Re: [squid-users] Limiting outgoing port range. from Chad Naugle on 2011-04-04 (squid-users)

From: Chad Naugle <Chad.Naugle_at_travimp.com>
Date: Mon, 04 Apr 2011 16:44:20 -0400

Are you referring to Squid's OUTBOUND ports, or the DESTINATION ports?

Destination Ports could be done by stacking ACL's per a user/group to
specific list of ports ACL, but that's a lot of ACL stacking for
particular users, and the result is if they are outside of the range of
ports, could result in a ACCESS_DENIED, depending on the requested URL.
Ie --

acl Joe_User <code to identify "Joe">
acl Joe_Ports port 21
acl Joe_Ports port 80
acl Joe_Ports port 443
acl Joe_Ports port 8080

http_access allow Joe_User Joe_Ports
http_access deny all

But I would highly doubt that directly mapping SOURCE ports would be
theoretically possible, because, for one, Squid does not _ALWAYS_ query
a destination, as a function of it being a cache. And two, statically
defining a port, or block of ports for a particular user or group can
squelch the amount of possible users to be able to use the proxy,
causing it not to scale well, amongst many other technical issues that
can, and will only create bottlenecks.

Also, selecting outbound source ports has no technical advantage /
merit versus selecting destination ports, that I can think of.

>>> <Shivering_at_gmx.net> 4/4/2011 4:22 PM >>>
Hey,
i need an HTTP proxy which synchronizes outgoing connections to a
limited port range. For example to make only http connections via 20
outgoing ports. Is squid able to do this with little effort? I've
already searched the FAQ and the mail archive and only found this
question/answer:
http://www.mail-archive.com/squid-users@squid-cache.org/msg29951.html
. This is six years old. So i thought i give it a new try ^^. I
appreciate any tips.
Best regards

-- 
GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit 
gratis Handy-Flat! http://portal.gmx.net/de/go/dsl
Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient
and may contain confidential or privileged information.  If you are not
the intended recipient, any disclosure, copying, use, or distribution of
the information included in this message and any attachments is
prohibited.  If you have received this communication in error, please
notify us by reply e-mail and immediately and permanently delete this
message and any attachments.
Thank you."

Received on Mon Apr 04 2011 - 20:44:34 MDT

This archive was generated by hypermail 2.2.0 : Tue Apr 05 2011 - 12:00:02 MDT