Something is wrong
Travis H.
solinym at gmail.com
Thu May 4 06:37:22 UTC 2006
On 5/4/06, Max Laier <max at love2party.net> wrote:
> On Thursday 04 May 2006 05:40, Aguiar Magalhaes wrote:
> > I have a lot of Windows Internet Explorer browsers in
> > the
> > LAN and they are marked to use the proxy at 3128 port.
> >
> > The pf and squid are in the same machine. I'm not
> > using transparent proxy on pf. I don't have any
> > redirections to proxy.
>
> and there is your problem. If your client is configured to use the proxy it
> will just do that. That means it won't even attempt to make a direct
> connection to any server. IIRC you can configure ie to exclude certain IP
> ranges or domains from being proxied.
Yes, you can exclude domains. You might even be able to do so via a
group policy, and push it out to all the clients at once, or
something. I don't know, it's not a pf problem.
> Another
> one is to fix the configuration of your proxy.
Specifically, you need to look at the part of your squid.conf where it
defines "safe_ports", and configure it to allow requests to all ports,
not just the "safe" ones. This is not a pf problem either.
Along the way you'll notice that there are three kinds of requests
made to HTTP proxies (not including WebDAV). There's GET and POST,
which has the proxy do HTTP, and a CONNECT request, which just does a
raw TCP connection to the target. You may need to use that for some
of these ports. Good luck.
--
"Curiousity killed the cat, but for a while I was a suspect" -- Steven Wright
Security Guru for Hire http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484
More information about the freebsd-pf
mailing list