On Mon, 15 Jun 2009 11:47:46 -0300, João Kuchnier <joao.kuchnier@xxxxxxxxx> wrote: > Hi everyone! > > Today I'm running squid on firewall and it is very easy to manage. > Despite of that, we are trying to decentralize services and adding new > virtual machines on DMZ for each of the servers we need. > > I would like to know if you recommend to install Squid on DMZ, if it > is use to manage and how I could manage rules on firewall (we use > shorewall). I don't have any recommendations either way. The pros and cons balance out for most intents and purposes. If its working fine for you as-is then there really isn't anything to fix. If you do make the move, be aware that with interception the firewall will need to take into account the squid box IP and make exceptions. Also an added flow of traffic client->router->squid->router->internet which does not currently occur on the internal router interface. This effectively doubles or triples the internal HTTP traffic load on the router. Amos
