> -----Original Message----- From: colonyofcrumbs@xxxxxxxxxxxxx > [mailto:colonyofcrumbs@xxxxxxxxxxxxx] Sent: Tuesday, May 17, 2005 > 10:56 AM To: squid-users@xxxxxxxxxxxxxxx Subject: [squid-users] Squid > behind a NAT/FW > > > Greetings, > > I already have a machine at the gateway of my network performing NAT > and FW tasks. I'd like to configure a proxy behind that machine in > order to log/report user's web usage, control Internet access and > possibly even schedule when the Internet is accessible and when it > shouldn't be (i.e. allowing employees to only access the Internet > during their lunch hours). From what I've read, it seems like Squid > should help me in this quest. > > The problem is I haven't found too many documents on putting squid > behind a FW. It seems like most focus on it being the actual NAT or > gateway. > > Here's my questions: > > 1) Is it possible to run squid behind a FW? > Yes. Set the squid server up with unlimited access to the outside world (or just tcp ports 80 and 443, perhaps a few others), and block all other clients, hence "forcing" internet access through Squid. Special execptions may have to be made for non supported applications (VOIP, Video Teleconferencing, etc.). > 2) Can you run Squid on one network card? > Yes. As far as I know, most Squid installations are only using one network card. > 3) If two network cards are required and it can run behind a FW, > should the machine be setup just as a basic router (i.e. > 192.168.1.0/25 to/from 192.168.1.128/25) before Squid is added? > > I appreciate any help you can provide. > > Thank you for your time, > > Joshua Just set up a Squid caching proxy as you would without the firewall. Then make sure that the squid proxy can resolve DNS, and make web requests. Chris
