On Thu, 29 Jan 2004, Mathew Thomas wrote: > 1) INCOMING TCP PACKETs ( some from ports 80 or 21 to random port on > my proxy server, but lots from random ports of the source m/c to the > random ports on my proxy server)
These are either "bad" packets from scanners, or stale packets from already finished sessions which for some reason is no longer known to your firewall. > 2) INCOMING UDP PACKETs ( some from port 80 of the source m/c to the > random port on my proxy server, but lots from random ports of the source > to the random ports on my proxy server) Squid never talks to UDP to other than DNS servers. These are not related to Squid. > 3) Incoming ICMP packet. ( I believe , I can ignore this and not needed > for squid proxy) ICMP ECHO (Type 8) to the Squid server is not due to Squid. ICMP Destination Unreachable (Type 3, several different codes) may be seen as part of normal traffic, and should be automatically picked up by your firewall as belonging to existing sessions if valid. I.e. same as '1' above. Regards Henrik
