Re: [squid-users] Re: RE: How do I hide port 3128?

----- Original Message -----
From: "Niels" <zorglub_olsen@hotmail.com>
To: <squid-users@squid-cache.org>
Sent: Friday, May 13, 2005 11:01 AM
Subject: [squid-users] Re: RE: How do I hide port 3128?

> Hi,
>
> fooler wrote:
> > chris robertson already gave you the answer to bind squid with localhost
> > (127.0.0.1:3128) if you dont want both the external and internal clients
> > to see tcp port 3128...
> >
> Yes, I can see the idea behind that. However, I think it must be possible
> and much simpler to have Netfilter drop external requests to port 3128.
I'm
> trying to find out how to do that.

the simple logic and attack of nmap is that, it send a *tcp syn* to the
target host... if the the target host reply a *tcp syn/ack*... then nmap
will display that port is *open* otherwise nmap will assumed that port is
*filtered*... therefore, filtering thru packet filter, binding to
localhost, whatever trick you gonna do... it will give you the same results
from nmap...

> > you said that you dont want the external clients see tcp port 3128 and
you
> > have two ethernet cards... bind your squid to your second network card
> > having a *private* ip address while your first network card have a
public
> > ip address...
> >
> I have one card (eth0, 192.168.1.254) connected to an adsl router and
> another (eth1, 192.168.2.1) connected to my lan network. Squid should only
> work on the lan -- there are no incomng connections. Binding Squid to
> 127.0.0.1 will bind it to ... what exactly? I'm sorry, I'm new to this.
Can
> you explain your idea in terms of my configuration?

if you dont really want to open tcp port 3128 both to your internal and
external clients, transparent proxy and binding squid to localhost will
do...

to give you an idea.. your network card is a *physical* device while your
loopback interface (eg. localhost) is a *logical* device.. both physical
and logical devices have an ip address if you assigned it... the principle
of transparent proxy is that... it will hijack the tcp port 80 and
*redirected* to a given or target ip address... if that target ip address is
your localhost ip address (127.0.0.1) where squid bind to it
(127.0.0.1:3128) then squid will happily recieved those hijack http
packets...

127.0.0.1 is not routable therefore both your internal and external clients
dont see 127.0.0.1:3128 in your squid box...

fooler.
Received on Thu May 12 2005 - 22:11:39 MDT