TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TCLUG:6350] junkbusters rules, but..



> I'd like not to have to configure a
> proxy on each client machine for internet access.

Does this mean you don't want to configure the browsers to use the Linux box
as a proxy, or that you don't want to actually install a proxy on each
machine (YUCK!)? My network admin experience has been that you need to
configure the browsers to use the proxy, and in the browser config, you can
specify addresses to be treated as "local" and therefore available without
the proxy.

It would be cool if you were able to configure the proxy to re-route
addresses designated as "non-proxy". I don't know if that can be done or
not. Perhaps someone else knows more about this.

I'm guessing that they can't reach the Intranet site because it doesn't have
a valid DNS entry that the proxy server can find, correct? Another option
would be to set up a DNS server on the proxy server, and make it
authoritative for your Intranet's domain name (intranet.yourcompany.com, or
whatever), but nothing else. Thus, if outgoing Web requests are asking for
www.linux.org, your proxy's DNS will send the name request upstream to your
normal, "real" DNS server (probably hosted by your ISP). If it recognizes a
request for intranet.yourcompany.com, it will find it in it's local DNS
table and still be able to proxy to that server. Your ISP's DNS is probably
authoritative for yourcompany.com, but it wouldn't have any knowledge of
intranet.yourcompany.com. Thus, your intranet server name is unknown to the
rest of the world. The downside is that you will still proxy these internal
requests and thus incur some unnecessary processor time by the proxy server,
but it isn't a significant amount.

Hope I've provided food for thought. Good luck!
Neal