Cisco!! Cisco!! Cisco!!
Member - Liberal International This is email@example.com Ici firstname.lastname@example.org
God, Queen and country! Never Satan President Republic! Beware AntiChrist rising!
Born 29 Jan 1969 Redhill,Surrey,England UK
...Transparant over transparant over ...
I'm looking for a way to create the following.
I want to have a few circles (lets say 4) on top of each other.
The bottom circle is the biggest, the top is the smallest.
I want to have the effect of them really being on top of each other, but
seen from above.
From aside it would be something like (the dots are just for spacing)
But next, I want all these circles to be transparant.
I'm going to use this image on a website and want to be able to use any
background color as possible.
What is the best way to create this?
I'm using The ...transparent proxy
i want to program a small transparent proxy for web content filtering.
it should filter html sites that contain some configured words. but i
dont want the user knows it so without configuring the browser.
how can i program it with visual c++ or c?
i think you need configure gateway.
squid and iptables can do this.
> i want to program a small transparent proxy for web content filtering.
> it should filter html sites that contain some configured words. but ...iptables transparent proxy
I'm trying to do something very simple. I would like to forward all of
my browsers requests to port 8888 on which a proxy server is
I have a hardware router (ADSL) on 192.168.1.1 and my linux machine
(Debian/testing Kernel 2.6.5) has the ip 192.168.1.4.
I have read the mini howto, set up the kernel networking options and
enabled ip forwarding (echo "1">).
Then I added the following rule:
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
However, requests do not get redirected to port 8888. I have done this
years before using iptables, so I'm not a complete novice.
What am I doing wrong? I managed to log outgoing packages by adding a
LOG target to the OUTPUT chain:
Jun 11 14:00:59 debian kernel: IN= OUT=eth0 SRC=192.168.1.4
DST=220.127.116.11 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=38360 DF
PROTO=TCP SPT=33079 DPT=80 WINDOW=34320 RES=0x00 ACK URGP=0
However, I think the iptables command above should work? What am I
doing wrong, or what could be the solution?
Fritz Bayer <email@example.com> wrote:
> I'm trying to do something very simple. I would like to forward all of
> my browsers requests to port 8888 on which a proxy server is
> I have a hardware router (ADSL) on 192.168.1.1 and my linux machine
> (Debian/testing Kernel 2.6.5) has the ip 192.168.1.4.
How is your network structured? For transparent proxying to work ok,
your cache needs ...transparent SOCKS proxy
How can I configure my router to route traffic from LAN to the Internet
through a SOCKS5 proxy?
Any link to further documentation on that would be helpful, too.
Tobias Wagner wrote:
> How can I configure my router to route traffic from LAN to the Internet
> through a SOCKS5 proxy?
> Any link to further documentation on that would be helpful, too.
You can use sockified applications to use the socks proxy, or you
can use the sockify program to use applications that can't handle
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
bgSEC Seguridad y Consultoria de Sistemas Informaticos
The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
Jose Maria Lopez Hernandez schrieb:
> Tobias Wagner wrote:
>> How can I configure my router to route traffic from LAN to the
>> Internet through a SOCKS5 proxy?
>> Any link to further documentation on that would be helpful, too.
> You can use sockified applications to use the socks proxy,
No I can't. I have no access to the clients. I only have access to the
> or you can use the sockify program to u...IPCop and transparent proxy
I have installed an IPCOP PC, and I have a couple of problems.
I installed an 1.4.4 version, with advanced proxy, on a 3 nics PC.
On the Orange nic (DMZ) I have installed a mail server. From the Red nic I
forward port 22 and port 25 to the mail server.
The first problem is that transparent proxy works *always*. I want to
disable it, but my lan pcs can browse the internet, even if I don't
configure their browser (IPCOP is the default gateway). There is a way to
disable it manually (not following the menu, that doesn't work) ?
The second problem is that pcs are very, very slow to download the mail.
They are fast to send, but slow to download. I don't think this is an
hardware problem, but I imagine something about configuration...but what ?
Thanks for the help, Leo
...Transparant vs Proxy
Until now we have an older FW-1 (NT) and a dedicated proxy-server in
DMZ-zone with Trend VirusWall wich controll incomming http and smtp.
All direct communication between LAN and Internet is blocked by
FW-1-rules. The LAN is hosting an NT-domain with several locations
(Dedicated WAN-lines), 3 Exchange servers and somewhere under 150
We are now about to replace FW-1 with a Fortinet-box. Fortinet have
build in virusscanning for both SMTP and HTTP. I wonder, is it good
id�e to retire the Proxy, and leave the virus-protection to the
Fortinet-box alone or are that not recomanded?
In article <firstname.lastname@example.org>,=20
> We are now about to replace FW-1 with a Fortinet-box. Fortinet have
> build in virusscanning for both SMTP and HTTP. I wonder, is it good
> id=E9e to retire the Proxy, and leave the virus-protection to the
> Fortinet-box alone or are that not recomanded?
I use the SMTP and HTTP proxy services on my firewall to remove=20
ATTACHMENTS and other undesirable items. I also use a corporate edition=20
of AV software on the email server (scans the SMTP sessions and stores)=20
and each node.
(Remove 999 to reply to me)
Yngve �ines <y@test_oeines.com> wrote in message news:<email@example.com>...
> We are now about to replace FW-1 with a Fortinet-box. Fortinet have
> build in virusscanning for ...Squid
I am running FreeBSD 4.9 I386
Recently installed squid 2.5 Stable6. Working like a champ.
I want to set up the FreeBSD box as my default gateway, so there is no
possibility of anybody by-passing the proxy. Currently I have set up an
automatic configuration script and grayed out the Proxy settings in IE. This
works, but I would prefer to have the FreeBSD box as my default gateway.
If anybody can point me to a document which tells me how to set this up, it
would be appreciated.
Cisco Pix 506E Firewall is the Default Gateway and is also responsible for
NAT and PAT.
Thanks in advance,
> I am running FreeBSD 4.9 I386
> Recently installed squid 2.5 Stable6. Working like a champ.
> I want to set up the FreeBSD box as my default gateway, so there is no
> possibility of anybody by-passing the proxy. Currently I have set up an
> automatic configuration script and grayed out the Proxy settings in IE.
> This works, but I would prefer to have the FreeBSD box as my default
> If anybody can point me to a document which tells me how to set this up,
> it would be appreciated.
> Additional Info:
> Cisco Pix 506E Firewall is the Default Gateway and is also responsible for
> NAT and PAT.
Easy (apart from the need to learn Cisco commands!). Just tweak the PIX
config to redirect all requests to your FreeBSD box (unless the request...Proxy, Tunneling & Proxy Within Proxy
Our organization recently made it necessary for web browsers to use a
proxy to access the web. The .pac file reads as such:
function FindProxyForURL(url, host)
var proxyOn = "PROXY 10.2.2.254:8080";
var proxyOff = "DIRECT";
if(isInNet(myIpAddress(), "10.0.0.0", "255.0.0.0"))
if(isInNet(host, "10.0.0.0", "255.0.0.0"))
So with the .pac file, the browser has Internet access. Other programs
do not function, and I'm looking for a software recommendation to port
all programs that seek web service to pass through the proxy.
I am also looking for a way, if possible, to proxy within a proxy.
Meaning that while it is necessary for web browsers to use this .pac
file to access the Internet, that another proxy can be set to be able
to access Internet sites through an external server. Any ideas?
...Transparent HTTP proxy through NAT
I've got a remote system connected to the internet that I'm trying to
connect to. The remote system runs a web server, on port 80.
The remote system is behind NAT, so connections cannot be directly
made to it, and the NAT system cannot be configured (it's connected
via a GPRS card, and the service provider cannot allow port
But I can make connections out from the remote system.
So what I have devised is a couple of applications:
One sits on a server machine on the internet which I can make
connections to. This application listens for connections from my web
browser, and connections from the remote application.
The other (the remote application) sits on the remote system, and
establishes a socket connection to the web server, and a connection to
the server application.
Each of these programs transfers data transparently between it's two
connections, effectively creating a "tunnel" between the web browser
and the web server.
I've tested the application with telnet (to a telnet server), and it
However, when I connect to a web server through it, I get corrupted
web pages. I've checked the data being sent through the system, and it
appears that the web browser is getting confused with the responses
from the web server, causing images in the wrong place, and images not
From my analysis, I can only surmise that the web browser is being
confused because the TCP connection essentially ends at the s...Cisco ACNS Proxy + TCP_MISS
In regards to the ACNS Proxy hardware appliance, I have recently
installed a unit and although it is performing well enough, we are not
seeing anything for savings about 18% for total cache bytes. For total
sites I am seeing above %30 but this does not help. As the byte count
miss is so high.
One entry I am seeing a lot of in relation to a TCP_MISS is a URL with
a "?" within the URL. And any site that contains this is being
classified a a TCP_MISS.
This is causing issues with the total byte counts and not allowing amy
more than 18% for cache hits.
I have a call logged wit...making a classic proxy transparent
Our department sets up new computers for clients. We open the box,
install software, apply updates, update virus software, etc. Our
department lan uses a proxy server, which is off-limits to us, so we
are not allowed to change it at all. Our problem is that we much
manually enter the proxy into each XP machine, and sometimes we forget
to take it out. Many of these computers are going to other networks,
or homes, and we are taking a lot of calls from angry clients about
removing the proxy.
On our network, these new machines are assigned an IP address by the
DHCP server. We have a switch in our department to which we attach
all these new computers. Aside from manually entering the proxy url
and port into each new machine, we don't change the out of box
configurations in any permanent way. The problem is when we forget to
remove the proxy, we are changing it in a way that is problematic for
Is there a way to put a windows 2000 server machine or a linux machine
between our switch and the lan connecton that will allow us to skip
the step of entering the proxy url? To put it another way, can we
make the proxy server transparent? I've heard of transparent
proxying, could it be used? Would a machine forwarding port 80 to the
port on the proxy server work? Can a machine be made to autoconfigure
the clients via wpad? Any help would be appreciated.
> Is there a way to put a windows 2000 server machine or a linux machin...Transparent proxy configuration problem.
I have the following:
1. A router with IP ROUTER_IP connected to my DSL ISP whose proxy is
2. A SuSE Linux server with two Ethernet card :
eth0: connected to my local network 18.104.22.168/16 and has a static
eth1: dhcp with ISP router
3. FC4,SuSE Linux and windows XP clients on my local network
22.214.171.124/16 which have static IPs and gateway set to INT_SERVER_IP.
To help my network clinets to work with transparent proxy; I run on my
Linux server the following commands:
* iptables -t nat -A PREROUTING -i eth0 -s ! ISP_PROXY_IP -p tcp
--dport 80 -j DNAT --to-destination ISP_PROXY_IP:8080
* iptables -t nat -A POSTROUTING -o eth1 -s 126.96.36.199/16 -d
ISP_PROXY_IP -j SNAT --to INT_SERVER_IP
* iptables -A FORWARD -s 188.8.131.52/16 -d ISP_PROXY_IP -i eth0 -o
eth1 -p tcp --dport 8080 -j ACCEPT
My problem is that my clients can't access internet till now.
Is there any debug way to show me the route my packets pass through in
my server firewall???
Eng. Fawzy Ibrahim wrote:
> I have the following:
> 1. A router with IP ROUTER_IP connected to my DSL ISP whose proxy is
> 2. A SuSE Linux server with two Ethernet card :
> eth0: connected to my local network 184.108.40.206/16 and has a static
> IP INT_SERVER_IP
You shouldn't use public addresses 220.127.116.11/16 in a local
network. Change them to 192.168.0.0./16 for example.
> eth1: dhcp with ISP router
>...Cisco SIP Proxy Server
Does anyone have experience on working with Cisco SIP Proxy Server in a VOIP
project? I have some questions, such as can you use a Cisco AS5300 with it?
does the CSPS generate CDR's? and if so, in what format are these CDR's?
Any help is appreciated.
...Iptables Transparent Proxy and Browser on localhost
I have written a java http proxy, which accepts http connections on
the localhost at port 8080 and forwards them to the authority in the
I would like the proxy to be transparent so that my browser's requests
to port 80 are redirected to port 8080 on the localhost.
The proxy then opens a new tcp connection and forwards the result to
the connection originally established by the browser.
The important thing to notice is that I only have one linux pc, and so
ALL requests are originating from localhost, and that all connection
request are having the destination port 80.
I'm looking for a set of iptable rules, that redirect the requests
from the browser to the proxy BUT that do not redirect any requests of
the proxy to itself.
So I really need some rules, which can differentiate between HTTP
connections originating from the browser and the proxy.
Those connections originating from the browser should be forwarded to
the proxy. Those of the proxy should leave my box and go to the
I have googled a lot and read the howtos and the manpages, but I can't
figure out how to distinguish connections of the browser from the
proxy's connection requests, since they are all leaving the same
Fritz Bayer wrote:
> I have written a java http proxy, which accepts http connections on
> the localhost at port 8080 and forwards them to the authority in the
> I would like the proxy to...Problem while loggin transparent proxy setup.
I have setup a transparent proxy with the help of squid and iptables.
The problem is that while the system works and http conecctions are
transparently managed by the squid proxy the /var/log/squid/access.log
I_S N_O_T updated. On the opposite, if I just configure clients to
manually use the proxy the /var/log/squid/access.log is updated
(client connections are logged).
Thanks in advance for any help, hint or link!
OK problem solved. For anyone else interest it all reduced to a wrong
setup in the Squid trusted networks. 10.0.0.0 was allowed (client
access) but 127.0.0.0 was not (transparent proxy with iptables). That
produced "random bugs".
firstname.lastname@example.org (Enrique Ariz?n Benito) wrote in message news:<email@example.com>...
> I have setup a transparent proxy with the help of squid and iptables.
> The problem is that while the system works and http conecctions are
> transparently managed by the squid proxy the /var/log/squid/access.log
> I_S N_O_T updated. On the opposite, if I just configure clients to
> manually use the proxy the /var/log/squid/access.log is updated
> (client connections are logged).
> Thanks in advance for any help, hint or link!
> Enrique Arizon
...Apache Transparent Proxy and Firewall configuration
Hello again everybody,
I have an apache transparent proxy server running and was trying to
disable all LAN access except for the proxy server. I thought that this
is what I need to do in order to only allow the clients to use the proxy
server (Apache) to access the internet.
Here's what I did...
- I disabled all LAN access on the firewall (a sonicwall in this case)
and created a rule to allow all traffic from only
the proxy server to go out. The proxy is located on the LAN as well.
This seems to work but browsing *really* slow. The
web browser is configured to use the proxy server at ...Transparent Print Server jetdirect proxy
I've been having a lot of problems with an hp laser printer. It has a jet
direct card in it (uses port 9100). People send it strange print jobs that
crash it or cause it to require user input.
Is there a way (I know there must be) to intercept port 9100 and form a
print que of the jobs logging where the job is from. Only send properly
formatted jobs to the printer (if it's possible and/or easy to inspect
jobs for A4 not letter sized paper etc etc) and then send them on to the
When there is a problem at the moment I end up sitting in my office
arpspoofi...Cisco VPN Client through http proxy
I am in a campus where all the outgoing internet connection is
thorough a http proxy. I want to use Cisco VPN client to make a VPN
connection to a server outside my campus, can someone please tell me
how to configure the VPN client to use the proxy server to make the
outgoing connection(on Linux and Windows). I could not find this
option anywhere and also could not find any relevant resource in the
I dont know if this is the right forum, if not, I will be grateful if
someone points me to the proper place to post this question.
> ...Transparent proxy with Squid and Apache problem
I have a problem getting squid and apache to work together. Basically
I have Squid set up (and working) as a transparent proxy. But when I
start Apache, neither it nor squid works. If I stop squid I can run
Apache just fine.
I am using RH 7.1 (2.4.2-2) and I have 2 NICs in the server, one with
public ip and one with 192.168.10.x
I told Apache to use port 81 and I have told Squid the following:
But it doesn't work.
when I don't run apache and instead tell squid this:
Then squid works fine as a transparent cache. the problem as I can
understand it is that in order for squid to work as transparent cache
then it must have the http accellerator on (and it *must* use the:
httpd_accel_host virtual option), but if I put the FQDN of the server
instead of the 'virtual' then it doesnt work. So how to overcome that?
I should mention I am using IPCHAINS, and it is set up as follows:
ipchains -A input -J REDIRECT 3128 -p tcp -s 0.0.0.0/0 -d 0.0.0.0/0 80
I also have MASQUERADING turned on for the 'forward' chain in order
for the internal LAN to access the public internet.
The policy is 'ACCEPT' for both input and output chains.
And as you can see squid runs on port 3128.
Any ideas, things to try etc. would be much appreciated. Thanks.
Pls. reply also to tobias @ itservices . co . mz
...cisco 1721 with proxy arp and vpn
Hi, I bought a cisco 1721 that I was using just for site to site vpn.
Now I want to take advantage of all the features of the equipment and
use it in the following configuration:
<cisco1721-public address>----[vpn]------<remote site>
[internal net - private address]
So, I need to be able to do the following:
1. Proxyarp a public address to my second firewall (i have some ip
addresses...Cisco 796xs SIP Backup proxy
I have question about how the SIP backup proxy function works in Cisco
handsets. Im using both 7960 and 7961G.
Im connecting them to 2 Asterisk servers (dont shoot me!!) and they
work, very well, Asterisk1 is primary proxy and ASterisk 2 is backup
proxy. I know that they are B2BUA not true SIP proxies, but Im not sure
thatshould make any difference.
All handsets register to both Asterisk servers, they register to
Asterisk1 first and a telnet or ssh to the phone and a
"#show config" on the phones show that they are registered to the
backup. Problem is that when i drop ...HTTP proxy on Cisco 7940 phones?
We are looking at developing in support for Cisco 7940/60 phones for
our product. I was wondering if there anyone out there that knew if
you need to have a Cisco Callmanager running in order to browse XML
websites from the phone (services)?
Our application can output many forms of XML, however our test phone
just seem to return a 'Parser Error' for each type.
We are using the phone in standalone mode with SIP.
So, can we use any old HTTP proxy, or do you need to run Call
On 15 Jul 2003 11:56:53 -0700, firstname.lastname@example.org (Jeff Rhys-Jones) wrote:
>We are looking at developing in support for Cisco 7940/60 phones for
>our product. I was wondering if there anyone out there that knew if
>you need to have a Cisco Callmanager running in order to browse XML
>websites from the phone (services)?
>Our application can output many forms of XML, however our test phone
>just seem to return a 'Parser Error' for each type.
>We are using the phone in standalone mode with SIP.
>So, can we use any old HTTP proxy, or do you need to run Call
The Call Manager isn't involved once the phone is pointed to a
webpage. Have you looked at the Cisco IP Phone Service Dev Kit? It
explains all of the acceptable xml tags and format. The phones are
pretty picky and will throw an error if the syntax...Cisco SIP Proxy Server question
I'm using a Cisco SIP Proxy server with a number of Cisco SIP Phones.
- Let's say a user A is making a call.
- At ANY point, we would like to be able to temporarily deliver a voice
message on that same conversation. If impossible, we'd like the present
conversation to go on hold, while we're delivering a voice message to
Could you please suggest a possible solution that you have seen
working? Thank you very much in advance.
Keywords: SIP call notification, alert, interruption, on hold.