What speaks for it and which speaks against it that Firewall and squid run on the same machine? Regards Menki ------------------------------------------------------- All the advantages of Linux Managed Hosting--Without the Cost and Risk! Fully trained technicians. The highest number of Red Hat certifications in the hosting industry. Fanatical Support. Click to learn more http://sel.as-us.falkag.net/sel?cmd=lnk&kid=107521&bid=248729&dat=121642
Michael Menkhoff wrote:> What speaks for it and which speaks against it that Firewall and > squid run on the same machine?Running it on the firewall is the most straightforward configuration of Squid (especially as a transparent proxy). The negative is that it requires your firewall to have a hard drive which reduces its reliability (many people prefer to run an embedded distribution like LEAF/Bering uClibc with a CF and no HD). My $.02 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Wed, May 31, 2006 at 10:24:30AM -0700, Tom Eastep wrote:> The negative is that it requires your firewall to have a hard drive > which reduces its reliability (many people prefer to run an embedded > distribution like LEAF/Bering uClibc with a CF and no HD). >How would you handle logging in such a setup - disable it? Regards Johann -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch "If any of you lack wisdom, let him ask of God, that giveth to all men liberally without finding fault, and it will be given to him." James 1:5
Johann Spies wrote:> On Wed, May 31, 2006 at 10:24:30AM -0700, Tom Eastep wrote: > >> The negative is that it requires your firewall to have a hard drive >> which reduces its reliability (many people prefer to run an embedded >> distribution like LEAF/Bering uClibc with a CF and no HD). >> >> > > How would you handle logging in such a setup - disable it? > > Regards > Johann > > >For every log event, email it. ;) -- Ray Booysen rj_booysen@rjb.za.net
Johann Spies wrote:> On Wed, May 31, 2006 at 10:24:30AM -0700, Tom Eastep wrote: >> The negative is that it requires your firewall to have a hard drive >> which reduces its reliability (many people prefer to run an embedded >> distribution like LEAF/Bering uClibc with a CF and no HD). >> > > How would you handle logging in such a setup - disable it? >Log to a RAM disk. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Fri, 2006-06-02 at 12:36 +0200, Johann Spies wrote:> > The negative is that it requires your firewall to have a hard drive > > which reduces its reliability (many people prefer to run an embedded > > distribution like LEAF/Bering uClibc with a CF and no HD). > > > > How would you handle logging in such a setup - disable it?Those that I need logging from, I log to a remote system/server. -- Homer Parker <hparker@homershut.net> Homer''s Hut
Hi, I have squid and shorewall on separate machines. The squid computer is in the DMZ. Are there speed differences in relation to a solution if squid and shorewall on the same Machine runs ? Regards Menki
Michael Menkhoff wrote:> Hi, > > I have “squid” and “shorewall” on separate machines. The “squid > computer” is in the DMZ. Are there speed differences in relation to > a solution if squid and shorewall on the same Machine runs ? >The only difference is that each request has at least one more (and maybe two more) network hops to traverse. But these are fast local hops (LAN). -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
I tried this setup before with both Squid on the same server as shorewall itself and the other setting is where squid is just a hop away from shorewall. general speaking, there wasnt much differences between these two setup. On 6/8/06, Tom Eastep <teastep@shorewall.net> wrote:> Michael Menkhoff wrote: > > Hi, > > > > I have "squid" and "shorewall" on separate machines. The "squid > > computer" is in the DMZ. Are there speed differences in relation to > > a solution if squid and shorewall on the same Machine runs ? > > > > The only difference is that each request has at least one more (and maybe two > more) network hops to traverse. But these are fast local hops (LAN). > > -Tom > -- > Tom Eastep \ Nothing is foolproof to a sufficiently talented fool > Shoreline, \ http://shorewall.net > Washington USA \ teastep@shorewall.net > PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key > > > > > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > >-- Regards, Wong Chee Chun Network Engineer Softmy Co. Ltd (http://www.softmy.com)