01-28-2013
4,673,
588
Join Date: Oct 2010
Last Activity: 1 February 2016, 3:35 PM EST
Location: Southern NJ, USA (Nord)
Posts: 4,673
Thanks Given: 8
Thanked 588 Times in 561 Posts
Yes, you are describing a proxying firewall. Offhand, there are three ways through a firewall: 1) connect to a proxy that connects out for you (no packets traverse the firewall, it is done at the tcp stream level). 2) NAT, iptables and similar translators where your IP and sometimes tcp/udp port are changed to different ones assigned to the firewall for this (Your internal IPs are not used past the firewall) and 3) barefoot selected packet passage (you hosts are given limited Internet exposure, need good IP addresses). Characteristically, 1 can handle less volume than 2 which is more work for the firewall than 3.
For a proxy firewall, you do not want/need to turn on IP Forwarding, which makes the 2 nic host a router. Users connect to you, and you connect for them to the Internet, but no packets flow through. The routing is inward for inward addresses, which can be free ones like 10.*.*.* and outward for the rest. It is very simple to set up. In addition to squid, there are additional proxies like tcp_relay and sockd to shoot tcp connections through the firewall for other simple tcp protocols.