Re: Squid behind Firewall, Ipchains

From: Martin Brooks <martin@dont-contact.us>
Date: Fri, 25 Feb 2000 07:27:39 +0000

Relinghaus@aol.com wrote:
>
> Proxying works fine until I start the Firewall (ipchains). Squid cannot
> directly access
> the outside world any longer because only a few ports are allowed by the
> firewall. I cannot use never_direct because I don't run a parent cache. How
> do I configure squid/ipchains without tearing down my firewall?

All you have to do it to add two ipchains rules. One that allows your
users to talk to squid and one that allows squid to talk to the outside
world. A neat bandwidth saving trick is to block outgoing access to
port 80, 8080, 81 etc so all your users are forced to go via the proxy.

See the IPChains HOWTO for detailed information - it's an excellent
read.

-- 
Martin Brooks, Systems Administrator
martin@gointernet.co.uk
---------------------------
Go Internet Ltd
36 Gloucester Avenue
NW1 7BB London UK
Phone +44-(0)20-7419 0001
Fax +44-(0)20-7419 6519
Received on Fri Feb 25 2000 - 00:38:43 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:34 MST