squid and it's config, a question
darom at filmkern.com
Wed Mar 24 08:33:29 PST 2004
Since it is a gateway/proxy/firewall, you will be running some firewall
rules. Use 'netstat -a' command, and check which ports are in Listen
stage. Or use 'lsof | grep Listen' command.
After that you will need to add a firewall rule to _not_ allow incoming
connections to the Squid's listening port on your external NIC. It will be
a good safety measure, in case you change the squid's config file and will
forget to properly assign the listening port.
I am running Squid on 5.2.1 FreeBSD with Squidguard/Dansguardian to keep
my kid away from bad sites. It works great. Here is a little right-up (it
is in Russian, but all config files are in English):
(just be patient, the site is slow)
Here the squid server will be IP 10.1.1.5 255.0.0.0. I have no
references to localhost as 127.0.0.1r, and no references to the external
IP in this file anywhere. I am assuming, perhaps incorrectly which is
often the case for me :-), that this should be sufficient and safe from
being open to the world.
More information about the freebsd-questions