Ok. But how can I run squid in my giptables?
Pls Help Me.
Thanks
At 01:55 AM 12/6/2002 -0600, Mark wrote:
>Jason:
>
>This is somewhat Squid related actually. Let me explain the difference
>between a caching proxy and giptables.
>
>For starters, Pop3 is port 110. That's Post Office Protocol Version 3,
>and it's what your mail client uses to receive mail.
>
>SMTP is port 25. Simple Mail Transfer Protocol. This is outgoing mail.
>It's not as secure as pop3.
>
>Both compose your typical simple email client. It sounds like your
>problem is that giptables does packet level forwarding, while the proxy
>does protocol level forwarding. This means giptables can forward raw
>data while Squid can only forward protocols it recognizes. Here's a
>sample from the Squid.conf:
>
>acl Safe_ports port 80 # http
>acl Safe_ports port 21 # ftp
>acl Safe_ports port 443 563 # https, snews
>acl Safe_ports port 70 # gopher
>acl Safe_ports port 210 # wais
>acl Safe_ports port 1025-65535 # unregistered ports
>acl Safe_ports port 280 # http-mgmt
>acl Safe_ports port 488 # gss-http
>acl Safe_ports port 591 # filemaker
>acl Safe_ports port 777 # multiling http
>
>The problem is ports 110 and 25 aren't on the list. It could be that
>nobody is exactly interested in caching their email, but I'm pretty sure
>Squid doesn't support them. Squid isn't forwarding your requests for
>pop3 to the outside world because it doesn't know how. In order to get
>by, you're probably going to want to use both Squid and giptables.
>
>So the problem, then, is that your giptables policy is too strict? Does
>Squid start at all or can it just not send out requests? You can open
>port 3128 for your private network (the default Squid port) to allow
>your users to connect to it.
>
>Good luck. I hope this helps. And I'm sorry the people on this list are
>so unhelpful at times.
>
>Mark
>
> > Hi!
> >
> > I'm using squid-2.4.stable1-5 under RedHat Linux 7.2.
> >
> > 1. I can't run the proxy when my firewall is up (using GIPTABLES).
> >
> > 2. When I turned off the giptables and turned on the proxy, I can't
> > check other pop3 servers outside our network. But when I turned on the
> > giptables and turned off the proxy, I can check other pop3 servers.
>What
> > seems to be the problem? What port do you think is running when I do
> > this service (checking other pop3 servers).
> >
> >
> > Thanks.
> > Jason Vidaure
Received on Sun Dec 08 2002 - 20:19:45 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:55 MST