LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Squid/Proxy Server (https://www.linuxquestions.org/questions/linux-networking-3/squid-proxy-server-593738/)

metallica1973 10-22-2007 03:51 PM

Squid/Proxy Server
 
I have read:

Quote:

A proxy server replaces a computer's configured address with its own address for Internet access. Private networks are typically configured with IP addresses that are not routable on the Internet. This will prevent computers on the network from accessing the Internet unless the configured private address is replaced by a routable IP address. This is done to help ensure the security of the network computers. Because only the proxy server address is exposed on the Internet, it is much harder for a hacker to break into the network.
This is my network:

Internet
|
|
|
Firewall Box (192.168.5.0)------------- DMZ
(192.168.6.0)
|
|
(192.168.6.0) |
Squid Box
(192.168.6.0)
|
|
|
LAN (192.168.6.0)


I have been having trouble with my users going into there web browser and bypassing my proxy settings and I have also setup transparent proxying and that is not working right as well. Could the problem be that I have is the placement of squid/dansguardian and it being on a separate box instead of having a proxing firewall or better said having a netfilter/squid/dansguardian running on as my firewall instead of having a proxy machine by itself. I have played around with IPTABLES and etc.. and I cant solve this issue! should my network be like such:

Internet
|
|
|
IPTABLES/Squid/Dansguardian (192.168.5.0)------------- DMZ
(192.168.6.0)
|
|
|
LAN (192.168.6.0)

Would this be better for security and would this solve my user from being able to bypass the browser settings pointing to my Proxy server?

acid_kewpie 10-22-2007 04:46 PM

i'd be cautious about putting all my eggs in one basket really. transparent proxies are reasonably nice on a small scale but when things get bigger you need better more responsible way to do this. Whatever squid is doing, you should be preventing users accessing the internet directly. if this is a linux firewall then iptables will absolutely be able to do this for you with very standard rules.

metallica1973 10-22-2007 07:16 PM

rock on ! I will take the iptables approach! thanks


All times are GMT -5. The time now is 03:20 PM.