From owner-freebsd-questions@FreeBSD.ORG Wed Mar 24 08:33:29 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0414016A4CE for ; Wed, 24 Mar 2004 08:33:29 -0800 (PST) Received: from mail.filmkern.com (206-169-45-174.gen.twtelecom.net [206.169.45.174]) by mx1.FreeBSD.org (Postfix) with SMTP id 9DF1E43D45 for ; Wed, 24 Mar 2004 08:33:28 -0800 (PST) (envelope-from darom@filmkern.com) Received: (qmail 190 invoked from network); 24 Mar 2004 16:33:49 -0000 Received: from localhost (HELO mail.filmkern.com) (127.0.0.1) by localhost with SMTP; 24 Mar 2004 16:33:49 -0000 Received: from 206.169.45.183 (SquirrelMail authenticated user darom@filmkern.com) by mail.filmkern.com with HTTP; Wed, 24 Mar 2004 08:33:49 -0800 (PST) Message-ID: <26803.206.169.45.183.1080146030.squirrel@mail.filmkern.com> Date: Wed, 24 Mar 2004 08:33:49 -0800 (PST) From: "Denis R." To: bobc@sfcei.com User-Agent: SquirrelMail/1.4.2 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 Importance: Normal cc: FreeBSD-Questions@freebsd.org Subject: re: squid and it's config, a question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Mar 2004 16:33:29 -0000 Bob, Since it is a gateway/proxy/firewall, you will be running some firewall rules. Use 'netstat -a' command, and check which ports are in Listen stage. Or use 'lsof | grep Listen' command. After that you will need to add a firewall rule to _not_ allow incoming connections to the Squid's listening port on your external NIC. It will be a good safety measure, in case you change the squid's config file and will forget to properly assign the listening port. I am running Squid on 5.2.1 FreeBSD with Squidguard/Dansguardian to keep my kid away from bad sites. It works great. Here is a little right-up (it is in Russian, but all config files are in English): http://www.opennet.ru/docs/RUS/squid_filter/squidguard.html (just be patient, the site is slow) Regards, Denis >>>>>>>>>>>>> Here the squid server will be IP 10.1.1.5 255.0.0.0. I have no references to localhost as 127.0.0.1r, and no references to the external IP in this file anywhere. I am assuming, perhaps incorrectly which is often the case for me :-), that this should be sufficient and safe from being open to the world.