Simon Hobson wrote: > llsjk wrote: > > >> As far as I have it: on the firewall on port 3128 is Dansguardian >> listening which should automatically forward the request to Squid on >> port 8080 who talks to the outside world. That is why I expect to get >> the same message, whether the browser uses proxy or not, due to the >> redirection. Or am I missing something somewhere? >> > > Yes, you are missing something ! > > Going direct, there are several things that can happen when your > client makes a request : > > 1) It gets a page returned > 2) It gets an error response from the server (eg 404 page not found) > 3) The connections attempt is rejected (eg there is no web server > running on that machine, or a firewall configured to reject inbound > connections) > 4) The connection attempt is ignored with no response (eg there is no > machine at that address, or a firewall configured to drop, not > reject, inbound packets). > > When you go via the proxy, it's always there, so options 3&4 are > unlikely to happen. Even if the end server you are attempting to get > pages from doesn't exist, you will still be able to establish a tcp > connection to the proxy - and will eventually receive an error > message generated BY THE PROXY to say it couldn't connect. > > > So: > > Going direct you may get messages to the effect that the browser > couldn't connect to the server. > > Going via the proxy you will NOT get these errors FROM THE BROWSER > but may well get them from the proxy. > > > Does this make sense ? It's nothing to do with Shorewall or the proxy > - it's just basic networking. > > Thanks Simon, but I thought that through Redirection one would make sure that no one could go directly. I thought the redirection will always take the browser through port 3128.
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
