Jim, > We're using Gauntlet 4.x on for one of our corporate firewalls. > > We're having a problem with *one* particular web site. For some > reason, clients from inside our building trying to use this site are > running into all kinds of problems. (The site in question is > http://www.abb-control.com if anybody's interested.) Page accesses, > "hang", etc. Now I don't know what the problem is with this particular > site and Gauntlet's HTTP proxy. Even Netscape 4.76 and wget, running > on my Sun SPARC Solaris box here at home, with no HTTP proxy, have > problems with it. I've asked in comp.infosystems.www newsgroups. No > joy. I got mixed results from a question posted to the gauntlet-users > mailing list--but no solutions. Although I'm regular gauntlet-users reader I didn't catch it :-)) I've one solution for you without using another HTTP proxy. Create new plug-gw and bind it on address of the web-server on port 80. (At this time its address is 198.113.60.26, so bind address = 198.113.60.26, bind port = 80, destination address = 198.113.60.26, dest. port = 80. When client request this web, plug proxy receives the request going on this address and forward it. Because it plug proxy, it don't misinterpret the answer. For every other site, http-gw get the request. (You can be very tricky playing with transparancy on gauntlet on BSD/OS, because you can bind process on address which isn't any of the gauntlet addresses.) At least on 4.x on BSDI it will work. If you have Gantlet on Solaris, you have to do it other way because on Solaris transparency works differently. Jiri > > Another one of our sites, using T.REX for a firewall, has no problems. > (Yet one client in the problem building, when re-config'd to use the > HTTP proxy in the other building [across our WAN], had problems. Go > figure.) > > So what I'd like to do is try replacing http-gw on our Gauntlet > firewall with another HTTP proxy. Does anybody know of any Open Source > HTTP proxies that could be trusted in such a role? I've looked around, > but haven't been able to identify a candidate. I'd try replacing > http-gw with the generic plug-proxy, but I don't want to lose the > Active-X and other filtering that http-gw gives us. > > > Thanks In Advance, > Jim > -- > Jim Seymour | PGP Public Key available at: > jseymourat_private | http://www.uk.pgp.net/pgpnet/pks-commands.html > http://jimsun.LinxNet.com | > _______________________________________________ > firewall-wizards mailing list > firewall-wizardsat_private > http://www.nfr.com/mailman/listinfo/firewall-wizards ------------------------------------------------------------------ Jiri Rosenmayer e-mail: Jiri.Rosenmayerat_private SkyNet a. s. http://www.pgp.cz PGP fingerprint: 1907 1F79 CC70 74EE FC55 F649 5651 33A4 50D4 ABB9 _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://www.nfr.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Thu Jun 21 2001 - 12:44:25 PDT