On Tue, 16 Jun 2009 08:43:29 -0300, João Kuchnier <joao.kuchnier@xxxxxxxxx> wrote: > Thanks for your help! > > I manage how to configure rules on shorewall fixing squid on DMZ: > http://www.shorewall.net/Shorewall_Squid_Usage.html > > In addition of HTTP traffic loading, this extra flow interfere on > Internet browsing speed? Some small transfer time increase. But nothing serious unless it causes a full bandwidth pipe. Just be aware of it in your network design and monitoring (some graphs can show 'huge' mysterious jump in bandwidth when its turned on). Amos > > João > >> > Hi everyone! >> > >> > Today I'm running squid on firewall and it is very easy to manage. >> > Despite of that, we are trying to decentralize services and adding new >> > virtual machines on DMZ for each of the servers we need. >> > >> > I would like to know if you recommend to install Squid on DMZ, if it >> > is use to manage and how I could manage rules on firewall (we use >> > shorewall). > >> > I don't have any recommendations either way. The pros and cons balance >> > out >> > for most intents and purposes. If its working fine for you as-is then >> > there >> > really isn't anything to fix. >> > >> > If you do make the move, be aware that with interception the firewall >> > will >> > need to take into account the squid box IP and make exceptions. Also an >> > added flow of traffic client->router->squid->router->internet which >> > does >> > not currently occur on the internal router interface. This effectively >> > doubles or triples the internal HTTP traffic load on the router. > >> > Amos > > João K.
