Hi All
I've been hunting around and reading articles on this much of the day and
seem to get a lot of mixed opinion that this is both possible and
impossible, but given that my setup is rather unique, let me explain it first.
What I'm doing is building a Quarantine network server. This single box,
running Devil Linux, does a number of things. First, it's handed down by
the DHCP server as the user's new gateway and DNS. The machine itself uses
a trunk to connect it to our network. Quarantine networks come in as vlans,
it has a private vlan that houses BIND and Apache, and Squid running on
another vlan interface that is public. The BIND system is poisoned so that
all attempts to go anywhere resolve to itself except for a few select places
we want the user to get to, like Windows Update (and a few others). For
those, the zone file forwards them to the listening IP of the Squid server,
which is set up as a transparent proxy.
Sounds like a mess eh? It actually does work correctly for all pages and
functions EXCEPT Microsoft's Windows Update. From looking at the TCP-dumps
I did, it briefly tries to start up an SSL connection (even though it
doesn't retain that stat) thus breaking the way it works.
If I configure IE on a machine within a Quarantine network to use this
server's squid as it's proxy, it works fine, so I know Squid and it's access
lists and parameters are good, but trying it via the transparent mode just
doesn't work. Is there SOME way to get around this?
The reason I ask is that our hopes here are to make this as brainless for
the user as humanly possible. If they have to enter any sort of settings
and move beyond the point-click world, the help desk will likely be
overwhelmed with calls from the great unwashed masses. :)
-- AaronReceived on Tue Aug 09 2005 - 13:29:42 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT