llsjk wrote: >As far as I have it: on the firewall on port 3128 is Dansguardian >listening which should automatically forward the request to Squid on >port 8080 who talks to the outside world. That is why I expect to get >the same message, whether the browser uses proxy or not, due to the >redirection. Or am I missing something somewhere?
Yes, you are missing something ! Going direct, there are several things that can happen when your client makes a request : 1) It gets a page returned 2) It gets an error response from the server (eg 404 page not found) 3) The connections attempt is rejected (eg there is no web server running on that machine, or a firewall configured to reject inbound connections) 4) The connection attempt is ignored with no response (eg there is no machine at that address, or a firewall configured to drop, not reject, inbound packets). When you go via the proxy, it's always there, so options 3&4 are unlikely to happen. Even if the end server you are attempting to get pages from doesn't exist, you will still be able to establish a tcp connection to the proxy - and will eventually receive an error message generated BY THE PROXY to say it couldn't connect. So: Going direct you may get messages to the effect that the browser couldn't connect to the server. Going via the proxy you will NOT get these errors FROM THE BROWSER but may well get them from the proxy. Does this make sense ? It's nothing to do with Shorewall or the proxy - it's just basic networking. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
