If you get 2 messages that's normal, because the messages go to you
directly and to the list, of which you are a member.
Let me be clear about the rules you need:
FORWARD
src: your_lan dest: anywhere port: 3128, 8080 -> DROP
INPUT
src: your_lan dest: squid port: 3128, 8080 -> ACCEPT
Is that what you have?
Remember that iptables is source/destination IP based so you just allow
squid then there's no problem. Squid will not make OUTGOING connections on
the ports 3128 and 8080 but on port 80, so Squid has to have port 80
access.
Please think about this, and if you still haven't got it, send a brief
summary of the IPs of squid, your firewall (I have assumed the firewalling
is on squid, what I say above will not apply if the firewall is elsewhere)
and the firewall rules you have.
-- |-Simon White |-Internet Services Manager |-MTDS S.A. |-tel +212.3.767.4861 |-fax +212.3.767.4863 |-14, rue 16 novembre |-Rabat, Kingdom of Morocco On Tue, 5 Mar 2002, Razvan Cosma wrote: > Simon White wrote: > > > Make sure you reply to all recipients, and it will get to the list. Your > > MUA (Mozilla / Netscape?) should be able to respect the reply-to field > > I was blind, but now I see the light :) I also get duplicate messages :D > > > > Where did you close ports 8080 and 3128? You should close them for clients > > but not for the squid machine itself. If you are using iptables, you need > > to close 8080 and 3128 on the FORWARD chain but not on the INPUT chain. > > I DID close those ports (and in fact almost all) with iptables, my > question would be: if I allow squid to forward reaquests on port 8080, > would that allow my users to bypass my restrictions? > >Received on Tue Mar 05 2002 - 03:57:39 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:42 MST