TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [TCLUG:6350] junkbusters rules, but..

> Does this mean you don't want to configure the browsers to use the Linux box
> as a proxy, or that you don't want to actually install a proxy on each
> machine (YUCK!)? My network admin experience has been that you need to
> configure the browsers to use the proxy, and in the browser config, you can
> specify addresses to be treated as "local" and therefore available without
> the proxy.

I don't want to have to setup a proxy on each computer's browser. I want
the gateway setting for ipmasq to be only setting needed. Currectly, (I
think) all non subnet requests goto gateway (linux box). If the
request is http (or ftp, telnet, etc) then my linux box does ipmasq and
makes the connection. for http requestions, it is recieving a port 80
request for some foreign server...

So, if I use ipchains to forward all port 80 requests other than server
ip, to port 8080 and put my proxy (junkbuster) on 8080, will masquerading
work but go through junkbuster w/o my clients noticing?

I'll test some settings when I get in the office on Friday. Thanks for the


> It would be cool if you were able to configure the proxy to re-route
> addresses designated as "non-proxy". I don't know if that can be done or
> not. Perhaps someone else knows more about this.
> I'm guessing that they can't reach the Intranet site because it doesn't have
> a valid DNS entry that the proxy server can find, correct? Another option
> would be to set up a DNS server on the proxy server, and make it
> authoritative for your Intranet's domain name (, or
> whatever), but nothing else. Thus, if outgoing Web requests are asking for
>, your proxy's DNS will send the name request upstream to your
> normal, "real" DNS server (probably hosted by your ISP). If it recognizes a
> request for, it will find it in it's local DNS
> table and still be able to proxy to that server. Your ISP's DNS is probably
> authoritative for, but it wouldn't have any knowledge of
> Thus, your intranet server name is unknown to the
> rest of the world. The downside is that you will still proxy these internal
> requests and thus incur some unnecessary processor time by the proxy server,
> but it isn't a significant amount.
> Hope I've provided food for thought. Good luck!
> Neal
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:
> Try our website:

Ben Luey
ICQ: 19144397

When the neurosurgeon has shaved your head and they have made the pencil
mark on your skull where they are going to have the incision and he
approaches with electric saw, ask him one question: Are you a careerist?
          -- Henry Hyde on term limits