Re: [squid-users] firewall and squid

[Chris Wilcox]

I'm doing this on my home LAN but purely because I don't have the cash 
(pun?) to have seperate computers for the firewall and cache.  Still, 
there's nothing stopping you having a firewall in more than one place so you 
could run Squid from the DMZ but still have the squid box running it's own 
firewall to make sure everything is closed off other than say port 3128 so 
the only vulnerability on that box is likely to be Squid itself.

Still, my firewall is set up only to accept incoming connections that the 
LAN has initiated,so if someone port scans me they see only the ports I need 
to have open (eg http and smtp).  Works quite well really I reckon.

Regards,

nry


Fritz Mesedilla wrote:
>
> Hello! I'm quite new here.
>
> Would it be possible for me to have squid and a firewall on the same 
server? I'm concerned about security and also on budget.
>

 Theoretically, there is no problem.
 But I would advise agains it, also because of spurious port usage
 of squid when maintaining connections.
 One of the purposes of firewalls, is to control this.

 Also because of traffic generated , it will make the squid box
 'noticable' and prone to attack.
 Therefore our squid is on DMZ, behind firewall

 M.
_________________________________________________________________
Express yourself with cool emoticons - download MSN Messenger today! 
http://www.msn.co.uk/messenger