Hello, I have a 2 interface Linux router/firewall. Eth0 public, Eth1 private lan. Squid is installed and running/listening on Eth1 via tcp 3128. I have a firewall REDIRECT rule that redirects all outgoing "private_lan" port 80 traffic to tcp 3128. This works great.
After reading through the ACL faq's I'm still confused as to **why** there is a need for the "Safe_ports" acl elements declared by default in "squid.conf"? I was under the assumption that **by default** Squid proxies port 80 traffic and thats it unless otherwise specified? My firewall only allows the following out to the internet anyways. udp 53 tcp 20,21,22,25,80,110,443 So I'm assuming there's a good reason to have these defaults but I don't see why when clients will only be redirected to Squid through port 80. They go around Squid for all other ports. I could make a few logical guesses as to why this set the way it is but I wanna be sure that I'm not missing something else fundamental. [code] acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT [/code] Thanks
