Hi Fritz, I believe that it would be much depending on how is your network configured. You don't really need a firewall application running in the same machine as your http cache if you have a dedicated firewall protecting your network : better to re-fine tune that firewall instead of giving an extra load on your http cache machine.
However a real life example is here with me : I'm running Squid-2.5.STABLE3 in the same machine that configured as DMZ-style firewall, 3 network interface - to internal network, to optional (behind firewall but transparent to users in internet since it uses internet IP address) and internet interface. It firewalls connections from internet but at the same time caches http objects. Of course it doesn't act as DNS server since that would propagate a security concern. It has been up since - errm, I lost count - around nine months ago. The hardware isn't impressive either, it's just a Pentium 4 1.6 GHz with 128MB RAM and (sadly) IDE drive 20 GB running Slackware 8.1 kernel 2.4.20. Enough for a network with under 50 hosts. You will only need to concern about two things : a) your firewall rules should not block name services (destination port 53 on TCP and/or UDP, depending on your setup), and b) your firewall rules should not block your http cache's http port (source port 3128 or 8080, depending on your setup). Regards, Anthony M. Rasat PT. Kalteng Pos Press Palangkaraya - Indonesia.- ----- Original Message ----- From: "Fritz Mesedilla" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 27, 2003 11:45 AM Subject: [squid-users] firewall and squid Hello! I'm quite new here. Would it be possible for me to have squid and a firewall on the same server? I'm concerned about security and also on budget. Thanks in advance. Fritz Mesedilla --- + Basta Ikaw Lord ---------------------------------------------------------------------- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender immediately by e-mail and delete this e-mail from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Overture Media, Inc. Direct Line: (632) 635-4785 Trunkline: (632) 631-8971 Local 146 Level 1 Summit Media Offices, Robinsons Galleria EDSA Cor. Ortigas Ave., Quezon City 1100
