Re: Using Squid
- From: John-Paul Stewart <jpstewart@xxxxxxxxxxxxxxxx>
- Date: Sat, 02 Sep 2006 11:13:31 -0400
neil.bosh@xxxxxxxxx wrote:
hi, can anyone help me with answering the following questions about the
way we can use squid. I have read some online material about squid but
I am getting mixed answers to these problems.
1. Can we control Telnet, FTP and SSH access using squid
2. Deny ICMP packets, namely ping
3. Reject traffic coming to the UDP ports
4. Block email coming in and out of network
5. block traffic from a particular netwok
I know we can accomplish this using iptables in linux, but what about
squid, can it be configured to control the above packets or application
and if not, what is the reason behind it.
The reason is that's not what Squid was designed to do. (Those things are precisely what iptables was designed for, however.)
Squid is a caching proxy, not a firewall. It fetches and stores local copies of documents retrieved by HTTP, HTTPS, or FTP and then serves the local copy (instead of fetching across the Internet again) the next time somebody requests that same file. That's all it does. (And that's something that iptables is totally incapable of doing. They perform drastically different tasks. They work very well together.)
Squid doesn't listen for telnet/ssh connections, it doesn't listen for ICMP packets, it doesn't listen on UDP ports, it doesn't listen for mail traffic. To control those things, you need a firewall (iptables being the most common).
For definitive information, see the Squid website at http://www.squid-cache.org/ Ask on their mailing list if you want to clarify any of the "mixed answers" you say you've gotten.
.
- Follow-Ups:
- Re: Using Squid
- From: neil . bosh
- Re: Using Squid
- References:
- Using Squid
- From: neil . bosh
- Using Squid
- Prev by Date: Re: Ext3 emergency recovery
- Next by Date: Re: Google is watching
- Previous by thread: Using Squid
- Next by thread: Re: Using Squid
- Index(es):
Relevant Pages
|
|
