[KLUG Members] IPcop Proxy Quirk

Adam Williams members@kalamazoolinux.org
05 Jun 2003 15:12:49 -0400 

> > Sorry I am late on this thread, but I get the digested version.
> > If you want to test DNS from your Windows box, just use ping (it is the simplest way).
> > ping www.yahoo.com
> > and this should try to retrieve the address.
> if i ping www.yahoo.com it returns unreachable.
> if i ping xx.xx.xx.xx it will always return ping.
> if i put DNS address in IPcop then if i ping www.yahoo.com from the
> client, it will work.

You MUST have functioning DNS as a basis for everything else.  By "put
DNS address in IPcop" what do you mean?  It sounds like you are
referring to the DHCP service, since if IPcop didn't have any DNS
information the squid proxy would not work at all.  You MUST provide
valid DNS information to the clients via DHCP or some other method,
whether using a proxy server or not.

> I want the setup to work so that you dont have to enter any proxy
> settings into the client browswers.

Enabling transparent proxy should accomplish this.  I find it is slight
better to enable automatic proxy discovery via DHCP enquire that it is
to use transparent proxy - sites that require NTLM authentication
require a PtP connection and will not work through a proxy, so it is
best to permit direct access to those sites as you discover them (they
are pretty rare, but there is also no shortage of dip$*** pc-jockeys who
consider themselves developers and administrators who are bound to make
more of them).

I have no idea if IPCop supports setting up DHCP enquire and the 
requisite PAC information.  I rather doubt it.

> I have the proxy settings the clients would have entered into IPCop's
> setup gui.

Enabling transparent proxy should avoid client side configuration.

> I am pretty sure when i do winipcfg on the clients no DNS address show
> (and they shouldn't right?  because i dont have then in IPcop.)

Yes, it &@^*$)_ well should.  YOU MUST HAVE FUNCTIONING DNS EVERYWHERE.

> The gateway does show up i believe, and it's the same as the one i have
> entered into IPcop.
> But I still can't figure out why webmail sites won't work.

Do the sites not load at all?  Does the initial page load but nothign
after login?  Does anything occur in the squid logs on the IPcop box
when you try to reach them?  Can you "telnet www.hotmail.com 80" from
the IPCop box itself?

Anyone know what IPCop's initial ECN setting is?