[prev in list] [next in list] [prev in thread] [next in thread] 

List:       novell
Subject:    Re: BM & SSL problem
From:       Hansang Bae <hbae () NYC ! RR ! COM>
Date:       2000-04-28 5:20:03
[Download RAW message or body]

On 01:51 PM 4/28/00 +1000, Michael Mollard wrote:
>Hi all,
>I'm running WinNT4 Workstations, with IP loaded, NW5 (SP4)
>servers, with BM3.5 loaded on one.  All proxying & caching is done
>through the BM server.
>At present, I have real IPs loaded on the workstations, with filtering
>enabled at BM to restrict access to the web etc. I tried setting up
>Transparent proxy at the BM server.  In doing this I made the BM
>box the default gateway (required, I believe), and all seems to work
>ok.
>But there are a couple of sites that seem to use SSL that will
>freeze.  (Not all sites using SSL freeze)
>Even with the access rules set to 'don't enforce', the browser will
>lock up.
>If I set the default gateway to our ISDN router, and still use the
>proxy, the site will work fine.  When I put the default gateway back
>to the BM box, it freezes.  It appears to have something to do with
>SSL (the sites are secure-bank type sites).
>How can I get the secure SSL through the BM proxy?  And if I
>change the IP internally to 192.168.x.x, will it still work?


Not sure why it locks up as I'm not that familiar with the ways SSL.  But
you're end users do not need to point their default gateway to BM.  You can
still set your def gate to your ISDN router but set the Proxy setting in
the browser.   Since this seems to fix your problem.... I guess problem
solved?

If I were to take a guess, maybe it's a reverse lookup problem or some type
of a routing problem?  If you use 192.168 RFC addresses then things should
still work.  You are just doing NAT at this point.  Of course, this means
that boxes with the RFC address cannot be reached (directly) from the
outside.  If you need to reach the boxes from the outside, you'll need to
add static routes to the BM/router.

hsb

[prev in list] [next in list] [prev in thread] [next in thread]