On Fri, 22 Apr 1994, Ken Hardy wrote:
> 2. We cannot seem to get to an internal HTTP server when using the
> proxy on the firewall. It seems that the request should go to the
> proxy which will resolve the hostname to the internal host and
> forward the request there, handle the response, etc.; it shouldn't
> differentiate between internal & external servers
Silly question: Are you sure it's not simply that your firewall
configuration (eg router filters) is such that connections cannot be
initiated inwards from the firewall system back into your internal net?
-- this would not be an unusual setup. In which case, although the httpd
gets and tries to fulfil a request to an internal resource, it physically
cannot get back to it.
The CERN WWW people have been talking (www-talk list) about a mechanism to
allow the proxy redirections on the client to differentiate between those
to directly accessible nets and those which must be proxied; but this is
not there yet.
This problem of inward access back to internal servers was one of the
reasons behind adding SOCKS to the CERN httpd; another was simply not
wanting to run the big lump of code that is an httpd on a firewall bastion
system at _all_. Having SOCKS in the proxy httpd allows it to run on your
_internal_ net; and SOCKS already has knowledge of which nets are directly
reachable.
I.
--
Ian Dunkin <imd1707 @
ggr .
co .
uk>
--
References:
|
|
