unwanted ICMP pings and CONNECT

From: Stephen Rothwell <sfr@dont-contact.us>
Date: Wed, 15 Jan 1997 14:44:00 +1100

Hi all,

I am running several squids in a tree behind a firewall. This
seems to be working well except ... two of the squids are
1.1.1 running on Debian Linux. These two seem to generate an
ICMP ping packet directly to each host (outside the firewall)
that they are trying to query.

This is actually more annoying than anything as I have to sift
through our firewall's logs each day and there are thousands of
these pings logged. :-(

Also, is there some good reason for restricting CONNECT queries
to ports 443 and 563?

Also, when starting squid, I get the error message
        recv: Connection refused
just after the "Ready to serve requests." message.

I have included my (condensed) config below.


Stephen Rothwell                    Stephen.Rothwell@nec.com.au
NEC Australia                       Phone: +61-6-2508747
Information Systems Group           Fax:   +61-6-2508746
Canberra, Australia

cache_host firewall.nec.com.au parent 80 7 default no-query
inside_firewall nec.com.au
local_domain nec.com.au
single_parent_bypass on
source_ping off
cache_stoplist cgi-bin ?
cache_mem 10
cache_swap 1536
maximum_object_size 12288
debug_options ALL,1
ftp_user squid@nec.com.au
shutdown_lifetime 5
acl manager proto cache_object
acl all src
acl nec_caches src 147.76.XX.XX 147.76.XX.XX 147.76.XX.XX
acl nec_mgr src 147.76.XX.XX
acl SSL_ports port 443 563 8080
http_access allow manager nec_mgr
http_access deny manager all
http_access deny CONNECT !SSL_ports
http_access allow nec_caches
http_access deny all
icp_access allow nec_caches
icp_access deny all
miss_access allow all
cache_mgr Stephen.Rothwell@nec.com.au
cache_effective_user proxy proxy
visible_hostname proxy.nec.com.au
dns_testnames internic.net usc.edu cs.colorado.edu mit.edu yale.edu
logfile_rotate 10
append_domain .nec.com.au
ssl_proxy firewall.nec.com.au
passthrough_proxy firewall.nec.com.au
minimum_direct_hops 4
Received on Tue Jan 14 1997 - 19:54:26 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:04 MST