Re: [squid-users] Squid3 issues

From: <Adam_at_Gmail>
Date: Sat, 20 Mar 2010 01:52:02 -0000

----- Original Message -----
From: "Amos Jeffries" <squid3_at_treenet.co.nz>
To: <squid-users_at_squid-cache.org>
Sent: Saturday, March 20, 2010 1:38 AM
Subject: Re: [squid-users] Squid3 issues

> Adam_at_Gmail wrote:
>> Well IRC can be accessed with IRC clients such as mIRC and so on
>> But they can also be accessed via the web with Java Applets using in fact
>> a web browser
>> That's why I am asking the question, if anyone has had this done.
>>
>

> Ah okay. I think you will find that those IRC Java applets use IRC
> protocol natively in the background. Only using the browser for a GUI. The
> ones I've seen were like that.

Yes the Applet is configured to connect to any of these ports 6667-7000 for
argument sake
it's usually 6667.
And yes the browser is used for GUI
>
>
>> As for Digichat, is a 100% Java written programme, and it also uses the
>> Web browser for clients to connect to it from outside with a Java Applet.
>> It uses http, what they were saying there was about the hosting server on
>> their servers
>> I have my own Digichat server, which is hosted in my house.
>> So if they can do it even with a proxy I am sure I can do it.
>>
>> And If I get it to work then I will post how I did it in case someone
>> else is looking for a solution of the same nature or same service.
>>
>> Because these services were running fine on port 80 with no problems, I
>> mean clients could easily access these servers from the HTTP port 80 and
>> then they are redirected to the server's ports:
>>
>> IRC 6666-7000 and Digichat usually on 8396
>> So I will post back if I get it up and running
>> Regards
>> Adam
>
> Oh. Okay. It sounds like they should keep working then even if Squid is in
> front. The Digichat (port 80 of Digichat at least) may be just another
> cache_peer entry for Squid.

This is what is says in the documentation anyway

HTTP Tunneling Servlet Configuration

The DigiChat client connects to the DigiChat server through six default TCP
ports: 8396, 58396,

443, 110, 119, 25. Users that access the Internet from behind a firewall or
proxy server will

generally have those ports blocked on their systems. DigiChat will display
an error when it is not

able to access the necessary ports. In order to allow access to the applet
for users behind

firewalls and proxy servers, HTTP Tunneling functionality has been
implemented with the

DigiChat software. Generally, ports 80 and 8080 are available to users
behind such systems.

The HTTP Tunneling Servlet can listen on these ports and pass the connection
to the DigiChat

Server.

Regards
Adam

>> ----- Original Message ----- From: "Amos Jeffries" <squid3_at_treenet.co.nz>
>> To: <squid-users_at_squid-cache.org>
>> Sent: Saturday, March 20, 2010 12:12 AM
>> Subject: Re: [squid-users] Squid3 issues
>>
>>
>>> Adam_at_Gmail wrote:
>>>> Hi Amos, I forgot to ask you about this comment
>>>>
>>>> Amos Wrote:
>>>> " The "IRC-server / Digichat server" may not be proxy-able at all
>>>> through
>>>>> Squid. It depends if they use HTTP services, or if they are accessible
>>>>> via HTTP"
>>>>
>>>
>>> I said that because my reading of one of your earlier messages it
>>> appeared that you were getting frustrated by Squid not proxying traffic
>>> for those services.
>>>
>>> I'm not sure if you are wanting Squid to gateway access for your client
>>> machines to those server(s), which is possible with some client
>>> configuration. DigiWeb sounds like it needs special licenses to be
>>> configured that way.
>>>
>>> I'm not sure if you are wanting to gateway traffic from the general
>>> public to those servers. Which is not possible for IRC and seems not for
>>> DigiWeb either.
>>>
>>>> According to you or from what I understand, proxy server (Squid) can
>>>> only allow HTTP/HTTPS requests, correct?
>>>
>>> Yes.
>>>
>>>> If that's a yes, what are we going to do with all hundreds of requests
>>>> then?
>>>
>>> I don't understand what you mean by "hundreds of requests". What type of
>>> requests and for what? user requests for access? software requests for
>>> non-HTTP stuff?
>>>
>>>>
>>>> You know as well as I do, running servers and services, you don't just
>>>> run programmes and applications that are passed through http
>>>> So if the only access to A "network" is through 3128 (http) what
>>>> happens to the rest of the services that we can provide?
>>>
>>> Your public (externally visible) services should not be published on
>>> port 3128 unless you are offering proxy services.
>>>
>>>>
>>>> I am a little confused, so in my opinion correct me if I am wrong, we
>>>> must allow through DNAT "iptables" all other services that don't use
>>>> http, for the simple reason, those requests will be rejected by the
>>>> Proxy server.
>>>
>>> Maybe. It gets complicated.
>>>
>>> 1) Squid can only handle HTTP inbound to Squid.
>>>
>>> 2) You could do routing or port forwarding (DNAT) with iptables, or use
>>> other non-Squid proxy software for each publicly provided protocol.
>>>
>>>
>>> Amos
>>> --
>>> Please be using
>>> Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
>>> Current Beta Squid 3.1.0.18
>>
>
>
> --
> Please be using
> Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25
> Current Beta Squid 3.1.0.18
Received on Sat Mar 20 2010 - 01:52:16 MDT

This archive was generated by hypermail 2.2.0 : Sat Mar 20 2010 - 12:00:05 MDT