Firewall Wizards mailing list archives

Re: Open Source HTTP Proxy for Firewall?

From: "Jiri Rosenmayer" <jiri.rosenmayer () skynet cz>
Date: Thu, 21 Jun 2001 09:24:59 +0200


Jim,

We're using Gauntlet 4.x on for one of our corporate firewalls.

We're having a problem with *one* particular web site.  For some
reason, clients from inside our building trying to use this site are
running into all kinds of problems.  (The site in question is
http://www.abb-control.com if anybody's interested.)  Page accesses,
"hang", etc.  Now I don't know what the problem is with this particular
site and Gauntlet's HTTP proxy.  Even Netscape 4.76 and wget, running
on my Sun SPARC Solaris box here at home, with no HTTP proxy, have
problems with it.  I've asked in comp.infosystems.www newsgroups.  No
joy.  I got mixed results from a question posted to the gauntlet-users
mailing list--but no solutions.


Although I'm regular gauntlet-users reader I didn't catch it :-))

I've one solution for you without using another HTTP proxy. 

Create new plug-gw and bind it on address of the web-server on port 80.
(At this time its address is 198.113.60.26, so bind address = 198.113.60.26,
bind port = 80, destination address = 198.113.60.26, dest. port = 80.
When client request this web, plug proxy receives the request going on 
this address and forward it. Because it plug proxy, it don't misinterpret 
the answer. For every other site, http-gw get the request.
(You can be very tricky playing with transparancy on gauntlet on BSD/OS, 
because you can bind process on address which isn't any of the
gauntlet addresses.) 

At least on 4.x on BSDI it will work. If you have Gantlet on Solaris, 
you have to do it other way because on Solaris transparency works
differently.

                                Jiri


Another one of our sites, using T.REX for a firewall, has no problems.
(Yet one client in the problem building, when re-config'd to use the
HTTP proxy in the other building [across our WAN], had problems.  Go
figure.)

So what I'd like to do is try replacing http-gw on our Gauntlet
firewall with another HTTP proxy.  Does anybody know of any Open Source
HTTP proxies that could be trusted in such a role?  I've looked around,
but haven't been able to identify a candidate.  I'd try replacing
http-gw with the generic plug-proxy, but I don't want to lose the
Active-X and other filtering that http-gw gives us.


Thanks In Advance,
Jim
-- 
Jim Seymour                  | PGP Public Key available at:
jseymour () jimsun LinxNet com  | http://www.uk.pgp.net/pgpnet/pks-commands.html
http://jimsun.LinxNet.com    |
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards



------------------------------------------------------------------

Jiri Rosenmayer                  e-mail: Jiri.Rosenmayer () Skynet cz
SkyNet a. s.                                     http://www.pgp.cz

PGP fingerprint: 1907 1F79 CC70 74EE FC55 F649 5651 33A4 50D4 ABB9     
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Open Source HTTP Proxy for Firewall? Jim Seymour (Jun 18)
- Re: Open Source HTTP Proxy for Firewall? Jose Nazario (Jun 19)
- Re: Open Source HTTP Proxy for Firewall? ark (Jun 19)
- Re: Open Source HTTP Proxy for Firewall? Josef Pojsl (Jun 19)
  - Re: Open Source HTTP Proxy for Firewall? Volker Tanger (Jun 21)
- Re: Open Source HTTP Proxy for Firewall? Pierre-Yves BONNETAIN (Jun 19)
- Re: Open Source HTTP Proxy for Firewall? Jiri Rosenmayer (Jun 21)
- <Possible follow-ups>
- RE: Open Source HTTP Proxy for Firewall? Bill Asher (Jun 19)