On Aug 8, 2006, at 11:11 AM, Gary W. Smith wrote:
We have ours behind so the squid server gets the protection of the
firewall. We then use the firewall for transparent proxing of
requests.
That is, we don't let anything go out port 80 unless the request is
from
squid server. All traffic destined for port 80 is then redirected to
the squid server/port.
thanks for the reply
so you're using the second method.
Thats what i figured was the best option. I'm currently using that
method, but exploring with redundancy between two pix's. I was
wondering if anyone had any experience with the other two
configurations?
-----Original Message-----
From: donovan [mailto:donovan@xxxxxxxxxxxxxx]
Sent: Tuesday, August 08, 2006 6:57 AM
To: squid-users@xxxxxxxxxxxxxxx
Subject: place squid before or after firewall
greetings
I have a new cisco pix 525 and i would like to setup squid /
squidguard for transparent filtering.
Should i place squid on the inside of the pix or the outside? or can
i create a 3rd interface specifically for filtering?
#1
user ---> [ pix nat] --[ squid/squidguard] --[router] --inet
or
#2
user --->[squid/squidguard] --[pix nat ] --[router] -- inet
or
#3
user --[ pix ] -- [router] - inet
|
|
{ squid /squidguard }
your comments and flames welcome :)
--jeff
