On 10/9/07, Craig Skinner <[EMAIL PROTECTED]> wrote: > > Rubbish. This is pathetic and displays total ignorance of fundamental > networking protocols, esp WPAD: web proxy auto discovery >
not really. listen now :-) > Have squid listen on the internal interface at the *standard* port of 3128. > no probs here :-) the reasons for making it listen on 8080 are stupid :-) > Block (return) *all* access from the LAN to the Internet, disable NAT. > If you use NAT, what on earth is the point of using an application layer > proxy? > First of all proxy is used to control web access ( like URL filter ) for a certain group of people. There are others who connect through NAT and who can get better perfomance. Yes Squid degrades performances at some cases. Then there are websites that don't work well with squid. So in my case I have to work up a solution which is a mixture :-) > > If you are going to use an app, be man enough to have it listen on the > correct interface. You gain nothing by running it on the loopback and > then using a packet filter to redirect packets to it. What a waste of time. > Not at all! I hear that most security conscious people do it that way. To my knowledge that is the recommended way. To make services listen on the loopback and use PF to redirect appropriate traffic to it. Not sure what you mean by being man enough :-) > > > Set up /etc/dhcpd.conf like something like this: > > > Set up /var/named/master/example.org like this: > > > Distribute a wpad file to the LAN from apache: > > > In /var/www/conf/httpd.conf: > Too many configuration files for a new guy? Or May be not! :-) Anyway thanks a million It was a good learning session :-))))))))))) Thank you so much Kind Regards Siju
