Search squid archive

Re: Squid on DMZ

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 15 Jun 2009 11:47:46 -0300, João Kuchnier
<joao.kuchnier@xxxxxxxxx>
wrote:
> Hi everyone!
> 
> Today I'm running squid on firewall and it is very easy to manage.
> Despite of that, we are trying to decentralize services and adding new
> virtual machines on DMZ for each of the servers we need.
> 
> I would like to know if you recommend to install Squid on DMZ, if it
> is use to manage and how I could manage rules on firewall (we use
> shorewall).

I don't have any recommendations either way. The pros and cons balance out
for most intents and purposes. If its working fine for you as-is then there
really isn't anything to fix.

If you do make the move, be aware that with interception the firewall will
need to take into account the squid box IP and make exceptions. Also an
added flow of traffic client->router->squid->router->internet which does
not currently occur on the internal router interface. This effectively
doubles or triples the internal HTTP traffic load on the router.


Amos


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux