Re: [squid-users] Firewalling the Proxy

From: Jose Ildefonso Camargo Tolosa <ildefonso.camargo_at_gmail.com>
Date: Sat, 28 Feb 2009 23:48:35 +1930

Hi!

On Sat, Feb 28, 2009 at 4:43 PM, Nyamul Hassan <mnhassan_at_usa.net> wrote:
> Hi,
>
> I was checking the requests to and from my proxy servers, and I noticed
> that, while most src-port were TCP 80, 53, 443, some were very high TCP
> ports.  These high port packets would usually also be accompanied by an ICMP
> request.  Is this normal web server behaviour?  In my firewall, accepting
> src-port of TCP 80, 53, 443, or UDP 53, and ICMP, can I block all else
> directed toward my proxy server?

Ok, you got me a little confused on the "src-port", maybe I'm just
falling a slept now.

Usually, the connections works like this:

client (any port above 1024, depends on OS, but usually a high port)
---> proxy (proxy port,3128) , proxy (local port, usually high port)
---> Remote Web Server (80,443,....).

So, you will usually see a "high port" and a "normal port" associated
to a connection, usually the high port is the "local part" and the low
port is the "remote end", from the point of view of the machine that
is initiating the connection. The IP,port combination is called a
tuple, and each connection have a "local tuple" and a "remote tuple",
the local tuple is usually referred as the "source IP, source port",
and use to have a high port associated with it (in the computer that
is creating the connection, the remote end will see it reversed).

>
> Thx in advance for your comments / suggestions.

Any more info would be useful.

>
> Regards
> HASSAN
>
>

c-ya!

Ildefonso Camargo
Received on Sat Feb 28 2009 - 04:18:43 MST

This archive was generated by hypermail 2.2.0 : Sat Feb 28 2009 - 12:00:02 MST