Re: [squid-users] R: [squid-users] Which ports on my firewall for CACHE MANAGER?

From: Simon White <simon@dont-contact.us>
Date: Thu, 11 Apr 2002 10:43:02 +0000

11-Apr-02 at 12:36, Henrik Nordstrom (hno@marasystems.com) wrote :
> Boniforti Flavio wrote:
>
> > > cachemgr.cgi needs to be able to reach your Squid http_port
> > > (8080 in your
> > > case I think).
> >
> > Wow... I opened in the INPUT chain this port (TCP only). Do I have to open
> > it also in UDP??? And is that the ONLY port I've to open?
>
> TCP only.
>
> cachemgr.cgi is simply a small HTTP client talking to Squid to retreive the
> requested information and then reformatting it into HTML.

Hi,

If you're running iptables on your Squid box then you will need to enable
communication thus:

IP squid binds to <-> IP apache binds to port 8080

This may mean use of both INPUT and OUTPUT chains, unless you're doing
stateful inspection with

-p tcp -m state --state ESTABLISHED -j ACCEPT

or something similar. You will have to (IIRC) specify an interface for
this rule, which would be the interface which is connected to the LAN, or
the firewall (if not on the same box)

Regards,

-- 
[Simon White. vim/mutt. simon@mtds.com. GIMPS:66.70% see www.mersenne.org]
All this talk about everyone being connected to the Internet by the year
xxxx ignores the simple fact that a large number of people in the world
are fighting for survival.
Received on Thu Apr 11 2002 - 04:43:05 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:31 MST