On Aug 8, 2006, at 11:11 AM, Gary W. Smith wrote:
> We have ours behind so the squid server gets the protection of the
> firewall. We then use the firewall for transparent proxing of
> requests.
> That is, we don't let anything go out port 80 unless the request is
> from
> squid server. All traffic destined for port 80 is then redirected to
> the squid server/port.
>
>
thanks for the reply
so you're using the second method.
Thats what i figured was the best option. I'm currently using that
method, but exploring with redundancy between two pix's. I was
wondering if anyone had any experience with the other two
configurations?
>
> -----Original Message-----
> From: donovan [mailto:donovan@beth.k12.pa.us]
> Sent: Tuesday, August 08, 2006 6:57 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] place squid before or after firewall
>
> greetings
>
> I have a new cisco pix 525 and i would like to setup squid /
> squidguard for transparent filtering.
>
> Should i place squid on the inside of the pix or the outside? or can
> i create a 3rd interface specifically for filtering?
>
#1
> user ---> [ pix nat] --[ squid/squidguard] --[router] --inet
>
> or
>
#2
> user --->[squid/squidguard] --[pix nat ] --[router] -- inet
>
> or
>
#3
> user --[ pix ] -- [router] - inet
> |
> |
> { squid /squidguard }
>
>
> your comments and flames welcome :)
>
> --jeff
>
>
>
Received on Tue Aug 08 2006 - 18:40:33 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:02 MDT