i've asked to be removed countless times. here's another message that i didn't want. it's really not that hard to remove somebody is it...
This is a forwarded message From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Saturday, January 31, 2004, 8:50:08 PM Subject: Fwd: [squid-users] Iptables rules for squid ===8<==============Original message text=============== i've asked to be removed countless times. here's another message that i didn't want. it's really not that hard to remove somebody is it... This is a forwarded message From: Mathew Thomas <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Wednesday, January 28, 2004, 5:31:35 PM Subject: [squid-users] Iptables rules for squid ===8<==============Original message text=============== Hi All, Thanks Henrik for the advice. Sorry for pestering again, I have got one more question. I am getting a lots of the following message in my iptables log where these packets are coming from outside our network. I was wondering should I open the random ( 1025 to 65535) ports ( udp and tcp) to LAN and OUTSIDE our network. I am not doing any "OUTPUT" filtering. 1) INCOMING TCP PACKETs ( some from ports 80 or 21 to random port on my proxy server, but lots from random ports of the source m/c to the random ports on my proxy server) ------------------------------------------------------------------------------------------------------------------------------------------------------------ Jan 28 12:13:47 sproxy2 kernel: FIREWALL OUTSIDE RMIT IN=eth1 OUT=MAC=00:08:02:ed:db:cd:00:60:cf:49:9f:20:08:00 SRC=.200.216.110 DST=131.170.90.3 LEN=40 TOS=0x00 PREC=0x00 TTL=41 ID=64266 PROTO=TCP SPT=80 DPT=35483 WINDOW=0 RES=0x00 ACK RST URGP=0 Jan 28 14:11:20 sproxy2 kernel: FIREWALL OUTSIDE RMIT IN=eth1 OUT=MAC=00:08:02:ed:db:cd:00:60:cf:49:9f:20:08:00 SRC=210.115.150.4 DST=131.170.90.3 LEN=1351 TOS=0x00 PREC=0x00 TTL=47 ID=40388 DF PROTO=TCP SPT=80 DPT=48822 WINDOW=57920 RES=0x00 ACK PSH FIN URGP=0 Jan 28 15:08:34 sproxy2 kernel: FIREWALL OUTSIDE RMIT IN=eth1 OUT=MAC=00:08:02:ed:db:cd:00:60:cf:49:9f:20:08:00 SRC=63.146.120.71 DST=131.170.90.3 LEN=40 TOS=0x00 PREC=0x00 TTL=110 ID=26843 DF PROTO=TCP SPT=32422 DPT=42348 WINDOW=0 RES=0x00 RST URGP=0 Jan 28 14:35:19 sproxy2 kernel: FIREWALL OUTSIDE RMIT IN=eth1 OUT= MAC=00:08:02:ed:db:cd:00:60:cf:49:9f:20:08:00 SRC=206.16.4.27 DST=131.170.90.3 LEN=64 TOS=0x00 PREC=0x00 TTL=237 ID=17217 DF PROTO=TCP SPT=21 DPT=60486 WINDOW=10220 RES=0x00 ACKURGP Jan 28 14:29:49 sproxy2 kernel: FIREWALL OUTSIDE RMIT IN=eth1 OUT=MAC=00:08:02:ed:db:cd:00:60:cf:49:9f:20:08:00 SRC=80.160.91.19 DST=131.170.90.3 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=37113 DF PROTO=TCP SPT=3531 DPT=41372 WINDOW=57920 RES=0x00 ACKRST URGP=0 2) INCOMING UDP PACKETs ( some from port 80 of the source m/c to the random port on my proxy server, but lots from random ports of the source to the random ports on my proxy server) -------------------------------------------------------------------------------------------------------------------------------------- Jan 28 21:45:37 sproxy2 kernel: FIREWALL OUTSIDE RMIT IN=eth1 OUT= MAC=00:08:02:ed:db:cd:00:60:cf:49:9f:20:08:00 SRC=63.211.17.228 DST=131.170.90.3 LEN=38 TOS=0x00 PREC=0x00 TTL=50 ID=5486 PROTO=UDP SPT=80 DPT=37852 LEN=18 Jan 28 21:46:55 sproxy2 kernel: FIREWALL OUTSIDE RMIT IN=eth1 OUT= MAC=00:08:02:ed:db:cd:00:60:cf:49:9f:20:08:00 SRC=64.152.70.68 DST=131.170.90.3 LEN=38 TOS=0x00 PREC=0x00 TTL=52 ID=26336 PROTO=UDP SPT=80 DPT=37852 LEN=18 Jan 28 13:37:28 sproxy2 kernel: FIREWALL OUTSIDE RMIT IN=eth1 OUT=MAC=00:08:02:ed:db:cd:00:60:cf:49:9f:20:08:00 SRC=210.61.218.113 DST=131.170.90.3 LEN=40 TOS=0x00 PREC=0x00 TTL=1 ID=52986 PROTO=UDP SPT=39852 DPT=32770 LEN=20 Jan 28 14:37:59 sproxy2 kernel: FIREWALL OUTSIDE RMIT IN=eth1 OUT= MAC=00:08:02:ed:db:cd:00:60:cf:49:9f:20:08:00 SRC=129.33.82.50 DST=131.170.90.3 LEN=38 TOS=0x00 PREC=0x00 TTL=1 ID=64903 PROTO=UDP SPT=49814 DPT=33451 LEN=18 3) Incoming ICMP packet. ( I believe , I can ignore this and not needed for squid proxy) ----------------------------------------------------------------------- Jan 28 15:13:35 sproxy2 kernel: FIREWALL OUTSIDE RMIT IN=eth1 OUT=MAC=00:08:02:ed:db:cd:00:60:cf:49:9f:20:08:00 SRC=206.131.224.226 DST=131.170.90.3 LEN=56 TOS=0x00 PREC=0x00 TTL=238 ID=13118 PROTO=ICMP TYPE=3 CODE=1 [SRC=131.170.90.3 DST=206.131.226.62 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=15749 DF PROTO=TCP INCOMPLETE [8 bytes] ] Jan 28 23:41:37 sproxy2 kernel: FIREWALL OUTSIDE RMIT IN=eth1 OUT= MAC=00:08:02:ed:db:cd:00:60:cf:49:9f:20:08:00 SRC=138.88.162.208 DST=131.170.90.3 LEN=37 TOS=0x00 PREC=0x00 TTL=107 ID=5677 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=64229 Jan 28 23:41:40 sproxy2 kernel: FIREWALL OUTSIDE RMIT IN=eth1 OUT= MAC=00:08:02:ed:db:cd:00:60:cf:49:9f:20:08:00 SRC=138.88.162.208 DST=131.170.90.3 LEN=37 TOS=0x00 PREC=0x00 TTL=107 ID=6341 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=37352 Thanks Mathew >>> Henrik Nordstrom <[EMAIL PROTECTED]> 24/01/04 2:49:26 >>> On Fri, 23 Jan 2004, Mathew Thomas wrote: > transparent caching. I would like to know how should I set the Ip > tables rules, like which port should be opened for LAN and which port > should be opened for internet, etc. The LAN needs to be able to access the proxy port (http_port). In addition the Squid server needs to be allowed to talk to the Internet and your DNS server. Note: if you are proxying FTP or otherwise making ftp requests from the Squid proxy server then you need to remember to have the conntrack_ftp helper module loaded or else FTP transfers may fail. Regards Henrik ===8<===========End of original message text=========== -- Best regards, mortbox mailto:[EMAIL PROTECTED] ===8<===========End of original message text=========== -- Best regards, mortbox mailto:[EMAIL PROTECTED]
