Thanks for your help! I manage how to configure rules on shorewall fixing squid on DMZ: http://www.shorewall.net/Shorewall_Squid_Usage.html In addition of HTTP traffic loading, this extra flow interfere on Internet browsing speed? João > > Hi everyone! > > > > Today I'm running squid on firewall and it is very easy to manage. > > Despite of that, we are trying to decentralize services and adding new > > virtual machines on DMZ for each of the servers we need. > > > > I would like to know if you recommend to install Squid on DMZ, if it > > is use to manage and how I could manage rules on firewall (we use > > shorewall). > > I don't have any recommendations either way. The pros and cons balance out > > for most intents and purposes. If its working fine for you as-is then there > > really isn't anything to fix. > > > > If you do make the move, be aware that with interception the firewall will > > need to take into account the squid box IP and make exceptions. Also an > > added flow of traffic client->router->squid->router->internet which does > > not currently occur on the internal router interface. This effectively > > doubles or triples the internal HTTP traffic load on the router. > > Amos João K.
