That's squid connecting to the foreign websites on port 80 (http). If you want to firewall it allow squid to setup a state out on port 80 (make sure its statefull), and firewall everything else in...
You don't have a security problem with it connected from a random port to port 80 on another machine - you should be carefull about people browsing through you if its open though (e.g. block port 3128) -----Original Message----- From: devendra [mailto:[EMAIL PROTECTED] Sent: 21 August 2004 02:05 PM To: Henrik Nordstrom Cc: [EMAIL PROTECTED] Subject: Re: [squid-users] ip setup Hello, from foreign IP port 80 to our external network IP at different port > than 1024 like 55963,55965,55964,55871 and so on. Can u suggest me, on which NIC i should block incoming or outgoing request. Deven At 01:36 PM 21/08/2004, Henrik Nordstrom wrote: >On Sat, 21 Aug 2004, devendra wrote: > >>for client machines and other is configured with external network, but i >>found that lot of foreign IP connecting to the external ip, with >>connection ESTABLISHED and SYN_SENT. > >These are most likely the requests Squid is making out to the Internet to >fetch the content requested by the users. > >What are the local port numbers of these connections? Is many going to the >same local port number or all to different ports > 1024? > >Regards >Henrik
