I'm not sure here but I would have thouth that the users browser only sends
http requestes to the proxy. I would guess that the aplet will not try to
use the proxy (unless it is transparent). Because your firewall does not
allow them any direct outbound internet access, the applet fails because it
cannot open the desired port on the remote server.
close?
-----Original Message-----
From: Adam Lang [mailto:aalang@rutgersinsurance.com]
Sent: 09 February 2001 17:14
To: squid-users@ircache.net
Subject: [SQU] IBM Host On Demand
I have some users that need to access a webpage that has an applet embedded
on it. They can get to the page ok, but the applet doesn't load.
http://www.isotel.iso.com/isow-3270.shtml
On the link above, it mentions the ports that need to be open on the
firewall to allow the applet to communicate. I spoke to their help desk and
they said it should be able to run through an HTTP proxy (which squid is,
correct?).
No users have direct access to the internet. All internet related stuff
goes through sendmail or squid.
Below is my acl list (currently) after I tried adding the ports to SSL safe
ports or to safe ports. I did squid reload after the changes each time.
Any input would be appreciated.
The ports needed are 80 443 8989 8999 501
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563 1138 8989 8999 501
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe-ports port 8989 8999 501 # ISOTEL Host On Demand
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl CONNECT method CONNECT
#Added by Adam Lang###############################
acl rutgersinsurance src 10.10.10.0/255.255.0.0
##################################################
Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.html -- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Fri Feb 09 2001 - 10:32:05 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:56 MST