[ILUG] SuSE 9 proxy and packet filtering
Anders Holm
aholm at amazon.com
Tue Sep 20 11:31:26 IST 2005
Chris Boyd said the following on 20/09/2005 11:18:
> Rather than setting the PIX to redirect traffic through the proxy I'm looking to set the proxy as default gateway and forward LAN traffic to PIX.
> Do I need two NIC's for this as well?
>>>>Niall O Broin <niall at linux.ie> 09/19/05 5:26 >>>
>
> On 19 Sep 2005, at 16:27, Chris Boyd wrote:
>
>>I've set up squid on SuSE 9 to filter internet traffic.
>>The server is behind a Cisco PIX firewall (515)
>>Can I then also enable packet forwarding and filter all traffic
>>through the same server and set it as default gateway for all hosts on
>>the network?
>
> You could, provided you had iptables configured correctly on that box.
> What exactly do you want to do? What do you mean by "filter all traffic
> through"?
> Niall
I think that what you are trying to say is that you want to use the
proxy server as the default gateway for all your networked hosts, and
the PIX as the default gateway then for the proxy server, correct??
Then I'd ask.. Why? The PIX is there to allow you to protect your
network, right? In doing the above you'll create a lot of extra
headaches for yourself as your network grows, needs change and so on.
Let the firewall be your gateway to the world, as it is supposed to be.
Put whatever systems you need to have accessible from the outside world
inside a DMZ and let the rest sit where they are, on the internal network.
In this way you can accommodate specific rules for specific host,
subnets whatever. Doing it your way, any rule you'd apply on the
firewall for the proxy server would automagically apply for all your
hosts on the internal network. Might not be what you'd want to do in all
cases.
//Anders
More information about the ILUG
mailing list