06-24-2013
No more than without the proxy server. You may lose some identity information if the NAT assigns addresses and ports from a pool. The obvious place to put a proxy is on the firewall network boundary, that is to say, within the local no-NAT domain, so you get the identity right, and let the proxy have access, perhaps bypassing NAT/that-firewall. Of course, if you serve many such behind-NAT spaces, you need a NIC or tunnel so they can all locally connect to the proxy, or many proxy servers. If the power/resources are right, a proxy on a firewall with a local DNS server on the firewall is not a bad model -- just a different way through the same firewall. The proxy server is a very heavy DNS user, so a local DNS cache can be a nice idea. There is a wonderful feeling when you prevent a packet from needing to go out on a network!
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
hi. pardon my noob question id just like to have a quick answer. i am planning to install a jabber webclient and a jabber server in our apache server. my boss said this wouldnt work because squid filters port 5222 connections (jabber). i told him we can simply 'unfilter' the port then but he said... (0 Replies)
Discussion started by: marcpascual
0 Replies
2. IP Networking
I have an architecture as below
<> <>
There is a program in the AIX server which sends SMS to the internet, by sending HTTP request to the SMS processing server.
Like, http://smsserver/mysms=test
However the application does not have an option to specify where the Proxy server... (1 Reply)
Discussion started by: firdousamir
1 Replies
3. IP Networking
hi guys!
We are setting up Squid Server. we want the server to be transparent. But I don't know how will i be able to set the network up. is it possible to set the squid server in the same LAN with the Squid Client and still functions as a transparent server? if so, can anybody help me do it?
... (1 Reply)
Discussion started by: init6_
1 Replies
4. IP Networking
Does any one know how to block HTTP Tunnel in squid proxy server.
Pls reply (1 Reply)
Discussion started by: vishwanathhcl
1 Replies
5. UNIX for Advanced & Expert Users
Hi all,
The scenario is:
http://img834.imageshack.us/img834/7990/1234z.jpg
- With:
+ 192.168.100.0/24 : internet link (simulation)
+ Multiple Websites are hosting in local.
+ Complete DNS configuration.
+ OS: CentOS 5
- Requirements:
Configure Squid Proxy as... (0 Replies)
Discussion started by: kidzer0
0 Replies
6. IP Networking
Can any one direct me to the resources where I can find in-depth instructions on Squid Proxy server and its configuration?
Thanks in advance.:) (1 Reply)
Discussion started by: admin_xor
1 Replies
7. UNIX for Advanced & Expert Users
Hello all,
I am trying to configure squid proxy server for different organizations. These organizations will have different blocked ports, different acls, etc. But, I can use only one proxy server for this purpose. Thinking of making a shell script with iptables and squid.
For an example: a... (1 Reply)
Discussion started by: admin_xor
1 Replies
8. Linux
Hi All Im using squid Proxy in centos
Squid version = squid.x86_64 7:3.1.10-20.el6_5
CentOS release 6.5 (Final)
Router IP = 192.168.1.1
My proxy System have 2 Ethernet port
eth0
eth1
Using IP address for eth0 = 192.168.1.15/24
using IP address for eth1 = 192.168.1.16/24
Default... (1 Reply)
Discussion started by: babinlonston
1 Replies
9. Shell Programming and Scripting
i need squid proxy log file daily auto generate by shell script (1 Reply)
Discussion started by: sanjeetkumar086
1 Replies
10. UNIX for Advanced & Expert Users
Hi, forum reader, I have a squid problem. We have 2 squid proxy for two different group staffs, both of them can access gmail for web email access. It used about half year. One day we send out email with image but one proxy group user cannot view that pic but another group can see. Any idea for... (2 Replies)
Discussion started by: justinianho
2 Replies
LEARN ABOUT CENTOS
mrtg-squid
MRTG-SQUID(1) mrtg MRTG-SQUID(1)
NAME
mrtg-squid - using mrtg to monitor Squid
DESCRIPTION
Squid 2.3 knows SNMP and you can therefore use mrtg to monitor it quite easily.
I have made some modifications to mrtg which simplify this. My work is based on earlier modification made by: matija.grabnar@arnes.si and
kostas@nlanr.net.
MODIFICATIONS
I added new code for displaying correct units to the previous patches "perminute" and "perhour" ("option" tokens), which allows other
measurement in addition to "persecond".
Then I created a new option token "dorelpercent" which allows the calculation of the percentage of IN-stream / OUT-stream on the fly and
then displays it on a fixed scale from 0% to 100%. For my requirements, this does good work. Maybe someone wants a floating scale. It
should not be a problem to implement it, too (but give me an option to keep my fixed scale). If IN-stream is always less than OUT-stream
both lines (OUT-stream and relative percent) are always displayed on top of IN-stream bulk. Otherwise this option makes no sense. With this
option you can display hitrates, errorrates (for router monitoring: rel. droprates) easily now.
If you use this options please consider that you need a 5th colourname/value pair in your Colours statements!
Due to some discussion on this list, I have implemented two tokens too:
"kilo" and "kMG"
"kilo" should contain the value of k (1000 or 1024), where 1000 is the default.
"kMG" is a comma separated list of multiplier prefixes, used instead of "", "k", "M", "G", "T" on the MRTG display. Leave the place free,
if you want no prefix.
Also an incomplete list of OIDs for the new SQUID release is added.
You may need to turn on snmp_port in squid.conf to as it is disabled by default.
I hope you enjoy it.
CONFIG EXAMPLE
First load the squid mib
LoadMIBs: /usr/share/squid/mib.txt
You can measure responsetimes in ms and display it with MRTG correctly with:
kMG[measure-ms]: m,,k,M,G,T
short[measure-ms]: s
You can display now MB/s as 1024*1024 B/s with:
kilo[volume]: 1024
Assuming you're not running squid's SNMP on the default snmp port, you need to include a port number in your target line:
Target[proxy-hit]: cacheHttpHits&cacheProtoClientHttpRequests:public@localhost:3401
A sample config for squid:
Target[proxy-hit]: cacheHttpHits&cacheProtoClientHttpRequests:public@proxy
Title[proxy-hit]: HTTP Hits
PageTop[proxy-hit]: <H2>proxy Cache Statistics: HTTP Hits / Requests</H2>
Suppress[proxy-hit]: y
LegendI[proxy-hit]: HTTP hits
LegendO[proxy-hit]: HTTP requests
Legend1[proxy-hit]: HTTP hits
Legend2[proxy-hit]: HTTP requests
YLegend[proxy-hit]: perminute
ShortLegend[proxy-hit]: req/min
Options[proxy-hit]: nopercent, perminute, dorelpercent
Target[proxy-srvkbinout]: cacheServerInKb&cacheServerOutKb:public@proxy
Title[proxy-srvkbinout]: Cache Server Traffic In / Out
PageTop[proxy-srvkbinout]: <H2>Cache Statistics: Server traffic volume (In/Out) </H2>
Suppress[proxy-srvkbinout]: y
LegendI[proxy-srvkbinout]: Traffic In
LegendO[proxy-srvkbinout]: Traffic Out
Legend1[proxy-srvkbinout]: Traffic In
Legend2[proxy-srvkbinout]: Traffic Out
YLegend[proxy-srvkbinout]: per minute
ShortLegend[proxy-srvkbinout]: b/min
kMG[proxy-srvkbinout]: k,M,G,T
kilo[proxy-srvkbinout]: 1024
Options[proxy-srvkbinout]: nopercent, perminute
AUTHOR
Andreas Papst <andreas.papst@univie.ac.at> Dirk-Lueder Kreie <deelkar@gmx.de> Chris Chiappa <chris+debian@chiappa.net>
2.17.4 2012-01-12 MRTG-SQUID(1)