Hello Richard,
it depends on your requirements.
What kind of firewall you want? Application gateway like suid or ftp-proxy
is more secure than "only" filtering.
Your machines are well for 100+ users or much more I think. PC2 is actually
overpowered.
My configuration is a firewall with PIII 550, 64 MB and IDE, there is squid,
ftp-proxy (suse proxysuite), DNS and with susefirewall are there more than
150 ipchains rules. There are about 50 users.
Internetconnection is ADSL 1,5 MBit and all works fine - no performance
problems not yet.
I think you should install the classical way - build DMZ and place
Mailserver in DMZ, put proxies on firewall.
Frank
E-Mail f.stuehmer@msc-gmbh.de
WS Medienservice Chemnitz GmbH
----- Original Message -----
From: "Richard Ems"
Hi Frank!
Mi idea was to build a Firewall where PC1 would ONLY do packet filtering (masq, forw, redir, etc.) and PC2 would do the rest (snmp server, pop server, proxy server, dns server, etc.) Also the hardware is very different on both PC's: PC1: 1 x 700 Mhz, 64 MB RAM, IDE PC2: 2 x 700 Mhz, 512 MB RAM, SCSI, more disk space than PC1
mmmm, now I'm not so sure ...
What do you think?
Richard
Frank Stuehmer wrote:
Hi Richard, why you don't install squid at PC1 ? There are good reasons in the howtos why installing proxies on firewalls. With your configuration you should allow routing between Internet an local LAN for http, https and ftp. Squid in transparent mode is nice only for http neither ftp nor https. Frank
----- Original Message ----- From: "Richard Ems"
To: Sent: Friday, February 02, 2001 3:01 PM Subject: [suse-security] Transparent proxy ... Hi all!
Here my scenario:
Internet | | | PC1: Packet Filtering ---------+
SWITCH------- Internal LAN PC2: SQUID Proxy Server ------+ Mail Server DNS caching only server
What I'm trying to configure is a kind of port forwarding from PC1 to PC2. Is this possible? HTTP, HTTPS, and FTP should be redirected from PC1 to PC2 (e.g. PC1:80 to PC2:3128)
I've searched in the archives, read the HOWTO's but didn't find any answer?
Any help would be VERY appreciated !
Thanks, Richard
-- Richard Ems ... e-mail: r.ems@gmx.net ... Fachbereich Informatik, Universität Hamburg
Unix IS user friendly. It's just selective about who its friends are.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- Richard Ems ... e-mail: r.ems@gmx.net ... Fachbereich Informatik, Universität Hamburg
Unix IS user friendly. It's just selective about who its friends are.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com