[KLUG Members] Enhancement to Transparent proxy Squid

[agencies_ad1 at sancharnet.in]

Hello
Linux is running on a server between a Cisco Firewall and a cluster of MS
virtual name servers and other functions. I have configured "Transparent proxy
with Squid" which addresses our configuration with one exception. An elegant
solution in my application would be for Squid to receive all external requests
from the Internet on one IP network adapter (IP address 1), and forward them on
the second (IP address 2). Internal requests to the Internet would initiate on
the second and forward out on the first. This configuration would require all
external traffic to go through the proxy. I have several ranges of ports that I
wish to pass on a one-for-one basis. The are also a number of traffic types
(FTP, HTTPS, SNTP, SMTP, Digest mode authentications, etc.). We could declare
"acl Safe_ports" but those are well handled by the Cisco firewall. Can you
provide additional configuration suggestions to implement this configuration? I
realize that this is not the most secure implementation of Linux, but in my
case, all of the protected data resides on secure MS servers. I am 
implementing in this manner to prevent successive hacks though a series of MS
machines. Going through a buffered proxy in Linux should make it significantly
more difficult to exploit a MS security hole. 

Thanks, 

Regards,

Komal

----------------------------------------------------------------
This message was sent using NWebmail, BSNL's Webmail Program