Re: [squid-users] Squid3 issues from Amos Jeffries on 2010-03-19 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 20 Mar 2010 13:12:09 +1300

Adam_at_Gmail wrote:
> Hi Amos, I forgot to ask you about this comment
>
> Amos Wrote:
> " The "IRC-server / Digichat server" may not be proxy-able at all through
>> Squid. It depends if they use HTTP services, or if they are accessible
>> via HTTP"
>

I said that because my reading of one of your earlier messages it
appeared that you were getting frustrated by Squid not proxying traffic
for those services.

I'm not sure if you are wanting Squid to gateway access for your
client machines to those server(s), which is possible with some client
configuration. DigiWeb sounds like it needs special licenses to be
configured that way.

I'm not sure if you are wanting to gateway traffic from the general
public to those servers. Which is not possible for IRC and seems not for
DigiWeb either.

> According to you or from what I understand, proxy server (Squid) can
> only allow HTTP/HTTPS requests, correct?

Yes.

> If that's a yes, what are we going to do with all hundreds of requests
> then?

I don't understand what you mean by "hundreds of requests". What type of
requests and for what? user requests for access? software requests for
non-HTTP stuff?

>
> You know as well as I do, running servers and services, you don't just
> run programmes and applications that are passed through http
> So if the only access to A "network" is through 3128 (http) what happens
> to the rest of the services that we can provide?

Your public (externally visible) services should not be published on
port 3128 unless you are offering proxy services.

>
> I am a little confused, so in my opinion correct me if I am wrong, we
> must allow through DNAT "iptables" all other services that don't use
> http, for the simple reason, those requests will be rejected by the
> Proxy server.

Maybe. It gets complicated.

1) Squid can only handle HTTP inbound to Squid.

2) You could do routing or port forwarding (DNAT) with iptables, or
use other non-Squid proxy software for each publicly provided protocol.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
   Current Beta Squid 3.1.0.18

Received on Sat Mar 20 2010 - 00:12:17 MDT

This archive was generated by hypermail 2.2.0 : Sat Mar 20 2010 - 12:00:05 MDT