From: Dermot Beirne (Dermot.Beirne at domain exel.com)
Date: Mon 11 Jun 2001 - 12:56:18 IST
Hi,
Answers to your questions:
1. We are switching to DHCP for IP addressing from Static. Up until now,
we manually added each individual address to the firewall access list to
allow someone Internet access. With DHCP this can no longer happen. I
basically need to be able to control who has Internet access and still have
a dynamic IP address structure. I believe I need a proxy server.
2. Local caching point will be a side benefit, as I believe it can have a
significant beneficial effect on the bandwidth, but my primary concern is
to control who has Internet access.
3. I believe that NAT or masquerading is not the answer to my problem, am I
wrong??
4. I would like the proxy to be totally transparent if possible. IP
services required will mainly be HTTP traffic, but with the option of
allowing FTP or other such services to certain users if required.
5. The network is quite complex with multiple sites involved, but at the
moment they are all coming through the same firewall in HQ, I believe I
will be able to get away with one proxy, or at least, this is what I would
like.
6. Uptime is a business requirement during office hours, but not as
essential during evenings or weekends. Certain downtime is acceptable, but
the shorter the better.
7. At the moment there is no requirement for reporting or activity
monitoring, but I believe that this will be a definite requirement in the
near future, and thus I will be needing the ability to produce detailed
logs without reinstalling a totally new product to achieve this.
Yes, I understand that most questions are answered by a multitude of other
questions, I've no problem with that, as long as it helps the people in the
know to provide a more useful answer to my problem. Thanks all.
Regards,
Dermot
chris.higgins at domain
horizon.ie To: dermot.beirne at domain exel.com
cc: ilug at domain linux.ie
11/06/01 12:33 Subject: Re: [ILUG] Proxy server for Linux
> Can anyone recommend a particular proxy server for Linux.
> I know there is squid, socks, etc, but have any of you any particular
> experience with any of them.
> I am not a linux expert (yet!), so access to good documentation on it's
> setup and configuration would be a requirement.
> Any help appreciated.
> Regards,
> Dermot.
The first question is 'what problem are you trying to solve by using a
proxy?'
If it's to provide a local caching point for HTTP traffic then you can look
at squid
If you want to allow machines with private addresses connect to services on
the internet - then you may not need a proxy at all. NAT (or Masquerading
as seen on Linux) will do the job for you ?
How transparent do you want the proxying to be for the users ?
What IP services do you want to provide proxy services for ?
How complex is the network - will you need multiple proxies at
different sites - will you want these multiple proxies to interact with
each other or act standalone...
Are you looking for 100% availability ? Is it *really* 100% availability,
or will the users survive if the proxy is offline for an hour or two ?
Will you be recording logs of activity - will you need to produce reports
on usage by individuals ?
As always - the answer to your question is another question :)
>
>
> --
> Irish Linux Users' Group: ilug at domain linux.ie
> http://www.linux.ie/mailman/listinfo/ilug for (un)subscription
information.
> List maintainer: listmaster at domain linux.ie
-- ** Chris Higgins e: chris.higgins at horizon.ie ** ** Technical Business Development tel: +353-1-6204916 ** ** Horizon Technology Group fax: +353-1-6204949 ** ______________________________________________________________________ Important Email Information The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. If you are not the intended addressee please contact the sender and dispose of this e-mail.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:10:37 GMT