RE: [SQU] IBM Host On Demand

Quoted from the front page at ISOTEL:

<QUOTE>
If you are connecting to the Internet through a firewall, the following
ports on your firewall must be open to allow access to ISOTEL:
- 80
- 443
- 8989
- 8999
- 501
If these ports are not open, you will not be able to connect to ISOTEL. If
you experience problems initiating your ISOTEL session, contact your
company's system administrator.
</QUOTE>

ports 80 and 443 are used by the browser to get to the JAVA client-side app.
Once the JAVA app is running it needs to be able to connect to ISO directly
via 8989 8999 and 501. Squid is not involved in proxying JAVA client-side
apps.

-----Original Message-----
From: Nick Austin [mailto:nick@digitalpipe.net]
Sent: Friday, February 09, 2001 2:57 PM
To: Adam Lang
Cc: squid-users@ircache.net
Subject: Re: [SQU] IBM Host On Demand

The proxy only setup will break all applications that do not know how to
talk to proxys.... A transparent proxy setup is one where all the traffic
is directed throught squid reguardless of the client configuration. You
can find more information about this type of setup here:
http://www.linuxdoc.org/HOWTO/mini/TransparentProxy-2.html

The reason your application is failing is probably because it was not
desinged to work with any http proxy that is not transparent.

On Fri, 9 Feb 2001, Adam Lang wrote:

> So you are saying that the current way I have users access the internet
will
> break this type of application?
>
> what do you mean by "transparent"?
>
> Can I alter other options in the config to allow this? I think I
understand
> what you are saying.
>
> Squid is listening on port 8080 (the http_port I desginated in squid.conf)
> for requests, right? I have Interent Explorer configured to use a proxy
on
> port 8080 at the squid's ip address.
>
> (By the way, Squid has two NICs. One on the Internet and one internal).
>
> But does the java app care about the Internet Explorer proxy settings?
When
> the applet starts running, does it just try to go right to the address it
> needs?
>
> Am I just going to have to detup something to allow ip forwarding?
>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
> ----- Original Message -----
> From: "Kieran Skinner" <kieran.skinner@xal.co.uk>
> To: "Adam Lang" <aalang@rutgersinsurance.com>; <squid-users@ircache.net>
> Sent: Friday, February 09, 2001 12:26 PM
> Subject: RE: [SQU] IBM Host On Demand
>
>
> > I'm not sure here but I would have thouth that the users browser only
> sends
> > http requestes to the proxy. I would guess that the aplet will not try
to
> > use the proxy (unless it is transparent). Because your firewall does not
> > allow them any direct outbound internet access, the applet fails because
> it
> > cannot open the desired port on the remote server.
> >
> > close?
> >
> > -----Original Message-----
> > From: Adam Lang [mailto:aalang@rutgersinsurance.com]
> > Sent: 09 February 2001 17:14
> > To: squid-users@ircache.net
> > Subject: [SQU] IBM Host On Demand
> >
> >
> > I have some users that need to access a webpage that has an applet
> embedded
> > on it. They can get to the page ok, but the applet doesn't load.
> >
> > http://www.isotel.iso.com/isow-3270.shtml
> >
> > On the link above, it mentions the ports that need to be open on the
> > firewall to allow the applet to communicate. I spoke to their help desk
> and
> > they said it should be able to run through an HTTP proxy (which squid
is,
> > correct?).
> >
> > No users have direct access to the internet. All internet related stuff
> > goes through sendmail or squid.
> >
> > Below is my acl list (currently) after I tried adding the ports to SSL
> safe
> > ports or to safe ports. I did squid reload after the changes each time.
> > Any input would be appreciated.
> >
> > The ports needed are 80 443 8989 8999 501
> >
> > acl all src 0.0.0.0/0.0.0.0
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/255.255.255.255
> > acl SSL_ports port 443 563 1138 8989 8999 501
> > acl Safe_ports port 80 21 443 563 70 210 1025-65535
> > acl Safe-ports port 8989 8999 501 # ISOTEL Host On Demand
> > acl Safe_ports port 280 # http-mgmt
> > acl Safe_ports port 488 # gss-http
> > acl Safe_ports port 591 # filemaker
> > acl Safe_ports port 777 # multiling http
> > acl Safe_ports port 901 # SWAT
> > acl CONNECT method CONNECT
> > #Added by Adam Lang###############################
> > acl rutgersinsurance src 10.10.10.0/255.255.0.0
> > ##################################################
> >
> > Adam Lang
> > Systems Engineer
> > Rutgers Casualty Insurance Company
> > http://www.rutgersinsurance.com
> >
> > --
> > To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>

Nick Austin
Digitalpipe

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html