llsjk wrote: > >> As far as I have it: on the firewall on port 3128 is Dansguardian >>> listening which should automatically forward the request to Squid on >>> port 8080 who talks to the outside world. That is why I expect to get >>> the same message, whether the browser uses proxy or not, due to the >>> redirection. Or am I missing something somewhere? >>> >> >> Yes, you are missing something ! >> >> Going direct, there are several things that can happen when your >> client makes a request : >> >> 1) It gets a page returned >> 2) It gets an error response from the server (eg 404 page not found) >> 3) The connections attempt is rejected (eg there is no web server >> running on that machine, or a firewall configured to reject inbound >> connections) >> 4) The connection attempt is ignored with no response (eg there is no >> machine at that address, or a firewall configured to drop, not >> reject, inbound packets). >> >> When you go via the proxy, it's always there, so options 3&4 are >> unlikely to happen. Even if the end server you are attempting to get >> pages from doesn't exist, you will still be able to establish a tcp >> connection to the proxy - and will eventually receive an error >> message generated BY THE PROXY to say it couldn't connect. >> >> >> So: >> >> Going direct you may get messages to the effect that the browser >> couldn't connect to the server. >> >> Going via the proxy you will NOT get these errors FROM THE BROWSER >> but may well get them from the proxy. >> >> >> Does this make sense ? It's nothing to do with Shorewall or the proxy > > - it's just basic networking.
>Thanks Simon, but I thought that through Redirection one would make sure >that no one could go directly. I thought the redirection will always >take the browser through port 3128. As Tom has already said - IT DOES. Now please read my previous message again - it explains why going via a proxy (whether by a redirection on a network device, or by proxy settings in the browser) may well produce different results than having the web browser go direct to the website. The difference is that with a proxy involved, the browser machine should never get "no response at all" (packets dropped by firewall) or "connection rejected" (connection rejected by firewall or server without service running). ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
