Re: [SQU] IBM Host On Demand

From: Robert Collins <[email protected]>
Date: Sat, 10 Feb 2001 09:54:17 +1100

I'm going to get up and be unpopular here :]

Adam,
    'transparent' proxying is a *bad thing*. It saves a little bit of config time on your users machines, but it break the end to
end link expected by HTTP, and you can no longer authenticate your users, you will also have to choose between their refresh button
not working or lower cache hits. If you are not 'transparent' now, please please don't change.

Your problem is *not* related to 'transparent'/'non-transparent' configuration of squid. It is a badly written application that
needs it's own ports open (you would experience the same problem even if you were running 'transparently'). You need to open those
ports on your router/firewall/ip filtering device. Squid doesn't need changing.

Rob

P.S. A slightly academic note: RFC 2616 defines transparent proxies as (loosely) http proxies that don't alter the content at all.
Non-transparent proxies are ones that alter the content - for example converting all .gif's into .jpg's as they go through.

the 'transparent' used above really should be something like "intercepting/non-intercepting" To avoid confusion with the RFC terms.

----- Original Message -----
From: "Adam Lang" <aalang@rutgersinsurance.com>
To: <squid-users@ircache.net>
Cc: <squid-users@ircache.net>
Sent: Saturday, February 10, 2001 7:34 AM
Subject: Re: [SQU] IBM Host On Demand

> That's what I started to figure. I'm in the process of reading the
> transparent proxy howto. Will that work, or do I just plain and simple need
> a linux box with IP forwarding?
>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
> ----- Original Message -----
> From: "Drash, Jim [EESUS]" <JDrash@EESUS.JNJ.com>
> To: "'Nick Austin'" <nick@digitalpipe.net>; "Adam Lang"
> <aalang@rutgersinsurance.com>
> Cc: <squid-users@ircache.net>
> Sent: Friday, February 09, 2001 3:23 PM
> Subject: RE: [SQU] IBM Host On Demand
>
>
> > Quoted from the front page at ISOTEL:
> >
> > <QUOTE>
> > If you are connecting to the Internet through a firewall, the following
> > ports on your firewall must be open to allow access to ISOTEL:
> > - 80
> > - 443
> > - 8989
> > - 8999
> > - 501
> > If these ports are not open, you will not be able to connect to ISOTEL. If
> > you experience problems initiating your ISOTEL session, contact your
> > company's system administrator.
> > </QUOTE>
> >
> > ports 80 and 443 are used by the browser to get to the JAVA client-side
> app.
> > Once the JAVA app is running it needs to be able to connect to ISO
> directly
> > via 8989 8999 and 501. Squid is not involved in proxying JAVA client-side
> > apps.
>
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Fri Feb 09 2001 - 16:00:01 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:57:57 MST