On 13 Aug 2001 12:49:58 +0100, STEPHEN wrote:
> Hi Everyone,
>
> This may or may not be more of a firewall issue, but I'm hoping that
> some of you may have come across this and may be able to help:
>
> I am using ident_aware_hosts to retrieve the ident of clients for simply
> access control. All has worked well until a firewall (Cisco PIX 515) was
> installed between the internal squid proxy and our clients.
> Unfortunately I know very little about the firewall but can simply
> monitor its log on a terminal.
>
> The IDENT no longer works and Squid does not receive an IDENT reply.
> Port 113 is supposedly open on the firewall and it does not report any
> deny/113 errors, but closes comms going on 113 with TCP-RST with 0
> bytes. In other words, the firewall seems to think that the IDENT
> between the squid and client is either 0 bytes or invalid, and
> immediately closes the connection.
>
> Any ideas? Thanks.
This is documented in the PIX installation instructions. Look under
"Sending emails takes a long time" from memory.
You need to create either a conduit and outbound, or matching acl
Received on Tue Aug 14 2001 - 02:53:53 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:37 MST