Depending on your setup you could do a few different things, as
suggested in the previous response you can have your squid box
internal and allow ONLY your squid box to communicate out to the
internet on the required ports (generally 80,443) this works well,
this also assumes your using a NAT firewall.
I have also set it up a few times to talk to squid on a bastion host,
this is only really possible with a software firewall, install squid
in chroot with no cache and only listening on the internal interfce of
your firewall, you can then point your internal squid machine to the
firewall (parent) this has worked really well for me in a few
different environments.
On Sun, 26 Sep 2004 21:40:57 -0700, Matt Alexander <lowbassman@gmail.com> wrote:
> I've read that Squid shouldn't be behind a firewall because it needs a
> direct connection. I'm assuming that this means that the Squid box
> must be dangling on the WAN with an Internet accessible IP address.
> Can someone explain the issues involved here?
>
> Why does it need a direct connection?
> What aspect of Squid doesn't work if it's behind a firewall that does NAT?
>
> Thanks,
> ~Matt
>
> --
> Get Firefox!
> http://www.mozilla.org/products/firefox/
>
Received on Sun Sep 26 2004 - 23:08:58 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:03 MDT