From: Vigneswaran R <vignesh@atc.tcs.com>
To: netfilter@vger.kernel.org
Subject: Re: Proxy Filter iptable Settings
Date: Thu, 28 Apr 2011 12:06:22 +0530 [thread overview]
Message-ID: <4DB90AE6.9070909@atc.tcs.com> (raw)
In-Reply-To: <BANLkTi=y37mzCOenHg8EbR_u9PpoTVceGA@mail.gmail.com>
On 04/27/2011 07:11 PM, Mike Hendrie wrote:
> Squid box 172.20.0.3
> All workstations gateway are 172.20.0.3
> All workstations proxy settings are 172.30.0.3:8080
>
> The proxy settings are working fine for blocking content, however, I
Does it mean that the proxy server gives restricted access to the
Internet for the machines behind it? Can they access the sites like
google.com (or whatever sites allowed)?
> am having the following issues:
>
> The school's web server is hosted locally. When the workstations try
> to access the site via the public domain name, it fails.
If the answer is 'yes' to the above questions, your machines should be
able to access the school website as well, through the public IP.
Please ensure that the machines in the LAN are not bypassing the proxy
for your school website. Because, we tend to bypass proxy for the school
website (in the browser settings), as it is hosted internally (on your
LAN, probably on the same machine where squid is running).
Bypassing proxy works, if the Domain Name of your school website is
resolved into the local address. But, in your case, the Domain Name is
getting resolved into the public address. So, it should ideally go
through the proxy server.
Also check, is there any existing iptables rule which is dropping packet
from your proxy server to your webserver (even if they are on the same
machine), unintentionally.
Regards,
Vignesh
next prev parent reply other threads:[~2011-04-28 6:36 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-27 3:07 Proxy Filter iptable Settings Mike Hendrie
2011-04-27 6:16 ` Andrew Beverley
2011-04-27 11:26 ` Mike Hendrie
2011-04-27 12:17 ` Vigneswaran R
2011-04-27 12:45 ` Mike Hendrie
2011-04-27 13:18 ` Vigneswaran R
2011-04-27 13:41 ` Mike Hendrie
2011-04-27 17:24 ` Andrew Beverley
2011-04-28 6:36 ` Vigneswaran R [this message]
2011-04-28 21:43 ` Mike Hendrie
2011-04-29 9:16 ` Vigneswaran R
2011-04-30 8:02 ` Andrew Beverley
2011-04-30 16:50 ` /dev/rob0
2011-04-30 17:47 ` Mike Hendrie
2011-04-30 18:02 ` Andrew Beverley
2011-04-30 18:23 ` Mike Hendrie
2011-04-30 19:08 ` Andrew Beverley
2011-04-30 19:24 ` /dev/rob0
2011-05-03 17:23 ` Mike Hendrie
2011-04-30 18:04 ` Jan Engelhardt
2011-04-30 18:28 ` /dev/rob0
2011-04-27 16:46 ` Mike Hendrie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4DB90AE6.9070909@atc.tcs.com \
--to=vignesh@atc.tcs.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).