[ILUG] Squid and Firewall
Declan Grady
Declan.Grady at nuvotem.com
Thu Nov 29 12:20:54 GMT 2001
Mabye a silly question, but ...
I have squid running on a machine, auto-dialling to an isp successfully.
Now, security is my next target... I am looking at ipchains firewalling
rules, but I'm a bit confused about what local ip's to use.
Since my browsers will all be pointed to squid, do i need masquerading ?
i.e.
my local lan is all 192.168.0.xxx/255.255.255.0
squid is on 192.168.0.2
all my windows pc's point to 192.168.0.2 as the proxy server for all
prototcols.
Reading the http://www.linuxdoc.org/HOWTO/Firewall-HOWTO-8.html it does
state:
<quote>
## If you are using masquerading
# don't masq internal-internal traffic
/sbin/ipchains -A forward -s 192.1.2.0/24 -d 192.1.2.0/24 -j ACCEPT
# don't masq external interface direct
/sbin/ipchains -A forward -s 24.94.1.0/24 -d 0.0.0.0/0 -j ACCEPT
# masquerade all internal IP's going outside
/sbin/ipchains -A forward -s 192.1.2.0/24 -d 0.0.0.0/0 -j MASQ
</quote>
so do i need this in my firewall rules ?
Mabye I'm missing the point.
Thanks,
Declan
[NODIS]
More information about the ILUG
mailing list