llsjk wrote: > Simon Hobson wrote: >> llsjk wrote: >> >> >>> As far as I have it: on the firewall on port 3128 is Dansguardian >>> listening which should automatically forward the request to Squid on >>> port 8080 who talks to the outside world. That is why I expect to get >>> the same message, whether the browser uses proxy or not, due to the >>> redirection. Or am I missing something somewhere? >>> >> Yes, you are missing something ! >> >> Going direct, there are several things that can happen when your >> client makes a request : >> >> 1) It gets a page returned >> 2) It gets an error response from the server (eg 404 page not found) >> 3) The connections attempt is rejected (eg there is no web server >> running on that machine, or a firewall configured to reject inbound >> connections) >> 4) The connection attempt is ignored with no response (eg there is no >> machine at that address, or a firewall configured to drop, not >> reject, inbound packets). >> >> When you go via the proxy, it's always there, so options 3&4 are >> unlikely to happen. Even if the end server you are attempting to get >> pages from doesn't exist, you will still be able to establish a tcp >> connection to the proxy - and will eventually receive an error >> message generated BY THE PROXY to say it couldn't connect. >> >> >> So: >> >> Going direct you may get messages to the effect that the browser >> couldn't connect to the server. >> >> Going via the proxy you will NOT get these errors FROM THE BROWSER >> but may well get them from the proxy. >> >> >> Does this make sense ? It's nothing to do with Shorewall or the proxy >> - it's just basic networking. >> >> > Thanks Simon, but I thought that through Redirection one would make sure > that no one could go directly. I thought the redirection will always > take the browser through port 3128.
It does! -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
