On Thu, 2005-10-20 at 20:16 +0200, Christoph Haas wrote:
> On Thursday 20 October 2005 19:04, Derrick MacPherson wrote:
> > I've gotten my authentication working as I want in my test environment,
> > I'm now looking to put my squid box into our production environment. I
> > am wondering if I can get some suggestions; what I was thinking of doing
> > is putting 3 nics in the box, one with an IP on the lan, the other 2 in
> > a bridge that I will put in between either our LAN and our firewall
> > (pix, hopefully to be replaced soon) OR our firewall and our internet
> > router.
>
> That very much depends on your network setup. We run a DMZ topology which
> means:
>
> Internet
> |
> Firewall---DMZ
> |
> LAN
>
> In that case we'd put the proxy in the DMZ with one interface. Multiple
> interfaces can quickly become a burden because you have to care about
> routing more than you probably want. This way the rules are simple...
>
> LAN -> DMZ Port 3128
> DMZ -> Internet Port 80 + 1024-65535
>
> Besides you didn't tell which mode you plan to run Squid in. Forward?
> Interception? Reverse?
Our network looks like:
Internet
|
Firewall---DMZ
|
LAN
We are wanting to either have a forward or interception proxy, though
I'm unsure of the reasons for choosing one over the other, can someone
explain that to me?
