ES is running on a server between a Cisco Firewall and a cluster of MS virtual name servers and other functions. Your article "Transparent proxy with Squid" addresses our configuration with one exception. An elegant solution in our application would be for Squid to receive all external requests from the Internet on one IP network adapter (IP address 1), and forward them on the second (IP address 2). Internal requests to the Internet would initiate on the second and forward out on the first. This configuration would require all external traffic to go through the proxy. We have several ranges of ports that we wish to pass on a one-for-one basis. The are also a number of traffic types (FTP, HTTPS, SNTP, SMTP, Digest mode authentications, etc.). We could declare "acl Safe_ports" but those are well handled by the Cisco firewall. Can you provide additional configuration suggestions to implement this configuration? We realize that this is not the most secure implementation of RH, but in our case, all of the protected data resides on secure MS servers. We are implementing in this manner to prevent successive hacks though a series of MS machines. Going through a buffered proxy in Linux should make it significantly more difficult to exploit a MS security hole. Thanks Regards, Komal -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
