[ale] Proper squid wiring

Dow Hurst dhurst at kennesaw.edu
Fri Nov 30 09:26:01 EST 2001 

Well, I was thinking about a set of users that could be controlled more
tightly.  Or, possibly a set of users with certain connectivity needs. 
With two internal networks available you can split services among
users.  So each internal network can have different ipchain rules
associated thereby giving you finer control within the office arena. 
Or, you could do the DMZ type setup for externally available services.
Dow

Chris Fowler wrote:
> 
> The third I believe is fro a future DMZ area.  Like for a Web Site that
> needs to be on the outside.
> 
> Chris
> 
> -----Original Message-----
> From: Gary S MacKay [mailto:Gary at EdisonInfo.com]
> Sent: Thursday, November 29, 2001 3:33 PM
> To: ale at ale.org
> Cc: Gary at edisoninfo.com
> Subject: Re: [ale] Proper squid wiring
> 
> Thanks Dow! I'll mess around with that idea. One question, why three nic's?
> One to the inTERnet, one to the inTRAnet, and the other one? They do not
> need a dmz or anything, just a method of stopping abusers from wasting
> company bandwidth.
> 
> - Gary
> 
> Dow Hurst said:
> 
> > Your on track for the topology.  I'd suggest using a couple of switches
> > instead of one hub and then putting three Ethernet cards in the Linux
> > squid/firewall.  You won't limit bandwidth coming from the connection
> > with switches.  You can split users into different groups governed with
> > more or less limiting firewall rules base on business needs.  You
> > should have a very reliable machine with good quality hardware, not a
> > castoff old machine, for the squid server since squid will have disk
> > I/O and CPU requirements for good performance and will be in effect a
> > part of the network infrastructure.  I am no expert but there is my
> > $0.02.
> > Dow
> >
> >
> > Gary MacKay wrote:
> >>
> >> I think I know how this goes but wanted to check with the "experts"
> >> before I get too far into it. I have a client with a wireless internet
> >> connection. The ISP installed a Netopia R910 router which plugs into
> >> the wireless receiver and into the hub that serves the internal
> >> network. The owner wants me to limit internet access on a per person
> >> basis. My thought was to install a linux/squid box between the hub and
> >> router to allow/block/cache traffic. The added bonus for everyone is
> >> the cache in squid, but the main purpose is to monitor/limit certain
> >> users who are abusing the privilage.
> >>
> >> Any thoughts?
> >> - Gary
> >>
> >> ---
> >> This message has been sent through the ALE general discussion list.
> >> See http://www.ale.org/mailing-lists.shtml for more info. Problems
> >> should be sent to listmaster at ale dot org.
> >
> > --
> > __________________________________________________________
> > Dow Hurst                   Office: 770-499-3428
> > Systems Support Specialist  Fax:    770-423-6744
> > 1000 Chastain Rd.
> > Chemistry Department SC428  Email:dhurst at kennesaw.edu
> > Kennesaw State University         Dow.Hurst at mindspring.com
> > Kennesaw, GA 30144
> > *********************************
> > *Computational Chemistry is fun!*
> > *********************************
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.

-- 
__________________________________________________________
Dow Hurst                   Office: 770-499-3428
Systems Support Specialist  Fax:    770-423-6744
1000 Chastain Rd.
Chemistry Department SC428  Email:dhurst at kennesaw.edu
Kennesaw State University         Dow.Hurst at mindspring.com
Kennesaw, GA 30144
*********************************
*Computational Chemistry is fun!*
*********************************

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list