RE: [squid-users] RE: How do I hide port 3128?

> -----Original Message-----
> From: Niels [mailto:zorglub_olsen@hotmail.com]
> Sent: Thursday, May 12, 2005 10:50 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] RE: How do I hide port 3128?
>
>
> Chris Robertson wrote:
>
>> Something like:
>>
>> iptables -A INPUT -i eth0 --dport 3128 -j REJECT
>>
>> (assuming that you are using eth0) should do it. If the box is acting as
>> a gateway, then add the same rule for each ethernet interface.
>>
>> Chris
>
>
> Thank you for your suggestion. I should have said: I've already tried
this,
> but nmap will then show
>
> 3128/tcp filtered squid-http
>
> which still tells the users that a Squid is running. This also happens
with
> DROP. And what's worse, it blocks the use of Squid, eventhough I state "-i
> eth1". Possibly I'm using Iptables incorrectly, I'll keep trying.
>
> I think you need to state the protokol like this: "-p tcp" when you use
> dport.
>
>
> //Niels

Here's another possibility... Change your iptables rule to

iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to 127.0.0.1:3128

and have squid only listen on the loopback interface ("http_port
127.0.0.1:3128" in squid.conf). Would that work? I haven't done much with
nat in quite a while, so I'm not sure if you can NAT to lo.

Chris
Received on Thu May 12 2005 - 12:58:28 MDT