -> Internet
or
Firewalled Clients -> Squid -> Firewall -> Squid -> Internet
Inside Outside
Firewall Firewall
(hmmm, squid inside logo? ;) )
With all of the above, the Firewall can play with the packets:
Invoke a plug-gw or equiv from inetd or equiv (per transaction hole)
Have a dedicated plug-gw or equiv passing connections through (permanent
hole)
Route blocking, ie the clients behind the firewall have real IPs, but are
not routed directly, but can reach the squid box (firewall does strict
routing)
Or finally, masquarading, where the firewall keeps track of each
packet/tcp stream, and makes it appear to be comming from the firewall
itself when its really coming from a machine behind the firewall.
That should give you a few ideas about what to do. Personally, plug-gw
-daemon works ;)
--==--
Bruce.
Its the simple things that matter.
Received on Mon Jun 01 1998 - 00:10:34 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:36 MST