On Mon, 17 Oct 2011 08:27:20 -0700, - Mikael - wrote:
Amos,
What are the benefits of having Squid on the LAN?
Our firewall (Sonicwall NSA) explicitly forbids proxies on the LAN
for
some reason.
The firewall will forward all traffic to Squid only if its on public
IP address.
This is how we are setup right now:
(LAN) -> (Sonicwall firewall, NAT, DPI, DHCP) -> (Squid) -> WWW
WAN routing is done by the ISP's router that's on site.
Latency from LAN to Squid box is <1ms.
It is closer to the clients. With usually faster internal bandwidth
available for HIT responses from the cache. That is pretty much all the
benefits of being on the LAN, all other benefits are available on the
WAN as well.
We were not talking about LAN vs WAN though. NAT does not matter where
Squid sits. The only difference to NAT is what the bypass rule syntax
looks like. For Squid on the LAN you bypass the proxy IP or MAC or NIC.
For Squid on the WAN you bypass all of port 80 traffic (routing to the
proxy for NATing).
Amos
