On Thu, Aug 19, 1999 at 04:39:42PM -0600, Mark Arroyo wrote:
<SNIP>
>
> Transparency is not enabled on either cards
>
<SNIP>
>
> I do have almost total functionality except that I cannot seem to configure
> the firewall to allow my users to check other POP3 email accounts besides
> the main POP3(ISP) account we have. With sending up mail to our ISP mail
> sever via smtp I had to disable transparency on the inside adapter to be
> able to enter an external mail server. I have tried to add plug proxies to
> take care of the different newsgroup servers that my users need to get to
> but this does not seem to work. I have also tried to use Plug proxies to for
> the other POP3 accounts with no success. I would appriciate any help at all.
> Let me know if you have any other questions about my set up.
>
OK, your first problem is that you don't have transparency enabled on the inside
interface. When you DON'T have transparency you need a couple of thing to get to the
outside world:
1) a client program that understands that there is a proxy in the way like a
web browser
2a) a proxy on the firewall which understands that the request from the client
will be to connect to a place on the outside e.g. the ftp proxy
2b) a proxy on the firewall which points to one place only and merely
forwards/returns any traffic it sees to that place e.g. a plug proxy
Not sure what you mean about the email since SMTP is a proxy on Gauntlet - hence you
deliver to the Gauntlet system and it delivers externally: hack the sendmail.cf if you
want to use a smarthost.
When your users use their news clients how do they connect to the external news
server? If they put the external IP of the news server how do they get there since
you have turned transparency off? In your current config they cannot get to the
otherside without using a client that understands there is a proxy in the way. So you
have to either turn transprency on or assign the inside interface multiple IP's and
put a plug to connect to the different news servers - the users then connect to the
inside IP for the news server they want.
POP3 is the same except that the POP3 proxy will allow access to multiple mail servers
when transprency is on IF you alter the gauntlet.conf. In version 4.2/5 by default it
turns on authentication even if you leave the destination blank - to stop this you
have to alter the bit of gauntlet.conf that turns authentication on for the POP3
proxy, it normally has all in the field just delete this.
Hope this helps,
Steve
--
"Hacker, terrorist, pornographer, drug trafficker,"
"That's it -- the four horsemen of the Apocalypse."
J.Granick referring to the US publics fears.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
