----- Original Message -----
From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Saturday, March 20, 2010 1:38 AM
Subject: Re: Squid3 issues
Adam@Gmail wrote:
Well IRC can be accessed with IRC clients such as mIRC and so on
But they can also be accessed via the web with Java Applets using in fact
a web browser
That's why I am asking the question, if anyone has had this done.
Ah okay. I think you will find that those IRC Java applets use IRC
protocol natively in the background. Only using the browser for a GUI. The
ones I've seen were like that.
Yes the Applet is configured to connect to any of these ports 6667-7000 for
argument sake
it's usually 6667.
And yes the browser is used for GUI
As for Digichat, is a 100% Java written programme, and it also uses the
Web browser for clients to connect to it from outside with a Java Applet.
It uses http, what they were saying there was about the hosting server on
their servers
I have my own Digichat server, which is hosted in my house.
So if they can do it even with a proxy I am sure I can do it.
And If I get it to work then I will post how I did it in case someone
else is looking for a solution of the same nature or same service.
Because these services were running fine on port 80 with no problems, I
mean clients could easily access these servers from the HTTP port 80 and
then they are redirected to the server's ports:
IRC 6666-7000 and Digichat usually on 8396
So I will post back if I get it up and running
Regards
Adam
Oh. Okay. It sounds like they should keep working then even if Squid is in
front. The Digichat (port 80 of Digichat at least) may be just another
cache_peer entry for Squid.
This is what is says in the documentation anyway
HTTP Tunneling Servlet Configuration
The DigiChat client connects to the DigiChat server through six default TCP
ports: 8396, 58396,
443, 110, 119, 25. Users that access the Internet from behind a firewall or
proxy server will
generally have those ports blocked on their systems. DigiChat will display
an error when it is not
able to access the necessary ports. In order to allow access to the applet
for users behind
firewalls and proxy servers, HTTP Tunneling functionality has been
implemented with the
DigiChat software. Generally, ports 80 and 8080 are available to users
behind such systems.
The HTTP Tunneling Servlet can listen on these ports and pass the connection
to the DigiChat
Server.
Regards
Adam
----- Original Message ----- From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
To: <squid-users@xxxxxxxxxxxxxxx>
Sent: Saturday, March 20, 2010 12:12 AM
Subject: Re: Squid3 issues
Adam@Gmail wrote:
Hi Amos, I forgot to ask you about this comment
Amos Wrote:
" The "IRC-server / Digichat server" may not be proxy-able at all
through
Squid. It depends if they use HTTP services, or if they are accessible
via HTTP"
I said that because my reading of one of your earlier messages it
appeared that you were getting frustrated by Squid not proxying traffic
for those services.
I'm not sure if you are wanting Squid to gateway access for your client
machines to those server(s), which is possible with some client
configuration. DigiWeb sounds like it needs special licenses to be
configured that way.
I'm not sure if you are wanting to gateway traffic from the general
public to those servers. Which is not possible for IRC and seems not for
DigiWeb either.
According to you or from what I understand, proxy server (Squid) can
only allow HTTP/HTTPS requests, correct?
Yes.
If that's a yes, what are we going to do with all hundreds of requests
then?
I don't understand what you mean by "hundreds of requests". What type of
requests and for what? user requests for access? software requests for
non-HTTP stuff?
You know as well as I do, running servers and services, you don't just
run programmes and applications that are passed through http
So if the only access to A "network" is through 3128 (http) what
happens to the rest of the services that we can provide?
Your public (externally visible) services should not be published on
port 3128 unless you are offering proxy services.
I am a little confused, so in my opinion correct me if I am wrong, we
must allow through DNAT "iptables" all other services that don't use
http, for the simple reason, those requests will be rejected by the
Proxy server.
Maybe. It gets complicated.
1) Squid can only handle HTTP inbound to Squid.
2) You could do routing or port forwarding (DNAT) with iptables, or use
other non-Squid proxy software for each publicly provided protocol.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
Current Beta Squid 3.1.0.18
--
Please be using
Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
Current Beta Squid 3.1.0.18
