On 21.03.2012 05:32, Eliezer Croitoru wrote:
> On 20/03/2012 18:23, Zhu, Shan wrote:
>> Hi, all,
>>
>> I have a fundamental question that, after studying books and on-line
>> documents, I still cannot answer it myself.
>>
>> That is, when configuring Squid for transparent caching, why do we
>> need to forward HTTP from Port 80 to Port 3128? What makes it
>> necessary? If we just let Squid to listen on Port 80, what would make
>> the difference.
>>
>> Can anyone help answer this question?
> have you though about it that the client is not asking for port 80 of
> the squid server\gateway?
> so...
> if you dont understand it i will be glad to explain it to you on the
> squid irc channel or via email.
True. The Squid listening port number is irrelevant.
The critical thing to know is that no traffic is safe to connect
directly to the port Squid listens on. It is a very good idea to
firewall it completely sealed on the Squid box at some point before NAT.
NAT being second so packets will arrive there even when it is fully
locked down.
I advise against using port-80 and 3128. Because 80 is the officially
registered HTTP port and you may want to do other things with it, and
3128 is the official proxy port. You probably want to keep 3128 open for
proxy management requests or error page embeded object delivery (you
could pick another port for regular proxy use though).
Amos
Received on Tue Mar 20 2012 - 22:27:13 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 21 2012 - 12:00:03 MDT