Re: [squid-users] Proxy on Firewall...

From: Squid Support (Henrik Nordstrom) <hno@dont-contact.us>
Date: Mon, 13 May 2002 10:22:17 +0200

When fetching content, Squid is a TCP/IP client. As such the OS will
assign "random high ports" (see
/proc/sys/net/ipv4/ip_local_port_range) to Squid per outgoing TCP
connection.

A simple test of your firewall rules is to try with any kind of
browser running on the firwall. If you don't have X use a text based
browser such as lynx.

There will also be a random UDP port involved for DNS resolving, but
this will only talk to your configured DNS server(s) and is easier to
filter.

Regards
Henrik Nordström

On Monday 13 May 2002 09:57, bebad@gmx.net wrote:
> Hello,
>
> i use a Suse Linux 7.0 Distribution with a 2.2 Kernel. My Firewall
> is configured with ipchains.
> I installed the latest version of the Squid Proxy and it works -
> until i activate the firewall rule:
> ipchains -P input DENY
>
> Even if i try to open some ports like 3128, 8080, 80, 21, 1047,
> 1066 and so on, users behind the firewall can't use the proxy for
> surfing anymore. I used the iptraf program and saw that the proxy
> tried something on different ports (starting at 1074). So i opened
> this port. It works, now the user behind the firewall could achieve
> the requested url. But the next time the user request an url, the
> proxy tried to use port 1075 for something (still what? dns
> resolving??) and this port is still closed... How can i tell Squid
> just to use definite ports???
> I don't have a dnsserver running on that machine, because i use the
> dnsserver of my isp...
>
> I would be glad for any help...
>
> Best regards
> a frustated Linux neewbie :-((

-- 
MARA Systems AB, Giving you basic free Squid support
Your source of advanced web reverse proxying solutions
http://www.marasystems.com/products/
Received on Mon May 13 2002 - 02:22:43 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:05 MST