Hi Fritz,
I believe that it would be much depending on how is your network configured.
You don't really need a firewall application running in the same machine as
your http cache if you have a dedicated firewall protecting your network :
better to re-fine tune that firewall instead of giving an extra load on your
http cache machine.
However a real life example is here with me : I'm running Squid-2.5.STABLE3
in the same machine that configured as DMZ-style firewall, 3 network
interface - to internal network, to optional (behind firewall but
transparent to users in internet since it uses internet IP address) and
internet interface. It firewalls connections from internet but at the same
time caches http objects. Of course it doesn't act as DNS server since that
would propagate a security concern.
It has been up since - errm, I lost count - around nine months ago. The
hardware isn't impressive either, it's just a Pentium 4 1.6 GHz with 128MB
RAM and (sadly) IDE drive 20 GB running Slackware 8.1 kernel 2.4.20. Enough
for a network with under 50 hosts.
You will only need to concern about two things : a) your firewall rules
should not block name services (destination port 53 on TCP and/or UDP,
depending on your setup), and b) your firewall rules should not block your
http cache's http port (source port 3128 or 8080, depending on your setup).
Regards,
Anthony M. Rasat
PT. Kalteng Pos Press
Palangkaraya - Indonesia.-
----- Original Message -----
From: "Fritz Mesedilla" <fritz.mesedilla@overturemedia.com>
To: <squid-users@squid-cache.org>
Sent: Wednesday, August 27, 2003 11:45 AM
Subject: [squid-users] firewall and squid
Hello! I'm quite new here.
Would it be possible for me to have squid and a firewall on the same server?
I'm concerned about security and also on budget.
Thanks in advance.
Fritz Mesedilla
--- + Basta Ikaw Lord ---------------------------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately by e-mail and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Overture Media, Inc. Direct Line: (632) 635-4785 Trunkline: (632) 631-8971 Local 146 Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 1100Received on Wed Aug 27 2003 - 04:02:31 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:08 MST