Re: [squid-users] Network Topology Questions

From: <Mace.Scott@dont-contact.us>
Date: Mon, 1 Aug 2005 15:22:18 -0400

Having a similar problem, and I think it has to do with which interface is
listed first when you do an ipconfig at a command prompt. At least for
determining ip address.

One thing you may want to do is set up an autoconfig script (an ins file)
and in there set it to not cache autoconfig settings. I've found that
without that, IE will use the wpad.dat file in its cache and not the one
on the server. A serious problem when making changes.

=========================
Scott Mace
Security Administrator
Travelcenters of America
440-808-4318
mace.scott@tatravelcenters.com
=========================

"Sturgis, Grant" <Grant.Sturgis@arraybiopharma.com>
08/01/2005 02:36 PM

To
<squid-users@squid-cache.org>
cc

Subject
[squid-users] Network Topology Questions

We are having serious problems getting traffic to our squid proxy
server. Currently we are using a proxy.pac file to tell browsers when
to use the proxy and where to find it. Unfortunately, MSIE seems to
decide randomly when (and when not) to use this file. It seems that
when laptop users go home and connect to VPN, then they get two IP
addresses (one for the VPN connection and one for the NIC), and the PAC
file can't figure out which one to use. This is a problem because we
use:

if (isInNet(myIpAddress(), "10.10.0.0", "255.255.0.0"))
return "PROXY 10.10.10.10:3128";

In the proxy.pac file. Funny thing is that sometimes it works and
sometimes it doesn't.

Anyway-

I thought that WCCP would be a good solution. Problem is, I can't seem
to get it to work (see earlier post or email me and I will resend).

So now I am searching for alternatives.

Can anyone comment on the topologies or network strategies that you are
using? I am considering an in-line approach:

---------------------- ----------- ------------
------------
| Internal Network | ------- | Proxy | ---- | Firewall | --- |
Internet |
---------------------- ----------- ------------
------------

But I don't like the idea of other outbound protocols (smtp, ssh)
needing to be routed through another device. Is this a silly concern?

Are there any other approaches that have worked well? Does a lot of
people out there use WCCP successfully?

Thanks in advance for any suggestions and comments.

Grant
-------

Pardon this:

This electronic message transmission is a PRIVATE communication which
contains
information which may be confidential or privileged. The information is
intended
to be for the use of the individual or entity named above. If you are not
the
intended recipient, please be aware that any disclosure, copying,
distribution
or use of the contents of this information is prohibited. Please notify
the
sender of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.
Received on Mon Aug 01 2005 - 13:37:33 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT