>
> It is a nuisance trying to socksify such a complex application as squid,
> and, in fact, it has not worked out for me yet (dnsserver does not work,
> environment is AIX432, IBM xlc compiler, squid-2.2.DEVEL3).
^^^^^^^^^^^^^^^^
This is not supported; see the main web site.
>
> I guess the situation is quite standard: an environment where one does not
> want to install a proxy on the firewall but behind it on the Intranet, and
> all connections from the squid proxy to the Internet should be made via
> SOCKS.
Socksifying Squid is going to force your proxy to have to support
huge numbers of open file descriptors - it may well not do them
anything like as well as Squid and may well run a process per
connection, which is exactly what squid is trying to avoid, although
it is coming back from that extreme in the threaded versions.
Obviously, if your traffic volumes are small, you may not use many
FDs, but I suspect that Squid could easily break even NAT type
firewalls when operated at its design throughput.
I'd suggest that most small users are using, at most, a NAT based
firewall, and that large users can't afford to have anything
significant between Squid and the internet. Small users not using
NAT might be best operating in a single parent mode and using a
circuit relay on the firewall to relay to their parent cache.
--
David Woolley - Office: David Woolley <[EMAIL PROTECTED]>
BTS Home: <[EMAIL PROTECTED]>
Wallington TQ 2887 6421
England 51 21' 44" N, 00 09' 01" W (WGS 84)
