[KLUG Members] IPcop Proxy Quirk

[Tony Gettig]

I think Adam's assertion is right on the money with this. You've GOT to have 
DNS working at the client. 

Perhaps this was answered in a previous email in this thread, but are you sure 
you're handing out DNS info with your DHCP? It doesn't sound like you are. 

Are you using the IPCop box as your DHCP server? I can do a screencap when I 
get home tonight to show this, but I know that the IPCop DHCP server settings 
let you pass out this info. I set the primary DNS to the private (green) 
address of the IPCop and add two more DNS servers (from my ISP) for good 
measure. 

And yes, if you don't want to configure the clients, transparent proxy is the 
way to go.

Good luck!

Tony Gettig



Quoting Adam Williams <adam@morrison-ind.com>:

> > > Sorry I am late on this thread, but I get the digested version.
> > > If you want to test DNS from your Windows box, just use ping (it is the
> simplest way).
> > > ping www.yahoo.com
> > > and this should try to retrieve the address.
> > if i ping www.yahoo.com it returns unreachable.
> > if i ping xx.xx.xx.xx it will always return ping.
> > if i put DNS address in IPcop then if i ping www.yahoo.com from the
> > client, it will work.
> 
> You MUST have functioning DNS as a basis for everything else.  By "put
> DNS address in IPcop" what do you mean?  It sounds like you are
> referring to the DHCP service, since if IPcop didn't have any DNS
> information the squid proxy would not work at all.  You MUST provide
> valid DNS information to the clients via DHCP or some other method,
> whether using a proxy server or not.
> 
> > I want the setup to work so that you dont have to enter any proxy
> > settings into the client browswers.
> 
> Enabling transparent proxy should accomplish this.  I find it is slight
> better to enable automatic proxy discovery via DHCP enquire that it is
> to use transparent proxy - sites that require NTLM authentication
> require a PtP connection and will not work through a proxy, so it is
> best to permit direct access to those sites as you discover them (they
> are pretty rare, but there is also no shortage of dip$*** pc-jockeys who
> consider themselves developers and administrators who are bound to make
> more of them).
> 
> I have no idea if IPCop supports setting up DHCP enquire and the 
> requisite PAC information.  I rather doubt it.
> 
> > I have the proxy settings the clients would have entered into IPCop's
> > setup gui.
> 
> Enabling transparent proxy should avoid client side configuration.
> 
> > I am pretty sure when i do winipcfg on the clients no DNS address show
> > (and they shouldn't right?  because i dont have then in IPcop.)
> 
> Yes, it &@^*$)_ well should.  YOU MUST HAVE FUNCTIONING DNS EVERYWHERE.
> 
> > The gateway does show up i believe, and it's the same as the one i have
> > entered into IPcop.
> > But I still can't figure out why webmail sites won't work.
> 
> Do the sites not load at all?  Does the initial page load but nothign
> after login?  Does anything occur in the squid logs on the IPcop box
> when you try to reach them?  Can you "telnet www.hotmail.com 80" from
> the IPCop box itself?
> 
> Anyone know what IPCop's initial ECN setting is?
> 
> _______________________________________________
> Members mailing list
> Members@kalamazoolinux.org
> 
> 


-- 
Tony Gettig
http://www.gettig.net