Does Translated IP Matter For Proxy Server (SQUID) | Unix Linux Forums | IP Networking

  Go Back    


IP Networking Learn TCP/IP, Internet Protocol, Routing, Routers, Network protocols in this UNIX and Linux forum.

Does Translated IP Matter For Proxy Server (SQUID)

IP Networking


Tags
squid proxy nat webmin

Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 06-22-2013
BobSpero BobSpero is offline
Registered User
 
Join Date: Jun 2013
Last Activity: 28 February 2014, 10:31 AM EST
Location: Virginia Beach, 23455
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Wrench Does Translated IP Matter For Proxy Server (SQUID)

I am using Squid to create a proxy server for framework related to an application. My users sit on a private network in 191.xx.xx.xx space and my proxy sits in a different private network in 188.xx.xx.xx space. There will be a NAT in place to allow bidirectional communications but is there an issue with the users accessing the proxy through a translated ip????

I appreciate all the help, this is a first time for me!
Sponsored Links
    #2  
Old 06-24-2013
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 15 October 2014, 5:08 PM EDT
Location: Southern NJ, USA (Nord)
Posts: 4,455
Thanks: 8
Thanked 546 Times in 524 Posts
No more than without the proxy. You may lose some identity information if the NAT assignes addresses and ports from a pool. The obvious place to put a proxy is on the firewall network boundary, that is to say, within the local no-NAT domain, so you get the identity right, and let the proxy have access, perhaps bypassing NAT/that-firewall. Of course, if you serve many such behind-NAT spaces, you need a NIC or tunnel so they can all locally connect to the proxy, or many proxys. If the power/resources are right, a proxy on a firewall with a local DNS server on the firewall is not a bad model -- just a different way through the same firewall. The proxy server is a very heavy DNS user, so a local DNS cache can be a nice idea. There is a wonderful feeling when you prevent a packet from needing to go out on a network!
Sponsored Links
    #3  
Old 06-27-2013
BobSpero BobSpero is offline
Registered User
 
Join Date: Jun 2013
Last Activity: 28 February 2014, 10:31 AM EST
Location: Virginia Beach, 23455
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
DG Thank You, was very educational, do you ever have to deal with ACL's? I need to allow a large scope of 7,700 IPs and block everything else?
    #4  
Old 06-28-2013
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 15 October 2014, 5:08 PM EDT
Location: Southern NJ, USA (Nord)
Posts: 4,455
Thanks: 8
Thanked 546 Times in 524 Posts
Many firewalls allow you to drop in a subroutine of your own. I would put the 8K IPs into a hash map for quick testing, with a hash designed for the form (ascii is slower, bulkier). 8K rules might be a bit bulky. Of course, I imagine they are in specific nets. RWHashTable
Sponsored Links
    #5  
Old 06-29-2013
BobSpero BobSpero is offline
Registered User
 
Join Date: Jun 2013
Last Activity: 28 February 2014, 10:31 AM EST
Location: Virginia Beach, 23455
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Thanks DG I am looking for constant expressions in the url, instead of doing by IP. Instead of allowing by 7000+ IPs there is some consistency in the context of the url patterns.
Sponsored Links
    #6  
Old 07-01-2013
DGPickett DGPickett is offline Forum Advisor  
Registered User
 
Join Date: Oct 2010
Last Activity: 15 October 2014, 5:08 PM EDT
Location: Southern NJ, USA (Nord)
Posts: 4,455
Thanks: 8
Thanked 546 Times in 524 Posts
Be careful, there should not be a back door by using an IP.
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Squid Dynamic Proxy Server Configuration admin_xor UNIX for Advanced & Expert Users 1 01-14-2012 12:49 PM
SQUID Proxy server configuration admin_xor IP Networking 1 12-02-2011 01:29 AM
Setup a Reverse Proxy on Squid kidzer0 UNIX for Advanced & Expert Users 0 07-23-2010 04:09 AM
SQUID Transparent Proxy Server init6_ IP Networking 1 03-08-2008 09:15 AM
squid proxy and apache servers marcpascual UNIX for Advanced & Expert Users 0 10-04-2005 03:26 AM



All times are GMT -4. The time now is 05:11 PM.