Enhancement in Transparent proxy setup

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ES is running on a server between a Cisco Firewall and a cluster of MS
virtual name servers and other functions. Your article "Transparent
proxy with Squid" addresses our configuration with one exception. An
elegant solution in our application would be for Squid to receive all
external requests from the Internet on one IP network adapter (IP
address 1), and forward them on the second (IP address 2). Internal
requests to the Internet would initiate on the second and forward out on
the first. This configuration would require all external traffic to go
through the proxy. We have several ranges of ports that we wish to pass
on a one-for-one basis. The are also a number of traffic types (FTP,
HTTPS, SNTP, SMTP, Digest mode authentications, etc.). We could declare
"acl Safe_ports" but those are well handled by the Cisco firewall. Can
you provide additional configuration suggestions to implement this
configuration? We realize that this is not the most secure
implementation of RH, but in our case, all of the protected data resides
on secure MS servers. We are implementing in this manner to prevent
successive hacks though a series of MS machines. Going through a
buffered proxy in Linux should make it significantly more difficult to
exploit a MS security hole.

Thanks

Regards,

Komal

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux