Re: Proxy on firewall or behind it?

To: Debian Firewall <debian-firewall@lists.debian.org>
Subject: Re: Proxy on firewall or behind it?
From: Michael Wood <mwood@its.uct.ac.za>
Date: Thu, 16 Aug 2001 09:35:50 +0200
Message-id: <[🔎] 20010816093550.B24938@len.its.uct.ac.za>
Mail-followup-to: Michael Wood <mwood@its.uct.ac.za>, Debian Firewall <debian-firewall@lists.debian.org>
In-reply-to: <[🔎] 01081520411500.00693@w2>
References: <[🔎] 01081520411500.00693@w2>

On Wed, Aug 15, 2001 at 08:41:15PM +0200, Christian Volk wrote:
> Hi!
> 
> I'm in the process of setting up a leased line/static IP
> internet connection with the option of a DMZ and a second
> firewall.
> 
> To simplify the firewalls, I'm thinking about moving the http
> proxy (squid) from the firewall machine to a machine behind
> the firewall.
> 
> Are there any additional security risks with the proxy on the
> intranet?

What some people do is they run a simple, secure, non-caching
http proxy (e.g. the http-gw from TIS fwtk) on the firewall and
run Squid behind the firewall.

Squid needs to use the http-gw as its parent.  The http-gw is
very simple and doesn't need to do any caching or anything and
Squid, which is much more complex, has no direct connection to
the 'net.

In the Squid docs they mention running it in conjunction with
http-gw.

-- 
Michael Wood
<mwood@its.uct.ac.za>

Reply to:

References:
- Proxy on firewall or behind it?
  - From: Christian Volk <debian@volkedv.de>

Prev by Date: Could someone please explain this output?
Next by Date: Re: Could someone please explain this output?
Previous by thread: Re: Proxy on firewall or behind it?
Next by thread: Could someone please explain this output?
Index(es):
- Date
- Thread