Re: ports galore

From: David J Woolley <djw@dont-contact.us>
Date: Wed, 10 Mar 1999 20:31:18 -0000

It looks to me like when squid sends back data, it uses ports in the
> 1900-2000 range according to my sniffer. So, basically, I'm looking for a list
> of ports squid sends http data back to on the client end. This way I can send
> the list to the firewall admin so they can open up those incoming ports.

Squid sends back using the port selected by the client, which can be
anything between 1 (0?) and 65535. Unix clients will not use the
privileged range (up to 1024), but all bets are off for DOS or
Windows clients. Generally clients use something like the first free
number starting at a particular value, but the starting value tends
to be platform dependent.

NB This is universally true of TCP services, although some services
originate from privileged ports so that, in a pure Unix world, you
have some confidence that they have validated the client process.

Either you have analyzed your problem wrongly or you are attempting
to do the impossible with your firewall.

I'd look for options on the firewall to only filter start of
connection packets (SYN ones).

-- 
David Woolley - Office: David Woolley <djw@bts.co.uk>
BTS             Home: <david@djwhome.demon.co.uk>
Wallington      TQ 2887 6421
England         51  21' 44" N,  00  09' 01" W (WGS 84)
Received on Wed Mar 10 1999 - 13:58:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:45:12 MST