[squid-users] Setting up proxy with private to public
Chris Bidwell - NOAA Federal
chris.bidwell at noaa.gov
Mon Apr 13 21:46:46 UTC 2020
Sure. So we have a few internal networks that aren't meant to have direct
internet access without access through a proxy so that it can be better
regulated and monitored.
That being said, we've previously used a microsoft product that is EOL and
I thought I could do much of what it's wanting with Linux and squid and
nginx for reverse proxy.
We've got several internal subnets that need to be able to talk through
squid (I've chosen tcp/8080) to connect to from internally and want to
translate that to an external IP address that does have access to the
outside world. Using the acl's that squid provides and allowing for
various ports (80/443, etc) I'd like to use this functionality.
Once again, the squid server has two IP addresses. One internal, and one
external. The outbound traffic would be accessible through that external
I hope I'm making *some* sense. :)
On Mon, Apr 13, 2020 at 3:38 PM Antony Stone <
Antony.Stone at squid.open.source.it> wrote:
> On Monday 13 April 2020 at 21:19:04, Chris Bidwell - NOAA Federal wrote:
> > Hi all,
> > Very new to squid and am looking to setup several internal subnets to
> > access external network (internet) through squid on a separate interface.
> What are you trying to achieve by using Squid? What is your objective,
> compared to giving clients direct access to the Internet?
> > Server has two IP's. One private internal and one public. Can someone
> > point me in the right direction to get this setup? Running RHEL7.
> Firstly, install Squid and look at its configuration file. It is *very*
> commented / documented, and there is *very* little you need to change in
> to get it working on your network.
> For more details, see:
> (All the above available from http://www.squid-cache.org )
> > Do I need to create static routes?
> Provided the machine you want install Squid on can reach (a) arbitrary web
> servers on the Internet, and (b) the client machines on your internal
> networks, then no.
> If not, then yes, you will need to add suitable routes so that the Squid
> server can find both origin servers and clients.
> > Do I need firewalld rules in place?
> A firewall is always a good idea, however Squid imposes no special
> of its own here.
> A very good starting point for firewalls is "allow the traffic you know
> you want,
> block the traffic you know you do not want, and log and block the traffic
> not sure about - then look at the logs and adjust the rules as necessary
> keep the log entries minimal".
> Finally, if you run into problems, come back here and tell us:
> - what you want to achieve
> - what you did to try to achieve it
> - how you tested whether it worked
> - what you found which told you it didn't work
> Basically, give us enough information to understand what you're trying to
> what you've done to get there, and what went wrong (such that we could
> reproduce the problem for ourselves if need be), and people here will
> help out.
> Pavlov is in the pub enjoying a pint.
> The barman rings for last orders, and Pavlov jumps up exclaiming "Damn! I
> forgot to feed the dog!"
> Please reply to the
> please *don't* CC
> squid-users mailing list
> squid-users at lists.squid-cache.org
Chris Bidwell, CISSP
Space Weather Prediction Center
National Oceanic Atmospheric Administration
email: c <cbidwell at usgs.gov>hris.bidwell at noaa.gov
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the squid-users