[KLUG Members] Iptables

[Robert G. Brown]

On Mon, 22 Aug 2005 14:13:32 -0400, Bruce Smith wrote:

>That's 99.9% of my users!  :-)
Well, I didn't want to say so.. I've met some of them, and..<cough>...

>> I don't know of an IM that doesn't work on http, for example. 
>Talking about internet programs in general (not just IM):
now now, let's not go spread the scope of this thread.

>I've found many client programs don't support a proxy - they don't work.
The last clause describes a lot of software I've seen (but not written:)
they don't work!

>I've found those clients which do support a proxy in their config, many
>don't support an _authenticated_ proxy - those clients won't work.
Yes, I sorta decided that I waned you to define this.

>Squid is configured to only allow "safe ports", other ports won't work.
Port 80??

>It'd be interesting to see if any IM clients could be made to work
>though my firewall setup.
Oh... is this a contest? :)

>> You might be stopping some services, like real-time ICQ chat
>> and file transfer, but that's probably it. That assumes you're let-
>> ting the user on the net at all, natch.
>Yes, I'm talking about users who are authenticated on the proxy server,
>which is not everyone here.
Right, and since your organization has less than 500 members, you're 
first statement here shows we're talking about less than half a person.

Isn't that an "authenticating proxy?"

You've certainly shown that it may be technially possible to run, it
is, in practical terms, VERY hard. No one can say you're not dilligent
in this area.
						Regards,
						---> RGB <---