The passthrough code does not take into account firewall_ip_list
correctly. When POSTing to an internal host (which is on the
firewall_ip_list) it tries the passthrough_proxy and mine is a
firewall which does not allow connections back into the internal
network, so it fails.
This patch for 1.1.5 seems to fix it:
--- pass.c.orig Fri Jan 31 16:45:41 1997
+++ pass.c Fri Jan 31 17:38:23 1997
@@ -594,9 +594,19 @@
edge *g = NULL;
int fw_ip_match = IP_ALLOW;
if (ia && Config.firewall_ip_list)
+ /* this returns IP_DENY when the address is in the firewall_ip_list */
fw_ip_match = ip_access_check(ia->in_addrs[ia->cur], Config.firewall_ip_list);
if ((e = Config.passProxy)) {
+ if (fw_ip_match == IP_ALLOW) {
+ /* not in firewall_ip_list, use passthrough proxy */
hierarchyNote(request, HIER_PASS_PARENT, 0, e->host);
+ debug(39, 3, "hierarchyNote: pass_parent %s\n", e->host);
+ } else {
+ /* in firewall_ip_list, direct */
+ hierarchyNote(request, HIER_DIRECT, 0, request->host);
+ debug(39, 3, "hierarchyNote: direct %s\n", request->host);
+ e = NULL; /* XXX, this is fake */
+ }
} else if (matchInsideFirewall(request->host)) {
hierarchyNote(request, HIER_DIRECT, 0, request->host);
} else if (fw_ip_match == IP_DENY) {
Arjan
-- Ir. Arjan de Vet Intranet-URL: http://www.cis.philips.com/home/Arjan.deVet/ E-mail: Arjan.deVet@nl.cis.philips.com Tel/Fax: (+31 40 27) 86335/83962 Origin IT Systems Management/Nederland BV, TS-InS - Intranet Services Building VN 5.07, P.O. Box 218, 5600 MD Eindhoven, The NetherlandsReceived on Fri Jan 31 1997 - 08:57:44 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:13 MST