Re: [squid-users] Email , VOIP , RDP with SQUID

From: Muhammad Yousuf Khan <sirtcp_at_gmail.com>
Date: Fri, 17 Feb 2012 13:32:43 +0500

> By "consolidated squid firewalls " did you mean security systems which
> include both firewall software and Squid as sub-sections of the overall
> system?

yes exactly this is what i want actually i am replacing ISA server
from our environment therefore i want to make this squid box smiler to
ISA. so i want some features of NAT on this squid proxy box to NAT all
the other traffic except Squid related. i just wanted to allow three
more ports for different functionality. therefore i asked for help
from experienced users that what they suggest in this scenario.
because i don't wana use MS ISA any more however i need to make squid
box to look similer to MS ISA box. at least basic features should be
there which ISA is already providing. like Firewall features.

> Squid and firewall are very different things. Your question is very much
> like asking the office cleaner how to fix the printers (they might know, but
> its not in the job training).

yes i know but this is what MS ISA is doing :) and influencing
management towards any technical objective is not easy,if i tell them
that squid can not do what ISA box can, that would be difficult for me
to make them understand since they are not technically sound in
networks so better would be, if its all about NAT (since i am sure) so
making some NAT rules is easier instead of teaching them whole network
theory :D
. and also IPCop and PFsence and other firewalls providing the same
features so i can too. thats the main reason here.

but also i observe that in IPcop when i enable firewall rules it
starts to override the SQUID rule. like i could do firewall things in
IPcop but i couldnt manage to apply Squid ACLs they were totally
overridden by iptable.. so i dont wana be stuck in this situation
agains
that why i asked for help from experience people if they can help me.

Thanks

On Fri, Feb 17, 2012 at 3:00 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 17/02/2012 12:45 a.m., Muhammad Yousuf Khan wrote:
>>
>> hello all,
>>
>> I need to enable Email �, Voice over ip , Microsof Remote Desktop and
>> other software to communicate with target machine. i know squid can
>> not do that. but we can achieve that via iptables. i have found few
>> solutions on internet but didn't �cope up with our need.
>> just want to share my experience with consolidated squid firewalls, that
>
>
> By "consolidated squid firewalls " did you mean security systems which
> include both firewall software and Squid as sub-sections of the overall
> system?
>
>
>> as i experienced in past with a firewall called IPCOP, that when i
>> started using Iptable it bypasses every squid rules so i don't want
>> that therefore kindly advice me set of script that didn't bypass the
>> squid and also help me to open these port
>>
>> except all ports, should be blocked.
>
>

> The Squid project does not provide resources on how to setup general
> security systems, or how to manage firewalls. The squid wiki
> (wiki.squid-cache.org) contains some small documentation on firewall rules
> Squid requires for certain features. That is all. Please locate the
> documentatiuon for your chosen firewall or security product on how to
> configure it properly.
>
>
> Amos
Received on Fri Feb 17 2012 - 08:32:51 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 17 2012 - 12:00:03 MST