Re: Squid server and Firewall

From: Graham Dunn <gdunn@dont-contact.us>
Date: Wed, 29 Mar 2000 06:35:21 -0800

I run squid in a similiar configuration (in DMZ). The load on my NAT box
(P90 running FreeBSD) hovers right around 0.01 with about 80 users. I
don't think you'd be lightening the load on your firewall any as all
those connections would still have to be made, regardless of what the
source IP was.

On Wed, Mar 29, 2000 at 09:38:43AM +0300, DANNY KHALIL wrote:
>
>
> We have the squid server located on the DMZ, meaning that internal
> users will have to go thru the firewall which does NAT to get to
> the squid proxy.
>
> I am thinking that this is not such a good idea, and maybe I should move
> the squid server to the internal network so that users will get
> to it before going thru the Firewall and the NAT deal. what do you
> think? would I be cutting down on delays and load on the firewall
> since the FW would be performing NAT on the squid IP only and not on
> any client trying to access the cache.
>
> any thoughts are appreciated.
>
> -Danny-

-- 
   gdunn@kurai.org	 Graham Dunn         || ||| | ||| |||| | |||| | 
    Key fingerprint = 3F 56 12 9B 8A E1 77 CB  F0 62 94 B0 93 06 1E 88
Received on Wed Mar 29 2000 - 07:42:36 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:52:28 MST