johand
asked on
Internet security question
Im busy setting up a simple proxy server on my network as follows : the linux server has two network cards, one with a real IP address connected to the internet, the other with my 10.1... address on my internal network. Im running squid on this machine to enable my users to surf the web. My question is : How safe is my internal users from attacks from the internet ? Is it necessary for me to install firewalling software as well ? There is obviously no route between the two NICs except if someone could telnet into the box... Welldocumented(referenced) answer will receive the points :)
Johan
Johan
ASKER
" It might make more sense to give your local network more access to the internet using masquerading, and go ahead and call your proxy server a firewall." If you suggest this as a better option, could you be more specific as to how to go about it, where to find information, what packages to use etc...
For the current version of RedHat, at least, the ipchains package will allow you to set up IP Masquerading as well as forwarding and firewalling rules.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ipfwadm is the old way to do it... *shrug* ipchains is the currently accepted way...
In order to properly lock down your proxy server, however, you'll probably end up using firewall-type restrictions anyway. It might make more sense to give your local network more access to the internet using masquerading, and go ahead and call your proxy server a firewall.