I mean a simple download with http. I click on the hyperlink of the file. The save under window appears. I chose a path, filename and click on save. Now apears the download-status-window but the status bar is still standing. -----Ursprüngliche Nachricht----- Von: Markus Gaugusch [mailto:markus@gaugusch.at] Gesendet: Donnerstag, 26. September 2002 16:06 An: ONAY, Gabriel Cc: suse-security@suse.com Betreff: Re: [suse-security] trouble with http On Sep 26, ONAY, Gabriel <G.Onay@ove.at> wrote:
I use Suse 8.0 with Susefirewall2 and Squid 2.4. The main idea is a firewall with transparent proxy. 1. If FW and Squid (transparent settings) are running: Browsing with IE is ok but i can't download any files. What do you mean by "download any files"? FTP? It won't work, because you can't intercept ftp transparently (only works with http, don't know about https).
Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
Hi, Squid tunnels ftp through http so should work OK. What settings have you put in IE for proxy? Andy
>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 9/26/02, 3:27:39 PM, "ONAY, Gabriel" <G.Onay@ove.at> wrote regarding AW: [suse-security] trouble with http:
I mean a simple download with http.
I click on the hyperlink of the file. The save under window appears. I chose a path, filename and click on save. Now apears the download-status-window but the status bar is still standing.
-----Ursprüngliche Nachricht----- Von: Markus Gaugusch [mailto:markus@gaugusch.at] Gesendet: Donnerstag, 26. September 2002 16:06 An: ONAY, Gabriel Cc: suse-security@suse.com Betreff: Re: [suse-security] trouble with http
On Sep 26, ONAY, Gabriel <G.Onay@ove.at> wrote:
I use Suse 8.0 with Susefirewall2 and Squid 2.4. The main idea is a firewall with transparent proxy. 1. If FW and Squid (transparent settings) are running: Browsing with IE is ok but i can't download any files. What do you mean by "download any files"? FTP? It won't work, because you can't intercept ftp transparently (only works with http, don't know about https).
Markus -- __________________ /"\ Markus Gaugusch \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Sep 26, Andrew Bennett <andy@mcrentals.demon.co.uk> wrote:
Squid tunnels ftp through http so should work OK. What settings have you put in IE for proxy? If he wants transparent proxy, this will not work. He may have set a wrong MTU and ALL large transfers will fail (Gabriel: do you have ADSL?)
Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \ Linux 2.4.18-4GB * Now playing Joydrop - If I Forget
Hi, I'm not sure I understand you, Markus. I use squid as a proxy server for web browsing including downloading files by ftp for all the users on my network, (except me), and have done for years. I now use the SuSE ftp proxy. I think the guy just wants to download files when he clicks on ftp links in IE and this works OK via squid as long as he has his squid server setup with default settings and allows users to connect through it. If he hasn't done that he won't be able to browse the internet anyway. Maybe we're just using different terminology. Andy
>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On 9/26/02, 4:14:36 PM, Markus Gaugusch <markus@gaugusch.at> wrote regarding Re: AW: [suse-security] trouble with http:
On Sep 26, Andrew Bennett <andy@mcrentals.demon.co.uk> wrote:
Squid tunnels ftp through http so should work OK. What settings have you put in IE for proxy? If he wants transparent proxy, this will not work. He may have set a wrong MTU and ALL large transfers will fail (Gabriel: do you have ADSL?)
Markus -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \ Linux 2.4.18-4GB * Now playing Joydrop - If I Forget
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
I'm not sure I understand you, Markus. I use squid as a proxy server for web browsing including downloading files by ftp for all the users on my network, (except me), and have done for years. He was talking about _transparent_ proxy, this means that the proxy is not configured at client end, but all packets going to port 80 are intercepted and routed to the squid proxy. This way you can force users to go over the
On Sep 26, Andrew Bennett <andy@mcrentals.demon.co.uk> wrote: proxy. If "normal browsing" works, but no downloading, I guess that the MTU is set wrong or something else. Gabriel: Do downloads work from the linux box? Try to download a file that fails with wget from the linux box. Markus PS: Please don't re-quote whole emails - have you ever tried to read threaded list archives with each post being there 5 times? Thank you! :) -- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.at X Against HTML Mail / \ Linux 2.4.18-4GB * Now playing Joydrop - Metasexual
I'm not sure I understand you, Markus. I use squid as a proxy server for web browsing including downloading files by ftp for all the users on my network, (except me), and have done for years. He was talking about _transparent_ proxy, this means that the proxy is not configured at client end, but all packets going to port 80 are intercepted and routed to the squid proxy. This way you can force users to go over
On Sep 26, Andrew Bennett <andy@mcrentals.demon.co.uk> wrote: the proxy. If "normal browsing" works, but no downloading, I guess that the MTU is set wrong or something else. Gabriel: Do downloads work from the linux box? Try to download a file that fails with wget from the linux box.
First try without proxy and then with proxy again. Maybe your rules in the firewall are totally false! You must redirect internal interface (not ip xy) from 80 to 3128. If the proxy is not the problem try to set different mtu. You can read more about it with keyworks dsl/adsl! There is much help on the suse support database: http://sdb.suse.de/sdb/de/html/key_form.html (german help) For DSL-Help: http://sdb.suse.de/cgi-bin/sdbsearch.cgi?stichwort=dsl&searchtype=and This is connectionrelated! Maybe the squid is setup false! Check the rules on your proxy! Default is mostly bad and won't work for all purposes, even, if SuSE tells you it should! You must have : acl <name> src/proto/port expression [...] http_access allow/deny <name> That means: One acl and one rule allowing/denieing the rule. Episode one say always two the are, no more, no less! Don't forget to only set one rule and only allow/deny one rule at a time! If there are more than one rule in a line (e.g.: http_access allow all localhost) the rules won't work correct in all cases! One line one acl and one acl only one name! If you changed your /etc/squid/squid.conf to that all should work correct. Another thing is make firewall redirect port 80 -> 3128 from internal interface and not the same with ftp! Here is a rule for iptables (redirect 80 to 3128!): /sbin/iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 ftp sometines works with differents auth, than setup in /etc/squid/squid.conf! If you say generic user/passwd for all ftp over squid, not all will work! Some servers use user:passwd@host, some let anonymous:guest@host and others anonymous:E-Mail@host! So safe setting is to do not cache ftp, but only http and only redirect 80 to 3128! This works at our facility! Do not setup false ways in the firewall (redirect 80 to 3128 from external won't work unless external access is prohibited in /etc/squid/squid.conf!)! So remind that! Test all in small steps by deactivating single tools, until all works well. If so, look, what made the error and correct it by reading manuals or howtos. Good way to find help: use http://www.google.de/linux/ and keywords "squid +transparent +proxy"! You will find useful help for this thematics! Reguards Philippe
Hi, With you - yes. As you say, he'll need to find out if the linux box can download files itself before establishing whether they can be transmitted through squid. He should probably also watch his messages file with tail -f /var/log/messages on the server while doing it. Andy
>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On Sep 26, Andrew Bennett <andy@mcrentals.demon.co.uk> wrote:
I'm not sure I understand you, Markus. I use squid as a proxy server for web browsing including downloading files by ftp for all the users on my network, (except me), and have done for years. He was talking about _transparent_ proxy, this means that the proxy is not configured at client end, but all packets going to port 80 are intercepted and routed to the squid proxy. This way you can force users to go over
On 9/26/02, 6:54:25 PM, Markus Gaugusch <markus@gaugusch.at> wrote regarding Re: AW: [suse-security] trouble with http: the
proxy. If "normal browsing" works, but no downloading, I guess that the MTU is set wrong or something else. Gabriel: Do downloads work from the linux box? Try to download a file that fails with wget from the linux box.
participants (4)
-
Andrew Bennett -
Markus Gaugusch -
ONAY, Gabriel -
Philippe Vogel