Hi, On 12-Nov-01 d_lord@gmx.de wrote:
Hi list,
maybe my question is a bit stupid but I can't find a useful answer myself (usual way FAQ, google....). So let's have a look if YOU know more about this *gg*.
I have set up a ipchains script. Default deny all. I don't want squid to go through the whole port range 1024-65355 but limit the use on ports from 1024:3120 I've tried different ACL's and non of them worked for me. Now I think there should be another option but I just can't find it :-(
My squid is Version 2.4 ipchains Version 1.3.10
Output Rule: ipchains -A output -i $EXT -p tcp -s $EXTIP 1024:3120 --dport 80 -j ACCEPT
All works fine till squid tries to use port 3121 :-(
Now I get those ugly messages in /var/log/messages ..kernel: Packet log: output DENY eth0 Proto=6 IP1:Port>3120 IP2:80....
init 1 and back is the only option I know to get rid of this without opening the firewall.
I would be glad if you know a fix for this problem
with Squid's ACLs, you can assign safe_ports for the cache to use. Take a look at Squid's online documentation: http://squid.visolve.com/squid24s1/access_controls.htm#acl
D. Lord
Boris Lorenz