[ILUG] Squid and Firewall
Declan Grady
Declan.Grady at nuvotem.com
Thu Nov 29 16:56:08 GMT 2001
Thanks Paul.
Another Q ... When I use a windows client to my squid proxy, squid seems to
dial up, even though it has the requested page(s) in the cache.
i.e. I use google a lot, and have it set as my default page in ie5.
When I start ie5, and watch the log, it dials up straight away, even though
I was just on google a few mins ago.
Is it dns thats causing the dialup ?
Should I do a local caching nameserver to solve this prob ?
Cheers.
Declan
[NODIS]
----- Original Message -----
From: "Paul Kelly" <longword at esatclear.ie>
Sent: Thursday, November 29, 2001 2:46 PM
Subject: Re: [ILUG] Squid and Firewall
> Declan Grady wrote:
>
> > Now, security is my next target... I am looking at ipchains firewalling
> > rules, but I'm a bit confused about what local ip's to use.
> >
> > Since my browsers will all be pointed to squid, do i need masquerading ?
>
>
> No need to use masquerading at all if you only intend your clients to
> have internet access exclusively through Squid, and your firewall should
> not be doing any packet routing at all ( echo "0"
> >/proc/sys/net/ipv4/ip_forward )
>
> You should look into using iptables with a 2.4 kernel rather than
> ipchains - iptables looks a little harder but works out way easier.
>
> Paul.
>
More information about the ILUG
mailing list