FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 12-05-2007, 07:30 PM
"Joe Tseng"
 
Default Setting up a transparent proxy

I am working on setting up a test network
using*a squid proxy*connected to a firewall (proxy and firewall are
both Linux).* Can anyone tell me what are best practices for setting up the
proxy to be transparent?* Currently I have my proxy to the firewall sitting
in a DMZ isolated from both the intranet and external network.* I was
hoping to have the traffic flow as such (but it's not quite working
right):
*
webclient -> firewall -> proxy ->
firewall -> webserver
webserver -> firewall -> proxy ->
firewall -> webclient
*
Is this even the right way to go about doing
this?* If not what is?
*
thx,
*
*- Joe
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 12-05-2007, 09:22 PM
John Summerfield
 
Default Setting up a transparent proxy

Joe Tseng wrote:

I am working on setting up a test network using a squid proxy connected to a firewall (proxy and firewall are both Linux). Can anyone tell me what are best practices for setting up the proxy to be transparent? Currently I have my proxy to the firewall sitting in a DMZ isolated from both the intranet and external network. I was hoping to have the traffic flow as such (but it's not quite working right):

webclient -> firewall -> proxy -> firewall -> webserver
webserver -> firewall -> proxy -> firewall -> webclient

Is this even the right way to go about doing this? If not what is?



All of mine have Squid in the path between clients and the Internet.

"best practice" means to have Squid in a box with sufficient capacity.
In my cases, that means enough disk space. My setups have the firewall
and Squid being the same box, but that's a convenience thing, and you do
need a firewall of some kind to force the transparent proxy. If it's
convenient to put the squid box in the path as I do, then that's the way
to do it.


Security considerations might mandate a separate box, some of the data
cached may be sensitive.



--

Cheers
John

-- spambait
1aaaaaaa@coco.merseine.nu Z1aaaaaaa@coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

You cannot reply off-list:-)

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 12:58 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org