RE: [Q]Squid and internal mail/web?

From: Mark Bainter <mark@dont-contact.us>
Date: Tue, 7 Jul 1998 12:34:13 -0500

What I was actually hoping to do was have IP masquerading on the linux
box, with squid doing proxy for the internal users, and then passing
through the necessary services. I'll look into the firewall product you
mentioned as it might do what I need. (I assume that ipfwadm doesn't
support this?) They have a *large* company, so IP masq'ing is preferred
to NAT. I appreciate the link and I'll be sure to check it out.

-----Original Message-----
From: Michael Pelletier [mailto:mikep@comshare.com]
Sent: Tuesday, July 07, 1998 12:10 PM
To: Mark Bainter
Cc: 'squid-users@ircache.net'
Subject: Re: [Q]Squid and internal mail/web?

On Tue, 7 Jul 1998, Mark Bainter wrote:

> I read through the faq quickly and didn't see the answer to this
> anywhere. I am considering quoting linux to a customer to solve their
> internet connectivity needs but I have a quick question about squid's
> abilities.
>
> Is it possible to allow incoming requests for mail/web through squid?
> i.e., can I set it up so that a user on the internet can try to
connect
> to www.proxyclient.com, where the name resolves to the proxy server,
but
> then, when the request hit's port 80 it translates the number to an
> internal ip address?

No, Squid's function is specialized as a caching proxy server, and it
does that one thing very well.

The functionality you seem to be looking for is provided in the TIS
firewall toolkit's "plug-gw" program, which makes a transparent
connection from port a on machine a to port b on machine b. It's
often used as an internal-to-external solution, but can just as
easily be used in the other direction. Check out
<http://www.tis.com/research/software/fwtk/index.html>

> Can a connection to Eth0 port 25 be translated/forwarded to a
connection
> to the int mail server's int mail server port 25?

You'd do this with plug-gw too.

You will also probably be interested in using Linux-based NAT (Network
Address Translation) software, where internal addresses are translated
to a valid external address by the internet gateway.

Don't worry about putting too much functionality on the box running
Squid unless you have a very high-volume environment. Squid doesn't
use much CPU time, and a $1,200 Pentium II 330MHz box with 256MB of
RAM can very easily juggle many other balls. And if you do bog down
such a box, it's time to get another IP address or two.

My own Squid server is running on a Pentium-133 with 256MB of memory,
handles about three quarters of a gig of traffic on weekdays for our
entire worldwide network, and also serves as the mail gateway, the
Usenet server, the external DNS server, the NTP server, and other
things, and doesn't break a sweat.

        -Mike Pelletier.
Received on Tue Jul 07 1998 - 10:27:09 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:04 MST