Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] Limit Squid Port Range
- From: Markus Gaugusch <markus@xxxxxxxxxxx>
- Date: Tue, 13 Nov 2001 08:41:15 +0100 (CET)
- Message-id: <Pine.LNX.4.40.0111130837380.7530-100000@xxxxxxxxxxxxxxxx>
> maybe my question is a bit stupid but I can't find
> a useful answer myself (usual way FAQ, google....).
> So let's have a look if YOU know more about this *gg*.
>
> I have set up a ipchains script. Default deny all.
> I don't want squid to go through the whole port range
> 1024-65355 but limit the use on ports from 1024:3120
> I've tried different ACL's and non of them worked for me.
Why do you want this? standard port range is 1024:4999 (cat
/proc/sys/net/ipv4/ip_local_port_range), you can change this by doing
echo "32000 59000" > /proc/sys.../ip_local_port_range
This is default TCP/IP behaviour, it seems you don't really know about
tcp/ip, so don't change this.
Markus
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxx X Against HTML Mail
/ \
> a useful answer myself (usual way FAQ, google....).
> So let's have a look if YOU know more about this *gg*.
>
> I have set up a ipchains script. Default deny all.
> I don't want squid to go through the whole port range
> 1024-65355 but limit the use on ports from 1024:3120
> I've tried different ACL's and non of them worked for me.
Why do you want this? standard port range is 1024:4999 (cat
/proc/sys/net/ipv4/ip_local_port_range), you can change this by doing
echo "32000 59000" > /proc/sys.../ip_local_port_range
This is default TCP/IP behaviour, it seems you don't really know about
tcp/ip, so don't change this.
Markus
--
_____________________________ /"\
Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign
markus@xxxxxxxxxxx X Against HTML Mail
/ \
| < Previous | Next > |