Shorewall users - Feb 2006 - squid+transparent proxy with shorewall- whats wrong here

Hello !

I have squid running on port 3128, shorewall version-3.1.2 , on Redhat
enterprise Linux
It is working only after configuring the browser on lan for the proxy
server''s ip and port 3128.
I want to redirect alll the traffic from lan, port 80 to squid(on port
3128) running on my server without configuring my browsers on lan i.e.
to configure a transparent proxy.
Plus while writing a rules file for shorewall what should be the
proper order of writing rules. e.g. in writing rules DNAT, NONAT ,
ACCEPT ..should DNAT come before the NONAT or after and ACCEPT rule. I
mean in which order shorewall''s /etc/shorewall/rules file is processed
for generating netfilter rules.
Here on lan I gave the gateway=my firewall machne''s ip. I can surf
from LAN machine ONLY after configuring my browser...while I want to
use transparent proxy running on the gateway/shorewall fw machine.
(after reading http://www.shorewall.net/Shorewall_Squid_Usage.html#Firewall)

my rules file has this entry

ACCEPT   loc     fw    icmp   8
REDIRECT loc    3128  tcp       www         -
ACCEPT   fw      net
ACCEPT    loc      fw       tcp 443
DROP:info     net   fw
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE

And Policy file has entry:
fw              net              ACCEPT
net             fw               DROP           info
all             all              DROP           info

masq file has entry
ppp0                   eth0

Thanks and regards
Anuj
--
===========Linux Rocks


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

On Sunday 19 February 2006 19:15, anuj singh wrote:
> Hello !
>
> I have squid running on port 3128, shorewall version-3.1.2 , on Redhat
> enterprise Linux
Anuj,

I won''t answer your questions. You are an obvious newbie who is trying
to run
a Development version of Shorewall. We have enough problems trying to support 
newbies like you who are runing supported versions -- we just cannot spend 
our precious free time trying to help newbies run unreleased software. 

I''m sorry but that''s the way it is...

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

On Sunday 19 February 2006 19:45, Tom Eastep wrote:
>
> I won''t answer your questions. You are an obvious newbie who is
trying to
> run a Development version of Shorewall. We have enough problems trying to
> support newbies like you who are runing supported versions -- we just
> cannot spend our precious free time trying to help newbies run unreleased
> software.
That having been said, the vast majority of people who can''t get
Transparent
Proxy to work with Shorewall have mis-configured Squid (or haven''t
configured
it at all) -- the Shorewall configuration requires one silly rule and most 
people can get that right.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Tom Eastep wrote:
> On Sunday 19 February 2006 19:15, anuj singh wrote:
>>Hello !
>>
>>I have squid running on port 3128, shorewall version-3.1.2 , on Redhat
>>enterprise Linux
> 
> Anuj,
> 
> I won''t answer your questions. You are an obvious newbie who is
trying to run
> a Development version of Shorewall. We have enough problems trying to
support
> newbies like you who are runing supported versions -- we just cannot spend 
> our precious free time trying to help newbies run unreleased software. 
Anuj, here''s a translation for you: run the latest *stable* version of
Shorewall, which is 3.0.5 as of this writing:
http://shorewall.net/pub/shorewall/CURRENT_STABLE_VERSION_IS_3.0/shorewall-3.0.5/

You should also take out the following lines of your rules file - they
are incorrect and already handled by your policies:
> ACCEPT   fw      net
> DROP:info     net   fw
You probably also want to modify your REDIRECT rule to match the one in
http://www.shorewall.net/Shorewall_Squid_Usage.html#Firewall (i.e.
exclude the firewall itself).

Paul



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

Tom Eastep wrote:
> ...
> I won''t answer your questions. You are an obvious newbie who is
trying to run
> a Development version of Shorewall. We have enough problems trying to
support
> newbies like you who are runing supported versions -- we just cannot spend 
> our precious free time trying to help newbies run unreleased software. 
Perhaps we should be making the development version harder to find?

Paul



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

What I was trying to do is to  (probably the cause of the problem )
Using transparent proxy with:
1:On LAN: without configuring /etc/resolv.conf for nameserver entry +
without configuring my browser (for squid) .
2:On FW without masquerading the local network.
Now:
This is my another machine
suse-10 with shorewall-3.0.5, eth0(192.168.1.1) = connected to local
network ; eth2(192.192.192.3) my net zone

A)/etc/shorewall/rules has
ACCEPT   fw              loc             tcp     22
ACCEPT   fw              loc             icmp    8
ACCEPT   loc             fw              tcp     22       -      192.168.1.1
REDIRECT loc             3128            tcp     80       -      !192.168.1.1
ACCEPT   fw              net
ACCEPT   loc             net
ACCEPT   loc             fw              icmp     8        -      192.168.1.1
ACCEPT   net             fw              icmp     8        -      192.192.192.3
DROP:info  net           fw
DROP     all             all

B)/etc/shorewall/masq has
eth2                    eth0

C) /etc/shorewall/policy
fw              net             ACCEPT
fw              loc             ACCEPT
loc             net             ACCEPT
net             all              DROP         info
all             all             DROP           info

the result is:
Without configuring browser all the traffic from lan machine for the
port 80 is going through squid proxy. (tail -f
/var/log/squid/access.log)


Now the second stage is to redirect traffic from squid to the
dansguardian on the same machine(FW). where dansguardian is running on
 8080.
Thanks for all your support and patience !









On 2/20/06, Paul Gear <pgear@redlands.qld.edu.au>
wrote:
> Tom Eastep wrote:
> > ...
> > I won''t answer your questions. You are an obvious newbie who
is trying to run
> > a Development version of Shorewall. We have enough problems trying to
support
> > newbies like you who are runing supported versions -- we just cannot
spend
> > our precious free time trying to help newbies run unreleased software.
>
> Perhaps we should be making the development version harder to find?
>
> Paul
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

--
===========Linux Rocks


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

anuj singh wrote:
> What I was trying to do is to  (probably the cause of the problem )
> Using transparent proxy with:
> 1:On LAN: without configuring /etc/resolv.conf for nameserver entry +
You have to have some sort of name resolution, how you do that is out 
side of shorewall.
> without configuring my browser (for squid) .
> 2:On FW without masquerading the local network.
> Now:
> This is my another machine
> suse-10 with shorewall-3.0.5, eth0(192.168.1.1) = connected to local
> network ; eth2(192.192.192.3) my net zone
> 
> A)/etc/shorewall/rules has
> ACCEPT   fw              loc             tcp     22
> ACCEPT   fw              loc             icmp    8
> ACCEPT   loc             fw              tcp     22       -     
192.168.1.1
> REDIRECT loc             3128            tcp     80       -     
!192.168.1.1
> ACCEPT   fw              net
> ACCEPT   loc             net
> ACCEPT   loc             fw              icmp     8        -     
192.168.1.1
> ACCEPT   net             fw              icmp     8        -     
192.192.192.3
> DROP:info  net           fw
> DROP     all             all
> 
> B)/etc/shorewall/masq has
> eth2                    eth0
> 
> C) /etc/shorewall/policy
> fw              net             ACCEPT
> fw              loc             ACCEPT
> loc             net             ACCEPT
> net             all              DROP         info
> all             all             DROP           info
> 
> the result is:
> Without configuring browser all the traffic from lan machine for the
> port 80 is going through squid proxy. (tail -f
> /var/log/squid/access.log)
> 
> 
> Now the second stage is to redirect traffic from squid to the
> dansguardian on the same machine(FW). where dansguardian is running on
>  8080.
> Thanks for all your support and patience !
> 
> 
If squid is now working fine with the redirect to 3128 and dansguardian 
is running on port 8080, what port do you think the redirect should done 
  to?

Jerry



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

On Monday 20 February 2006 05:27, Jerry Vonau wrote:
> anuj singh wrote:
> > What I was trying to do is to  (probably the cause of the problem )
> > Using transparent proxy with:
> > 1:On LAN: without configuring /etc/resolv.conf for nameserver entry +
>
> You have to have some sort of name resolution, how you do that is out
> side of shorewall.
And, of course, Shorewall needs to be configured to allow DNS traffic.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

anuj singh wrote:
> REDIRECT loc             3128            tcp     80       -     
!192.168.1.1
>

REDIRECT loc             8080 ( or whatever is the listen port of
**dansguardian**)            tcp     80       -   !192.168.1.1

Hi,

I needed to ask...

You have configured Squid to act as a transparent proxy, havent you?

Its all very well redirecting traffic on port 80 to 3128 on the proxy box,
but Squid itself needs to be configured to allow transparrent proxying.

Regards,
T 

-----Original Message-----
From: shorewall-users-admin@lists.sourceforge.net
[mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of anuj singh
Sent: Monday, 20 February 2006 7:16 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Re: squid+transparent proxy with shorewall-
whats wrong here

What I was trying to do is to  (probably the cause of the problem ) Using
transparent proxy with:
1:On LAN: without configuring /etc/resolv.conf for nameserver entry +
without configuring my browser (for squid) .
2:On FW without masquerading the local network.
Now:
This is my another machine
suse-10 with shorewall-3.0.5, eth0(192.168.1.1) = connected to local network
; eth2(192.192.192.3) my net zone

A)/etc/shorewall/rules has
ACCEPT   fw              loc             tcp     22
ACCEPT   fw              loc             icmp    8
ACCEPT   loc             fw              tcp     22       -      192.168.1.1
REDIRECT loc             3128            tcp     80       -
!192.168.1.1
ACCEPT   fw              net
ACCEPT   loc             net
ACCEPT   loc             fw              icmp     8        -
192.168.1.1
ACCEPT   net             fw              icmp     8        -
192.192.192.3
DROP:info  net           fw
DROP     all             all

B)/etc/shorewall/masq has
eth2                    eth0

C) /etc/shorewall/policy
fw              net             ACCEPT
fw              loc             ACCEPT
loc             net             ACCEPT
net             all              DROP         info
all             all             DROP           info

the result is:
Without configuring browser all the traffic from lan machine for the port 80
is going through squid proxy. (tail -f
/var/log/squid/access.log)


Now the second stage is to redirect traffic from squid to the dansguardian
on the same machine(FW). where dansguardian is running on  8080.
Thanks for all your support and patience !









On 2/20/06, Paul Gear <pgear@redlands.qld.edu.au>
wrote:
> Tom Eastep wrote:
> > ...
> > I won''t answer your questions. You are an obvious newbie who
is
> > trying to run a Development version of Shorewall. We have enough 
> > problems trying to support newbies like you who are runing supported 
> > versions -- we just cannot spend our precious free time trying to help
newbies run unreleased software.
>
> Perhaps we should be making the development version harder to find?
>
> Paul
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log 
> files for problems?  Stop!  Download the new AJAX search engine that 
> makes searching your log files as easy as surfing the  web.  DOWNLOAD
SPLUNK!
>
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=1216
> 42 _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

--
===========Linux Rocks


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


===[Disclaimer]==This electronic transmission, including any attachments, is
confidential, may contain privileged information and should be read or retained
only by the intended recipient. If you received this message in error, please
delete it from your system and notify the sender immediately. Any review,
dissemination or other use of this information by persons or entities other than
the intended recipient is strictly prohibited.
===[End]==

-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

yes it is configured to work as a transparent proxy, but this
transparent proxy (with above config) does not asks for the password.
Now I have three services (on my gw/fw) are running
1:)squid=3128
2:)dansguardian=8080
3:)HAVP=8000
net=eth2 (192.192.192.3)
loc=eth0 (192.168.1.1)

My proxy for local is working fine
a)content filtering with dansguardian
b)viruse filtering with HAVP
c)Authenticated proxy [Still have to work for transparent proxy along
with authentication]


my rules file is

 ACCEPT   fw              loc
ACCEPT   loc             fw              tcp     22
REDIRECT loc             8080            tcp     3128       -      192.168.1.1
REDIRECT  fw             8000             tcp      3128     -     -   -   squid
ACCEPT   fw              net
ACCEPT   loc             net              tcp     443,80,25,110,53,22
ACCEPT   loc             net              udp     53
ACCEPT   loc             net              icmp     8
ACCEPT   loc             fw              icmp     8        -      192.168.1.1
ACCEPT   net             fw              icmp     8        -     
192.192.192.3      1/sec:10
ACCEPT    loc             fw              tcp      80
DNAT    net              loc:192.168.1.2    tcp    80        -  192.192.192.3
ACCEPT    net            fw             tcp     22        -       192.192.192.3
DROP:info  net           fw
DROP     all             all
#LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE


==============================================My masq file (/etc/shorewall/masq)
eth2                    eth0
==============================================

My policy file (/etc/shorewall/policy)
fw              net             ACCEPT
fw              loc             ACCEPT
loc             net             ACCEPT
net             all             DROP
all             all             DROP           info
#LAST LINE -- DO NOT REMOVE
===========================================
My zones file (/etc/shorewall/zones)

fw      firewall
loc     ipv4
net     ipv4
===============================================
My interfaces   file (/etc/shorewall/interfaces)
#ZONE   INTERFACE       BROADCAST       OPTIONS
loc      eth0
net      eth2

++++++++++++++++++++++++++++++++++++++++

thanks and regards
anuj



On 2/21/06, Terry H. Gilsenan <terry.gilsenan@interoil.com>
wrote:
> Hi,
>
> I needed to ask...
>
> You have configured Squid to act as a transparent proxy, havent you?
>
> Its all very well redirecting traffic on port 80 to 3128 on the proxy box,
> but Squid itself needs to be configured to allow transparrent proxying.
>
> Regards,
> T
>
> -----Original Message-----
> From: shorewall-users-admin@lists.sourceforge.net
> [mailto:shorewall-users-admin@lists.sourceforge.net] On Behalf Of anuj
singh
> Sent: Monday, 20 February 2006 7:16 PM
> To: shorewall-users@lists.sourceforge.net
> Subject: Re: [Shorewall-users] Re: squid+transparent proxy with shorewall-
> whats wrong here
>
> What I was trying to do is to  (probably the cause of the problem ) Using
> transparent proxy with:
> 1:On LAN: without configuring /etc/resolv.conf for nameserver entry +
> without configuring my browser (for squid) .
> 2:On FW without masquerading the local network.
> Now:
> This is my another machine
> suse-10 with shorewall-3.0.5, eth0(192.168.1.1) = connected to local
network
> ; eth2(192.192.192.3) my net zone
>
> A)/etc/shorewall/rules has
> ACCEPT   fw              loc             tcp     22
> ACCEPT   fw              loc             icmp    8
> ACCEPT   loc             fw              tcp     22       -     
192.168.1.1
> REDIRECT loc             3128            tcp     80       -
> !192.168.1.1
> ACCEPT   fw              net
> ACCEPT   loc             net
> ACCEPT   loc             fw              icmp     8        -
> 192.168.1.1
> ACCEPT   net             fw              icmp     8        -
> 192.192.192.3
> DROP:info  net           fw
> DROP     all             all
>
> B)/etc/shorewall/masq has
> eth2                    eth0
>
> C) /etc/shorewall/policy
> fw              net             ACCEPT
> fw              loc             ACCEPT
> loc             net             ACCEPT
> net             all              DROP         info
> all             all             DROP           info
>
> the result is:
> Without configuring browser all the traffic from lan machine for the port
80
> is going through squid proxy. (tail -f
> /var/log/squid/access.log)
>
>
> Now the second stage is to redirect traffic from squid to the dansguardian
> on the same machine(FW). where dansguardian is running on  8080.
> Thanks for all your support and patience !
>
>
>
>
>
>
>
>
>
> On 2/20/06, Paul Gear <pgear@redlands.qld.edu.au> wrote:
> > Tom Eastep wrote:
> > > ...
> > > I won''t answer your questions. You are an obvious newbie
who is
> > > trying to run a Development version of Shorewall. We have enough
> > > problems trying to support newbies like you who are runing
supported
> > > versions -- we just cannot spend our precious free time trying to
help
> newbies run unreleased software.
> >
> > Perhaps we should be making the development version harder to find?
> >
> > Paul
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc. Do you grep through log
> > files for problems?  Stop!  Download the new AJAX search engine that
> > makes searching your log files as easy as surfing the  web.  DOWNLOAD
> SPLUNK!
> >
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=1216
> > 42 _______________________________________________
> > Shorewall-users mailing list
> > Shorewall-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/shorewall-users
> >
>
>
> --
> ===========> Linux Rocks
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmd=k&kid3432&bid#0486&dat1642
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
> [Disclaimer]This electronic transmission, including any attachments, is
confidential, may contain privileged information and should be read or retained
only by the intended recipient. If you received this message in error, please
delete it from your system and notify the sender immediately. Any review,
dissemination or other use of this information by persons or entities other than
the intended recipient is strictly prohibited.
> [End]
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc. Do you grep through log
files
> for problems?  Stop!  Download the new AJAX search engine that makes
> searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
> http://sel.as-us.falkag.net/sel?cmdlnk&kid3432&bid#0486&dat1642
> _______________________________________________
> Shorewall-users mailing list
> Shorewall-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>

--
===========Linux Rocks


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642

anuj singh wrote:
> yes it is configured to work as a transparent proxy, but this
> transparent proxy (with above config) does not asks for the password.
> ...
> My proxy for local is working fine
> a)content filtering with dansguardian
> b)viruse filtering with HAVP
> c)Authenticated proxy [Still have to work for transparent proxy along
> with authentication]
Transparent proxy and authentication is not something you''ll get help
with here.  My understanding from reading the squid & DG documentation
is that it simply won''t work.
>  ACCEPT   fw              loc
> ACCEPT   loc             fw              tcp     22
> REDIRECT loc             8080            tcp     3128       -     
192.168.1.1
> REDIRECT  fw             8000             tcp      3128     -     -   -  
squid
> ACCEPT   fw              net
> ACCEPT   loc             net              tcp     443,80,25,110,53,22
> ACCEPT   loc             net              udp     53
> ACCEPT   loc             net              icmp     8
> ACCEPT   loc             fw              icmp     8        -     
192.168.1..1
> ACCEPT   net             fw              icmp     8        -     
> 192.192.192.3      1/sec:10
> ACCEPT    loc             fw              tcp      80
> DNAT    net              loc:192.168.1.2    tcp    80        - 
192.192.192..3
> ACCEPT    net            fw             tcp     22        -      
192.192.192.3
> DROP:info  net           fw
> DROP     all             all
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
Anuj, you still haven''t followed my *BASIC* suggestions about cleaning
up your rules file.  In fact, you''ve made it worse!  Please read the
Shorewall documentation about rules and policies (hint: you don''t need
rules that mirror your policies).

Paul



-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642