Security implications of running SquidProxy on the main firewall



  • Hello guys,

    I want to start a discussion about the pros and cons of running a SquidProxy server on the same pfSense box as the main firewall.

    Today I have one pfSense doing all the firewall things, like routing and filtering (I don't use NAT), so pfSense is filtering only public IPv4 addresses. Local DNS was disabled for security reasons, and the DHCPd is running on another machine inside the internal LAN.

    Since I want to install a SquidProxy and perhaps some filtering with SquidGuard the obvious idea is to put everything on the main firewall, but I'm not sure if it's a good practice. But I don't know if theres any viable option. The squid must be run in transparent mode, so the users don't know they are behind a proxy.

    Thanks in advance,