> On Aug 8, 2006, at 11:11 AM, Gary W. Smith wrote: > >We have ours behind so the squid server gets the protection of the > >firewall. We then use the firewall for transparent proxing of > >requests. > >That is, we don't let anything go out port 80 unless the request is > >from > >squid server. All traffic destined for port 80 is then redirected to > >the squid server/port. On 08.08.06 20:40, donovan wrote: > so you're using the second method. > Thats what i figured was the best option. I'm currently using that > method, but exploring with redundancy between two pix's. I was > wondering if anyone had any experience with the other two > configurations? It's possible - many people run servers in "demilitarised zones", but I think having squid on the same network than clients gives you ability to better control who accesses it, e.g. using ident lookups, see their IP addresses/DNS names, HW addresses or using things like ntlm authentication. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
