From: Wynne, Conor (Conor.Wynne at domain compaq.com)
Date: Mon 11 Jun 2001 - 14:47:50 IST
Methinks you wan't squid. With a mere 4 lines to modify in squid.conf , you
can get it going. Afterwards you can make modifications ad-hoc. If you
install webmin, it makes the configuration even easier.
I use MASQ on the gateway - seperate PC, and only squid on the server (for
info, the kernel is compiled with no server stuff at all, as it was
previously used as a desktop). I have not yet looked into how to make icq
and other messanger work through the proxy but in my case the
gateway/firewall handles this. You can make what they call ACL's (access
lists???) and you can specify rules for various groups within your
organisation. Its really easy to setup through webmin. So if for example you
have a DHCP range setup of : 192.168.0.40 through 192.168.0.50 for say
marketing or whatever, you would create a range within this and give them
specific rights though their ACL.
I have never had a squid crash. Just a wee note, there will be a seperate
process for each user connected so add loads a' RAM, processor is negligible
but disk i/0 is important. Your net experience will be massively improved
but only static objetcs or as long as the time to live has not expired.
www.linux.ie loads up like you would not believe. Dynamic objects are not
cachable like counters etc.
As far as logs go, no worries, you can log just about anything you can think
off. If you open the squid.conf, it is the BEST resource for info about
I have just read Kate's reply so I shall stop here.
1. We are switching to DHCP for IP addressing from Static. Up until now,
we manually added each individual address to the firewall access list to
allow someone Internet access. With DHCP this can no longer happen. I
basically need to be able to control who has Internet access and still have
a dynamic IP address structure. I believe I need a proxy server.
2. Local caching point will be a side benefit, as I believe it can have a
significant beneficial effect on the bandwidth, but my primary concern is
to control who has Internet access.
3. I believe that NAT or masquerading is not the answer to my problem, am I
4. I would like the proxy to be totally transparent if possible. IP
services required will mainly be HTTP traffic, but with the option of
allowing FTP or other such services to certain users if required.
5. The network is quite complex with multiple sites involved, but at the
moment they are all coming through the same firewall in HQ, I believe I
will be able to get away with one proxy, or at least, this is what I would
6. Uptime is a business requirement during office hours, but not as
essential during evenings or weekends. Certain downtime is acceptable, but
the shorter the better.
7. At the moment there is no requirement for reporting or activity
monitoring, but I believe that this will be a definite requirement in the
near future, and thus I will be needing the ability to produce detailed
logs without reinstalling a totally new product to achieve this.
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:10:37 GMT