| >Can we ...
>
>set up out www-proxy so that it has "no-proxy" setting on ...
>customer neet to setup proxy-to-proxy configutarion but some sites need to be
>served only by firewall proxy.
>
Yes, this is done, I think through the GUI, but if not can be done
by editting the configuration file.
>Can we ....
>
>set up cern-proxy not to translate ip numbers for access log
>
No, not if you use the AFWU www-proxy: this is a standard part of both
the access checking and the logging within all proxies in AFWU.
>Can we ....
>
>make cern-proxy to allow ip-numbers that don't exist on DNS (FORBIDDEN BY IP)
>this is dueto a problem using DHCP in internal network
>
I don't quite understand. The firewall will attempt to do a reverse
lookup of the connector, but if that fails, it will still allow the
connection. In the log, you will see the IP address twice, once in
brackets in place of the machine name.
The important thing, for performance reasons, is to ensure that the
internal DNS is authoritative for the reverse lookup of all internal
subnets. Otherwise, you will wait a very long time before the
connection is permitted, while the DNS lookup times out, or visits
an external DNS server ...
T
|