Re: [ILUG-BOM] unknow ip addresses in squid.log

Thu, 13 Mar 2008 02:27:55 -0700 

On Thu, Mar 13, 2008 at 1:05 PM, Agnello George
<[EMAIL PROTECTED]> wrote:

>
>  Bellow was the logs i received in my log file before i added the new rule
>
>
>  1205406926.780      6 219.254.32.113 TCP_DENIED/403 4197 CONNECT
>  203.141.160.33:25 - NONE/- text/html
>  1205406926.812   1680 124.115.0.175 TCP_MISS/200 21162 GET
>  http://www.soso.com/q? - DIRECT/60.28.232.146 text/html
>  1205406926.900    575 89.149.242.226 TCP_MISS/200 894 POST
>
> http://www.glookle.com/usr/proxy/checker5/check.php -
>  DIRECT/89.149.242.226 text/html
>  1205406927.017    852 71.228.204.50 TCP_MISS/999 5104 GET
>  http://n2.login.scd.yahoo.com/config/pwtoken_get? -
>  DIRECT/209.73.168.34 text/html
>
>  After i added the rule ( iptables -I INPUT 1 -s ! 192.168.0.0/24 -p
>  tcp--dport 3128 -j DROP )
>
>  i only get the following logs ( which looks OK :)   )
>
>  9 text/html
>  1205418879.760  29983 192.168.0.250 TCP_MISS/200 892 GET
>  http://b.mail.google.com/a/eadroit.com/channel/bind? -
>  DIRECT/209.85.201.189 text/html
>  1205418879.998    705 192.168.0.73 TCP_MISS/200 462 GET
>
> http://livehelp.qualispace.com/pull/requests.php? -
>  DIRECT/67.15.197.19 text/html
>  1205418880.217    577 192.168.0.74 TCP_MISS/200 562 POST
>  http://www.hostv.com/livehelp/include/status.php -
>  DIRECT/209.123.178.244 text/html
>  1205418880.942    587 192.168.0.170 TCP_MISS/200 485 GET
>  http://livehelp.qualispace.com/pull/traffic.php? - DIRECT/67.15.197.19
>  text/html
>  1205418881.789    595 192.168.0.248 TCP_MISS/200 462 GET
>
> http://livehelp.qualispace.com/pull/requests.php? -
>  DIRECT/67.15.197.19 text/html
>  1205418882.056    593 192.168.0.151 TCP_MISS/200 462 GET
>
> http://livehelp.qualispace.com/pull/requests.php? -
>  DIRECT/67.15.197.19 text/html
>
>
>
>
> > Do they disappear after implementing the above rule?
>
>  yep it did

Some misunderstanding here. I was under the impression that you wanted
to remove the GET public IPs.
But one thing still baffles me. How were clients (like 124.115.0.175)
from outside your lan able to access your proxy?
Does your proxy have a public IP? If yes, can I have it? Orkut is banned here :P

Regards,
NMK.
-- 
http://mm.glug-bom.org/mailman/listinfo/linuxers

Reply via email to