Re: (ASCEND) Ascend P-130

To: "ascend-users" <ascend-users@bungi.com>
Subject: Re: (ASCEND) Ascend P-130
From: "Gary Stern" <cairns@cairns.net.au>
Date: Mon, 20 Apr 98 22:56:05 +1000
Priority: Normal
Reply-To: "Gary Stern" <cairns@cairns.net.au>
Sender: owner-ascend-users@max.bungi.com

On Mon, 20 Apr 1998 13:13:29 +0200, Andre Beck wrote:

>On Thu, Apr 16, 1998 at 10:58:02PM +0000, Todd Reynolds wrote:
>> 
>> Has anyone set up the Squid proxy server to do a transparent proxy 
>> from a Pipeline 130?
>
>No.
>
>> If you have, how?
>> 
>> I have seen many pointers about doing it on a Cisco but none on an 
>> Ascend product.
>
>This has been discussed here a while ago. Ascend boxes (at least up
>to the Max4k, dunno about larger stuff) do not supply policy based
>routing. What is often cited as the "Cisco support for Squid" is nothing
>but to force the Cisco to forward any IP packet which is TCP dest port
>80 to the machine where Squid runs. The more complicated part is to
>get this machine to actually recognize those packets and hand them over
>to Squid. Compared to the enormous effort you put into such setup, the
>result is rather poor. The only advantage is that everything goes always
>via your proxy even if the customer tries to direct it to the real WWW
>server. Whether this is an advantage to the customer is questionable.
>
>If I really needed to force people to use my proxy, I would filter out
>TCP dest port 80 from anything going out the P130 completely (with the
>obvious exception of packets with source IP of the cache). People will
>need to explicitely set up their browser with your proxy and can surf.
>

I used to filter my outbound link (data filter) when it was out of
the Max. 

but to do it now is real messy and difficult to try seeing everything
is production.

but basically, to force proxy (no the max wont do quite what you
want....).....

something like this, but I can't remember exact an elegant way

choose the net 255.255.255.? to get to your servers...

filter port 80 everything less and everything more in address ranges
than that. to drop and pass everything else.

Now if ascend did an optional filter implementation like below, it
would be nice...

if match pass port 80

if match pass port 80

if no previous match port 80 drop

because if I understand things correct its the reverse....

Maybe as simple as an extra selection to be made available such as it
match what to do ??

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) Backup Q
Next by Date: Re: (ASCEND) UNIX groups and RADIUS (fwd)
Prev by thread: Re: (ASCEND) Ascend P-130
Next by thread: (ASCEND) Ascend 4048 - real low connect speeds
Index(es):
- Main
- Thread