[ILUG] Squid and Firewall
Declan.Grady at nuvotem.com
Thu Nov 29 12:20:54 GMT 2001
Mabye a silly question, but ...
I have squid running on a machine, auto-dialling to an isp successfully.
Now, security is my next target... I am looking at ipchains firewalling
rules, but I'm a bit confused about what local ip's to use.
Since my browsers will all be pointed to squid, do i need masquerading ?
my local lan is all 192.168.0.xxx/255.255.255.0
squid is on 192.168.0.2
all my windows pc's point to 192.168.0.2 as the proxy server for all
Reading the http://www.linuxdoc.org/HOWTO/Firewall-HOWTO-8.html it does
## If you are using masquerading
# don't masq internal-internal traffic
/sbin/ipchains -A forward -s 22.214.171.124/24 -d 126.96.36.199/24 -j ACCEPT
# don't masq external interface direct
/sbin/ipchains -A forward -s 188.8.131.52/24 -d 0.0.0.0/0 -j ACCEPT
# masquerade all internal IP's going outside
/sbin/ipchains -A forward -s 184.108.40.206/24 -d 0.0.0.0/0 -j MASQ
so do i need this in my firewall rules ?
Mabye I'm missing the point.
More information about the ILUG