Jason Haar wrote:
> > With no transparent proxies - only manual ones - this couldn't happen as the
> > internal host would never do an Internet lookup.
Larry Chin wrote:
> Hmmm, no I don't think so. AFAIK, a transparent proxy is "transparent"
> only in that the end user doesn't have to configure their machine to say
> "use proxy". The firewall proxy still operates by taking traffic from
> the end user, and then resending it from the firewall.
No, Jason is correct. In a pure traditional (non-transparent) proxy
environment, the client hands the proxies hostnames (e.g. within URLs), not
IP numbers, and thus does not need to do DNS lookups.
With transparent proxies, the client *does* do DNS lookups, just as if no
proxy were being inserted in the path.
--
. Richard Reiner, Ph.D.
. FSC Internet Corp. / SecureXpert Labs
. The FSC Building, 188 Davenport Rd., Toronto, Ontario, Canada M5R 1J2
. +1 416 921 4280, fax +1 416 966 2451, www.fscinternet.com,
www.securexpert.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
