Bill East on 31 Jan 2018 10:41:13 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Generic outgoing internet proxy


Architecturally I would not use the firewall's service. I'm a strong believer in not running more than basic services necessary for security on the perimeter. Squid is practically bulletproof and there will be plenty of support and answers out there when you want it to do something tricky.

On Wed, Jan 31, 2018 at 12:35 PM, JP Vossen <jp@jpsdomain.org> wrote:
I've been asked at $WORK to look into building a small VM for a generic outgoing internet proxy.  This would NOT be for end users, but only for back-end servers to proxy through to get out.  It's almost all headless Linux servers, but there might be a few Linux GUI desktops and Windows machines.  The need is mostly HTTP/HTTPS and SSH, but there might possibly be other ports.  This is not to do an end-run around the firewall, but rather to keep the FW rules simpler; it will allow the proxy out, and when we need to get out we go via the proxy.

One possibility is to use a built-in proxy on the FW itself, I will explore that.

Another possibility is to stop over-thinking it and just set up Squid. Or maybe Privoxy, though that may be more trouble than it's worth. There's also tinyproxy and 3proxy.  I think Nginx or Apache can both do this as well, but I'm leaning more to something purpose-built.

I definitely want something that's Just There in the YUM repos, and I really hate to admit it, but the OS is OEL-7  It might be OEL-6, but probably OEL-7.

Thoughts, clues, how-tos, things that could bite me?

Thanks in advance,
JP
--  -------------------------------------------------------------------
JP Vossen, CISSP | http://www.jpsdomain.org/ | http://bashcookbook.com/
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug