Quote:
Originally Posted by jonette20
1. How do I verfiy that the requests are going via squid-firewall-router?
|
traceroute should be able to show you this as long as you're not blocking ICMP traffic in your internal network.
For clarification, is your setup like the following example?
client-->squid-->firewall-->router
Or do you have the router and firewall switched around? I'm assuming it's as my "diagram" shows. If that's the case, depending on how your firewall is setup, you may or may not receive the 'TTL expired in transit' messages after the firewall. Most people setup firewalls to block requests incoming (or replies outgoing), but allow any informational ICMP types like, for example, an echo reply (type 0) or a time exceeded (type 11) to enter your network. In that way, you can ping an external source (
www.google.com, for example) to verify connectivity while simultaneously blocking unsolicited ICMP traffic that attempts to enumerate your network.
Anyway, even if you're blocking any incoming ICMP at the firewall, there's a good chance your firewall will respond to your traceroute, and if you got that far, you got past the squid (meaning any website data you received *had* to come from outside).
Does this solve your problem?
-TDS-