Bostonian wrote:
> I am a newbie here. Does "doing interception on inbound connections"
> mean that my squid box intercepts the client's request and returns the
> traffic from port 3128? Is this the normal way through which squid
> returns the request to its clients?
Um, I'm not sure abut the 'from port 3128' bit. Squid by default uses
random outbound ports. Only using 3128 for inbound requests.
So you will see a.b.c.d:e->squid.ip:3128 for each user currently using
the cache.
Interception is done by firewalls using NAT before their other rules are
calculated (thus a port-80 inbound deny will not work if inbound port-80
is already NAT'd to port-3128.
Squid sees it as slightly abnormal web traffic arriving on it's
'transparent' port (in your case 3128) so things look the same to most
traffic viewing tools.
Amos
> Thank you.
>
> On Mon, Feb 2, 2009 at 6:35 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>>> Dear All:
>>>
>>> I am running a squid 3.0 on a centos box and set it as
>>>
>>> http_port 3128 transparent
>>>
>>> It has been working well for a while. Then I noticed a traffic spike.
>>> tcpdump shows
>>> that there are a lot of traffic from port 3128 to other clients. I
>>> have disabled incoming
>>> traffic to 3128 from outside.
>>>
>>> What could be the reason? Someone hacked my cache?
>>>
>>> Best Regards,
>>> Young Wen
>>>
>> Perhapse you are doing interception on inbound connections somehow?
>> NAT will break past the firewall in that case.
>>
>> Amos
>>
>>
>>
-- Please be using Current Stable Squid 2.7.STABLE5 or 3.0.STABLE12 Current Beta Squid 3.1.0.4Received on Wed Feb 04 2009 - 04:31:09 MST
This archive was generated by hypermail 2.2.0 : Wed Feb 04 2009 - 12:00:01 MST