I implemented a new transparent proxy for Maths. All outgoing network accesses should now work, without a need for explicit proxy settings: leave setting as "no proxy" or "direct connection to internet". You cannot use explicit "fixed" proxy settings anymore, support for the "old ways" has been discontinued. The settings of "automatically detect" or "use proxy.pac" are fine. Best is to use no proxy settings at all: simplest, and allows itinerant laptops to work inside and out without a change. Please let me know of any problems. Cheers, Paul --- FAQ (frequently un-asked questions) Do connections now go direct? No. Connections are handled by the proxy server, in a transparent way. Neither the sender nor the receiver will normally notice the presence of the proxy server. Are incoming connections allowed? No. There has been no change. Only outgoing connections are allowed. Incoming connections are allowed in special cases only e.g. to our SSH server with skeys (and to our web and mail servers etc), as described in http://www.maths.usyd.edu.au/loc/comp/alpha/net-security.html (We still have a firewall.) Are there traffic quotas? Yes. There has been no change. All connections are logged, all (incoming, response) bytes are counted. The traffic limits are practically infinite (though determined people can reach them). See http://www.maths.usyd.edu.au/s/TrafficLimits for details. Are all outgoing connections allowed? Only TCP and UDP connections are allowed. Traffic to some ports, traditionally used by the Blaster worm and similar, are blocked: ports 135-139, 445, 1025-1029, 1900, 3389, 5000. Please let me know if this causes difficulties. NTP to outside does not work, due to some technical oddity. All NTP traffic is grabbed for (replied by) our NTP server; our DHCP provides a correct ntp-servers setting (to our internal NTP server). ping, traceroute do not work These normally use ICMP, and the proxy only allows TCP and UDP. Even "traceroute -T" does not quite work because the proxy does not preserve IP_TTL. Are all connections transparent? Yes. - Were not so before Nov2015: Connections to TCP port 80 (mostly HTTP) were not done transparently because the Uni border router would not allow it (enforced Uni caches, though useless). - Before May2015, HTTP requests (in fact all TCP port 80 connections) went through Apache not the new transparent proxy, preventing access to servers that ran on port 80 but served something other than HTTP. What were the old proxy settings? Now you should use "no proxy". Using the previously suggested settings: - automatically detect for this network - automatic script http://siv/proxy.pac now is same as "no proxy" (the proxy.pac file changed to say DIRECT). Settings for the "old ways" (that do not work anymore) used to be: - manual settings (type host port): http siv 80 https siv 8008 socks siv 1080 ftp siv 80 (https is sometimes known as secure, socks preferred version 5 or could be version 4) - some software used "environment" variables http_proxy=http://siv:80/ https_proxy=http://siv:8008/ though some would want without the trailing slash or without the leading http://, and some software had other settings. Support for the "old ways" has been discontinued about Oct2015. Why only in Nov2013, not earlier? Because nobody told me this could be done... now please stop asking questions, am already sore from kicking myself.