Re: [squid-users] Iptables rules for squid

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 29 Jan 2004 09:37:14 +0100 (CET)

On Thu, 29 Jan 2004, Mathew Thomas wrote:

> 1) INCOMING TCP PACKETs ( some from ports 80 or 21 to random port on
> my proxy server, but lots from random ports of the source m/c to the
> random ports on my proxy server)

These are either "bad" packets from scanners, or stale packets from
already finished sessions which for some reason is no longer known to your
firewall.

> 2) INCOMING UDP PACKETs ( some from port 80 of the source m/c to the
> random port on my proxy server, but lots from random ports of the source
> to the random ports on my proxy server)

Squid never talks to UDP to other than DNS servers. These are not related
to Squid.

> 3) Incoming ICMP packet. ( I believe , I can ignore this and not needed
> for squid proxy)

ICMP ECHO (Type 8) to the Squid server is not due to Squid.

ICMP Destination Unreachable (Type 3, several different codes) may be seen
as part of normal traffic, and should be automatically picked up by your
firewall as belonging to existing sessions if valid. I.e. same as '1'
above.

Regards
Henrik
Received on Thu Jan 29 2004 - 01:37:36 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:09 MST