Hi.
Although the problem is loosely related to Squid I have decided to post this
message to this forum.
First: small 'picture':
{Internet} --(WAN)--[ Squid box + firewall ]--(LAN)--[ NT+IIS ]
The Squid (2.3S4) box is set up on Linux 2.2.16. I have WWW Server (IIS)
running on NT (internal) machine. The ipchains rules allow Internet user to
connect to this machine transparently via firewall. These rules are:
ipchains -A forward -p TCP -s $ntip/32 80 -j MASQ
ipmasqadm portfw -f
ipmasqadm portfw -a -P tcp -L $extip0 80 -R $ntip 80
While this configuration is working well for external users, it does not
allow intranet users to connect to server. I've heard that this is the
limitation for Linux kernels < 2.4. Another words, internet user can do:
http://squid.box.FQDN while internal user can only use
http://NT-machine-name, but only *without* proxy.
I have tried redir package, but it has one, very annoying limitation: IIS
shows internal ip number of the Squid box for external user in its logs.
I think a redirection program would be fine, but I don't like to use a
specialized program for just one case...
Maybe there is a better way to construct ipchains rules or...
Someone with ideas ?
Piotr.
-- To unsubscribe, see http://www.squid-cache.org/mailing-lists.htmlReceived on Wed Oct 25 2000 - 06:25:15 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:55:56 MST