installing proxy server on a network with existing firewall

[watts3000]

I was wondering how would one go about installing a proxy server. On a network that already has an exsiting firewall. Basically the physicall hook up what gets connected to what. Would I still need to have 2 nics in the proxy server box one for wan and lan.

 

[Woodie]

One vs. two nics depends on the proxy software. Some will run w/ only one nic, some require two.

From a retro-fit perspective, it's kind of ugly. What you would *like* to have is an internal subnet (LAN) connected to one nic on the proxy server. Then the second nic (WAN) on the proxy is connected to a different subnet, which has only the firewall interface on it. That way, the only way to get to the Internet is through the proxy.

Real world...you can find a proxy that runs off a single nic. Just plug it in, and reconfigure all the clients to point to the proxy. Now, change the firewall rule, so that only the proxy is allowed to go outbound on port 80. One benefit of this, is that it doesn't break any existing applications that use ports other than 80, where the dream setup above would.

A couple of pieces of info that would be helpful in answering your questions:
Business or private network?
How important is it to leave the network "as is"?
How important is security?
Are there any Servers that need access to or from the Internet, or is it all clients?

--Woodie

 

[err]

Woodie is right on the coin, how your nic setup is completely depending on you.

I would always setup 2 nics. I nic to get out to the Internet and one nic to tranverse to local LAN (Try to NAT the nic going out to the Internet if possible & setup your firewall only to allow outbound access) ... well it depends on your company needs really.

Setup your clients to point to the proxy server through local IP addresses. This way, they can't even get to the Internet with outside IP addresses. Again Woodie is right on the coins 🙂

What Proxy software are you going to use? Have fun !

eRr