Re: [squid-users] firewall and squid

From: Anthony M. Rasat <anton@dont-contact.us>
Date: Wed, 27 Aug 2003 17:07:10 +0700

Hi Fritz,

I believe that it would be much depending on how is your network configured.
You don't really need a firewall application running in the same machine as
your http cache if you have a dedicated firewall protecting your network :
better to re-fine tune that firewall instead of giving an extra load on your
http cache machine.

However a real life example is here with me : I'm running Squid-2.5.STABLE3
in the same machine that configured as DMZ-style firewall, 3 network
interface - to internal network, to optional (behind firewall but
transparent to users in internet since it uses internet IP address) and
internet interface. It firewalls connections from internet but at the same
time caches http objects. Of course it doesn't act as DNS server since that
would propagate a security concern.

It has been up since - errm, I lost count - around nine months ago. The
hardware isn't impressive either, it's just a Pentium 4 1.6 GHz with 128MB
RAM and (sadly) IDE drive 20 GB running Slackware 8.1 kernel 2.4.20. Enough
for a network with under 50 hosts.

You will only need to concern about two things : a) your firewall rules
should not block name services (destination port 53 on TCP and/or UDP,
depending on your setup), and b) your firewall rules should not block your
http cache's http port (source port 3128 or 8080, depending on your setup).

Regards,

Anthony M. Rasat
PT. Kalteng Pos Press
Palangkaraya - Indonesia.-

----- Original Message -----
From: "Fritz Mesedilla" <fritz.mesedilla@overturemedia.com>
To: <squid-users@squid-cache.org>
Sent: Wednesday, August 27, 2003 11:45 AM
Subject: [squid-users] firewall and squid

Hello! I'm quite new here.

Would it be possible for me to have squid and a firewall on the same server?
I'm concerned about security and also on budget.

Thanks in advance.

Fritz Mesedilla

---
+ Basta Ikaw Lord
----------------------------------------------------------------------
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the sender immediately by e-mail and delete this e-mail from your
system. Please note that any views or opinions presented in this
email are solely those of the author and do not necessarily represent
those of the company. Finally, the recipient should check this email
and any attachments for the presence of viruses. The company accepts
no liability for any damage caused by any virus transmitted by this
email.
Overture Media, Inc.
Direct Line: (632) 635-4785
Trunkline:   (632) 631-8971 Local 146
Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave.,
Quezon City 1100
Received on Wed Aug 27 2003 - 04:02:31 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:19:08 MST