RE: [squid-users] firewall and squid

Thank you for the suggestion. I'll check that out.

Fritz Mesedilla

---
+ Basta Ikaw Lord
> -----Original Message-----
> From: Sommariva Graziano [mailto:Graziano.Sommariva@elsag.it]
> Sent: Wednesday, August 27, 2003 3:36 PM
> To: 'Chris Wilcox'; squid-users@squid-cache.org
> Subject: RE: [squid-users] firewall and squid
> 
> 
> Instruct Squid to Run Only On Internal IP, Disbale ICP and 
> all other NOT
> Used Squid Stuff.
> 
> Ciao
> 
> Graziano Sommariva
> phone: +39-010-658.3921
> fax: +39-010-658.5.3921
> mobile: +39-348-8558742
> mailto: Graziano.Sommariva@Elsag.it 
> 
> Network Manager
> TLC - Telecomunicazioni
> SSC - Service Unit Servizi Continuativi
> Elsag S.p.A.
> 
> 
> 
> -----Original Message-----
> From: Chris Wilcox [mailto:not_rich_yet@hotmail.com]
> Sent: Wednesday, August 27, 2003 9:26 AM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] firewall and squid
> 
> 
> I'm doing this on my home LAN but purely because I don't have 
> the cash 
> (pun?) to have seperate computers for the firewall and cache.  Still, 
> there's nothing stopping you having a firewall in more than 
> one place so you
> 
> could run Squid from the DMZ but still have the squid box 
> running it's own 
> firewall to make sure everything is closed off other than say 
> port 3128 so 
> the only vulnerability on that box is likely to be Squid itself.
> 
> Still, my firewall is set up only to accept incoming 
> connections that the 
> LAN has initiated,so if someone port scans me they see only 
> the ports I need
> 
> to have open (eg http and smtp).  Works quite well really I reckon.
> 
> Regards,
> 
> nry
> >
> >
> >
> >Fritz Mesedilla wrote:
> > >
> > > Hello! I'm quite new here.
> > >
> > > Would it be possible for me to have squid and a firewall 
> on the same 
> >server? I'm concerned about security and also on budget.
> > >
> >
> >  Theoretically, there is no problem.
> >  But I would advise agains it, also because of spurious port usage
> >  of squid when maintaining connections.
> >
> >  One of the purposes of firewalls, is to control this.
> >
> >  Also because of traffic generated , it will make the squid box
> >  'noticable' and prone to attack.
> >
> >  Therefore our squid is on DMZ, behind firewall
> >
> >  M.
> 
> _________________________________________________________________
> Express yourself with cool emoticons - download MSN Messenger today! 
> http://www.msn.co.uk/messenger
> 
----------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately by e-mail and delete this e-mail from your
system. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent
those of the company. Finally, the recipient should check this email
and any attachments for the presence of viruses. The company accepts
no liability for any damage caused by any virus transmitted by this
email. 
Overture Media, Inc.
Direct Line: (632) 635-4785
Trunkline:   (632) 631-8971 Local 146
Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 1100