Hi !
On Mon, May 13, 2002 at 11:25:18AM +0200, bebad@gmx.net wrote:
> Sorry, but i didn't understand what you try to explain me... I already
> know, that the proxy use a port >1024 to establisch a connection to
> the internet. My problem is, that it seems to use ports >1024
> DYNAMICALLY, and I am not willed to open my firewall for a full range
> of ports >1024... So i asked, why squid uses those ports or how to
> tell squid just only use one definite port...
Use statefull firewalling, like iptables, to accept RELATED,ESTABLISHED
connections, or just allow packets whithout SYN set (! -y). Squid doesnt
LISTEN on these ports, it is just a tcp connection.
> 2. random DNS udp port? does this means, the port changes sometimes?
> how can i tell this my firewall without open a range of ports -
> because i dont have an dnsserver running ??
run a dns server, like squid 8.x, and configure it for using just one
udp port for queries (query-source option)...
Cheers,
--
Helios de Creisquer <helios@balios.org>
http://www.tuxfamily.org/ <creis@tuxfamily.org>
http://www.vhffs.org/ +33 (0)6 70 71 20 29 <creis@vhffs.org>
http://www.gnu.org/ <creis@gnu.org>
GPG(1024D/96EB1C44): FB11 8B80 4D86 D9C2 DE0C 11D7 2FA8 A5CC 96EB 1C44
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:05 MST