I run squid in a DMZ and have no problem getting usage information from it.
The only issue I could see a firewall causing is if your firewall is using NAT
(Network Address Translation) or PAT (Port Address Translation), you could not
determine which machine the request came from, unless you look fast enough
while the firewall still has the translation defined. In our case the inside
hosts are exempted from translation when accessing the Squid server, however
these are DHCP addresses, so they don't really mean to much, as the PC that
received that address can change. Basically it really depends on the firewall,
its configuration and which usage information you want as to whether or not it
would cause a problem. If you do bypass the firewall, I would recommend
installing a software based firewall, or using one already built-in to your
Squid host operating system to protect your Squid server.
If this is indeed the point your consult was trying to make, I must agree with
Squidly, you may need a better consultant, he/she should have been easily able
to explain this as the reason.
Thanks,
Dean Weimer
Network Administrator
Orscheln Management Co.
-Original Message-
From: Joel Jaeggli [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 29, 2008 11:24 AM
To: Squidly
Cc: squid-users@squid-cache.org
Subject: Re: [squid-users] Basic Config Question
Squidly wrote:
I have a consultant telling me that I need to have my squid server
dual homed and bypassing my firewall for squid to be able to properly
report usage. Is this the case? Is there some other reason this config
is required?
reporting and connectivity are separate issues.
measuring octets between the cache and the internet and the cache and
the clients ought to be easy enough, or you need a better consultant.