Jodi Thomson wrote:
Hi all
I'm wanting to setup Squid to use proxy auth against Active Directory. That seems straightforward enough. However I am having trouble in figuring out whether or not to put Squid internally or inside the DMZ for this to work The firewall re will be running is a Juniper NetScreen-25. The DMZ is comprised of real-world IP's, internally it's all private IP Does any one have any experience in this?
I would suggest that based on what you've said already, you'll really want to put the squid proxy in the DMZ with a real world IP. That way you can avoid NAT traversal and have firewall rules that only allow the DMZ in/out of the firewall. A plus (assuming there's no other applications you're going to get talking to the internet from within the private LAN) is that you won't actually have to setup NAT at all. A downside potentially is going to be how you access the Active Directory - ie. is is available from the DMZ. /my 2c. Cheers, Warren.