[sclug] Linux as router (Gateway Server)

Alex Butcher lug at assursys.co.uk
Tue Feb 15 08:43:17 UTC 2005


On Tue, 15 Feb 2005, Navneet wrote:

>
>> Feb 12 09:15:33 squid (squid): Cannot open HTTP Port
>>
>> Why my iptables rule blocking squid to open HTTP port.
>
> [snip]
>
>> -A OUTPUT -o eth1 -p tcp -m tcp --sport 1024:65535 --dport 80
>> --tcp-flags SYN,RST,ACK SYN  -m owner --uid-owner squid -j ACCEPT
>> -A OUTPUT -o eth1 -p tcp -m tcp --sport 1024:65535 --dport 443
>> --tcp-flags SYN,RST,ACK SYN -m owner --uid-owner squid -j ACCEPT
>> -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
>> COMMIT
>> # Completed on Thu Feb 10 20:02:43 2005
>
>>> Is squid being started as the 'squid' user, 'nobody', 'root' or something
>>> else?
>
> Squid being started as the "squid" user.

OK, you didn't tell us that originally.

> Didn't you notice, squid starts without any error when strict firewall rules
> where flushed.

I noticed, but I was wondering whether the rules I quoted above were what
is causing the problem.

> Navneet

Best Regards,
Alex.
-- 
Alex Butcher      Brainbench MVP for Internet Security: www.brainbench.com
Bristol, UK                      Need reliable and secure network systems?
PGP/GnuPG ID:0x271fd950                         <http://www.assursys.com/>


More information about the Sclug mailing list