On Fri, 16 Mar 2001 10:32:52 -0800, you wrote:
>I would find an old pci machine, and use that as the "equalizing" machine.
>You can have the proxy behind that, and have the eq box send the connections
>needing proxying to the squid box.
>
>Are you using the eq box as a firewall too? Under best conditions, the only
>open service on the firewall would be ssh or none.
This is a bit paranoid for a little LAN: almost all our employers
have few computer skills and the ones with some "computers' control"
are totally trusted. The untrusted world is out of the LAN, where
proxy service will be hidden (filtered). In addition both outgoing
routers are performing NAT so inherently we've got some extra
protection (it is virtually impossible to establish a connection from
out of the LAN into it).
Summarizing: although running a proxy, it should not be seen from the
outside.
By the way, your statement is very well known and generally it should
be taken into account if possible.
Regards.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
** RoMaN SoFt / LLFB **
roman@xxxxxxxxxx
http://pagina.de/romansoft
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
