Hello
I'm running Smoothwall Express 2 and would like to run a second "firewall" or proxy server behind it, mainly to filter out inappropriate content for children. I am using a separate Linux box (SuSE 10) with Squid and DansGuardian
I think the normal way of connecting this lot is to have the second Smoothwall NIC running to a switch and to have all the other PCs on the LAN,
*including* the proxy, running to the same switch, with redirecting going on in the firewall to restrict outward access to proxy only. I don't understand much about redirecting, and I was wondering if it is possible to connect the machines another way, like this:| | | Smoothwall External Interface (DHCP assigned IP from ISP) | Smoothwall Internal NIC (Static, eg. 192.168.0.1) | | [[[Crossover cable]]] | | Squid\\DG box External NIC (DHCP from Smoothwall eg. 192.168.0.200) | Squid\\DG box Internal NIC (Static, eg. 192.168.40.1) | | [[[24-port switch]]] | | Clients (DHCP from Squid\\DG eg. 192.168.40.100, 192.168.40.99, etc.)
Would this work, and would it be considered more secure than having firewalling and proxying on the one machine?
I understand I need to enable IP masquerading on the Squid\\DG box to route traffic from the LAN to Smoothwall. How do I go about this, and do I need to enable the firewall on the Squid\\DG box as well, at least for the internal network? And finally, besides the static IP on the internal NIC of the Squid\\DG box do I need to assign a gateway statically as well, and if so, what gateway? The Smoothwall internal NIC, or the Squid\\DG external NIC?
Thank you for taking the time to read this. My apologies if it isn't entirely firewall-related.
Gearoid O Maolallaigh