On Sat, Aug 02, 2003 at 09:18:22PM -0700, Paul Johnson wrote: > On Fri, Aug 01, 2003 at 06:14:12PM +0100, Pigeon wrote: > > In order to make it work, I didn't have to touch anything in squid's > > own config, just put appropriate gateway entries in the machines' > > /etc/network/interfaces and proxy entries in my browser's proxy config. > > Well, if you've got a beefy gateway, you could move the adzapping > squid there, then use iptables to make it a transparent proxy and save > yourself the trouble of having to point everything at the proxy.
So, given that squid-on-a-firewall is apparently a negligible security risk, this is all about ease of configuration, rather than performance once configured? Cool, I know what I'm dealing with now. The "new" gateway is a 120MHz Pentium with 40MB RAM, which should just about handle squid/adzapper. Previously I was using a 600MHz/128MB box, which ended up having loads of other services on it to make good use of its capacity, hence the decision to move the security function to a separate box. -- Pigeon Be kind to pigeons Get my GPG key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x21C61F7F
pgp00000.pgp
Description: PGP signature
