Unix/Linux Go Back    


IP Networking Learn TCP/IP, Internet Protocol, Routing, Routers, Network protocols in this UNIX and Linux forum.

Does Translated IP Matter For Proxy Server (SQUID)

IP Networking


Tags
nat, proxy, proxy server, squid, webmin

Closed Linux or Unix Question    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 06-22-2013
BobSpero BobSpero is offline
Registered User
 
Join Date: Jun 2013
Last Activity: 28 February 2014, 10:31 AM EST
Location: Virginia Beach, 23455
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Wrench Does Translated IP Matter For Proxy Server (SQUID)

I am using Squid to create a proxy server for framework related to an application. My users sit on a private network in 191.xx.xx.xx space and my proxy sits in a different private network in 188.xx.xx.xx space. There will be a NAT in place to allow bidirectional communications but is there an issue with the users accessing the proxy through a translated ip????

I appreciate all the help, this is a first time for me!
Sponsored Links
    #2  
Old Unix and Linux 06-24-2013
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 17 February 2015, 1:56 PM EST
Location: Southern NJ, USA (Nord)
Posts: 4,671
Thanks: 8
Thanked 586 Times in 559 Posts
No more than without the proxy server. You may lose some identity information if the NAT assigns addresses and ports from a pool. The obvious place to put a proxy is on the firewall network boundary, that is to say, within the local no-NAT domain, so you get the identity right, and let the proxy have access, perhaps bypassing NAT/that-firewall. Of course, if you serve many such behind-NAT spaces, you need a NIC or tunnel so they can all locally connect to the proxy, or many proxy servers. If the power/resources are right, a proxy on a firewall with a local DNS server on the firewall is not a bad model -- just a different way through the same firewall. The proxy server is a very heavy DNS user, so a local DNS cache can be a nice idea. There is a wonderful feeling when you prevent a packet from needing to go out on a network!
Sponsored Links
    #3  
Old Unix and Linux 06-27-2013
BobSpero BobSpero is offline
Registered User
 
Join Date: Jun 2013
Last Activity: 28 February 2014, 10:31 AM EST
Location: Virginia Beach, 23455
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
DG Thank You, was very educational about proxy servers, do you ever have to deal with ACL's? I need to allow a large scope of 7,700 IPs and block everything else?
    #4  
Old Unix and Linux 06-28-2013
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 17 February 2015, 1:56 PM EST
Location: Southern NJ, USA (Nord)
Posts: 4,671
Thanks: 8
Thanked 586 Times in 559 Posts
Many firewalls allow you to drop in a subroutine of your own. I would put the 8K IPs into a hash map for quick testing, with a hash designed for the form (ascii is slower, bulkier). 8K rules might be a bit bulky. Of course, I imagine they are in specific nets. RWHashTable
Sponsored Links
    #5  
Old Unix and Linux 06-29-2013
BobSpero BobSpero is offline
Registered User
 
Join Date: Jun 2013
Last Activity: 28 February 2014, 10:31 AM EST
Location: Virginia Beach, 23455
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Thanks DG I am looking for constant expressions in the url, instead of doing by IP. Instead of allowing by 7000+ IPs there is some consistency in the context of the url patterns.
Sponsored Links
    #6  
Old Unix and Linux 07-01-2013
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 17 February 2015, 1:56 PM EST
Location: Southern NJ, USA (Nord)
Posts: 4,671
Thanks: 8
Thanked 586 Times in 559 Posts
Be careful, there should not be a back door by using an IP.
Sponsored Links
Closed Linux or Unix Question

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Squid Dynamic Proxy Server Configuration admin_xor UNIX for Advanced & Expert Users 1 01-14-2012 12:49 PM
SQUID Proxy server configuration admin_xor IP Networking 1 12-02-2011 01:29 AM
Setup a Reverse Proxy on Squid kidzer0 UNIX for Advanced & Expert Users 0 07-23-2010 04:09 AM
SQUID Transparent Proxy Server init6_ IP Networking 1 03-08-2008 09:15 AM
squid proxy and apache servers marcpascual UNIX for Advanced & Expert Users 0 10-04-2005 03:26 AM



All times are GMT -4. The time now is 06:25 AM.