Re: [SQU] IBM Host On Demand

So you are saying that the current way I have users access the internet will
break this type of application?

what do you mean by "transparent"?

Can I alter other options in the config to allow this? I think I understand
what you are saying.

Squid is listening on port 8080 (the http_port I desginated in squid.conf)
for requests, right? I have Interent Explorer configured to use a proxy on
port 8080 at the squid's ip address.

(By the way, Squid has two NICs. One on the Internet and one internal).

But does the java app care about the Internet Explorer proxy settings? When
the applet starts running, does it just try to go right to the address it
needs?

Am I just going to have to detup something to allow ip forwarding?

Adam Lang
Systems Engineer
Rutgers Casualty Insurance Company
http://www.rutgersinsurance.com
----- Original Message -----
From: "Kieran Skinner" <kieran.skinner@xal.co.uk>
To: "Adam Lang" <aalang@rutgersinsurance.com>; <squid-users@ircache.net>
Sent: Friday, February 09, 2001 12:26 PM
Subject: RE: [SQU] IBM Host On Demand

> I'm not sure here but I would have thouth that the users browser only
sends
> http requestes to the proxy. I would guess that the aplet will not try to
> use the proxy (unless it is transparent). Because your firewall does not
> allow them any direct outbound internet access, the applet fails because
it
> cannot open the desired port on the remote server.
>
> close?
>
> -----Original Message-----
> From: Adam Lang [mailto:aalang@rutgersinsurance.com]
> Sent: 09 February 2001 17:14
> To: squid-users@ircache.net
> Subject: [SQU] IBM Host On Demand
>
>
> I have some users that need to access a webpage that has an applet
embedded
> on it. They can get to the page ok, but the applet doesn't load.
>
> http://www.isotel.iso.com/isow-3270.shtml
>
> On the link above, it mentions the ports that need to be open on the
> firewall to allow the applet to communicate. I spoke to their help desk
and
> they said it should be able to run through an HTTP proxy (which squid is,
> correct?).
>
> No users have direct access to the internet. All internet related stuff
> goes through sendmail or squid.
>
> Below is my acl list (currently) after I tried adding the ports to SSL
safe
> ports or to safe ports. I did squid reload after the changes each time.
> Any input would be appreciated.
>
> The ports needed are 80 443 8989 8999 501
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl SSL_ports port 443 563 1138 8989 8999 501
> acl Safe_ports port 80 21 443 563 70 210 1025-65535
> acl Safe-ports port 8989 8999 501 # ISOTEL Host On Demand
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 901 # SWAT
> acl CONNECT method CONNECT
> #Added by Adam Lang###############################
> acl rutgersinsurance src 10.10.10.0/255.255.0.0
> ##################################################
>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html