Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Limit Squid Port Range
- From: d_lord@xxxxxx
- Date: Tue, 13 Nov 2001 14:05:41 +0100 (MET)
- Message-id: <16975.1005656741@xxxxxxxxxxxxx>
<answer1>
>Why do you want this? standard port range is 1024:4999 (cat
>/proc/sys/net/ipv4/ip_local_port_range), you can change this by doing
>echo "32000 59000" > /proc/sys.../ip_local_port_range
>This is default TCP/IP behaviour, it seems you don't really know about
>tcp/ip, so don't change this.
>Markus
</answer1>
</answer2>
>What do you propose to achieve by doing that? It won't give you any more
>security, if that's what you're thinking. Oh, and to answer your question,
I
>don't think it's possible to restrict the source port range used by Squid
>only.
>Cheers,
>Tobias
</answer2>
Hello
First thx for your answers.
The reason why I tried to do this is to restrict access to my proxy from
external.
Only 5 IP addresses should be allowed to connect to it. Of course, I have
done
this with ACL's but I think it's allways save to doublecheck such access
from the
net.
Now, you tould me (ok ok, I missed this point :-( ) that the local port
usage is restricted to ports
lower 5000 I'm going to set squid listening on a port > 5000 and my problem
is solved!
Changing the ipchains to filter the input was no problem and now I think
everything should
work.
Thanks for your help & time
D. Lord
--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
>Why do you want this? standard port range is 1024:4999 (cat
>/proc/sys/net/ipv4/ip_local_port_range), you can change this by doing
>echo "32000 59000" > /proc/sys.../ip_local_port_range
>This is default TCP/IP behaviour, it seems you don't really know about
>tcp/ip, so don't change this.
>Markus
</answer1>
</answer2>
>What do you propose to achieve by doing that? It won't give you any more
>security, if that's what you're thinking. Oh, and to answer your question,
I
>don't think it's possible to restrict the source port range used by Squid
>only.
>Cheers,
>Tobias
</answer2>
Hello
First thx for your answers.
The reason why I tried to do this is to restrict access to my proxy from
external.
Only 5 IP addresses should be allowed to connect to it. Of course, I have
done
this with ACL's but I think it's allways save to doublecheck such access
from the
net.
Now, you tould me (ok ok, I missed this point :-( ) that the local port
usage is restricted to ports
lower 5000 I'm going to set squid listening on a port > 5000 and my problem
is solved!
Changing the ipchains to filter the input was no problem and now I think
everything should
work.
Thanks for your help & time
D. Lord
--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net
| < Previous | Next > |