Re: [squid-users] Is there any way to prevent ports 1024 to 65535 from bypassing squid?

On 24.09 10:45, MikeB wrote:
> Subject: [squid-users] Is there any way to prevent ports 1024 to 65535 from bypassing squid?

look at safe_ports acl, provided in default config.

> Squid does work except some requests , specifically java video chat
> requests access port 80 through squid properly but the video does not work
> and the linux box in front of squid rejects a port within the range of
> 1024 to 65535 not from the squid box but from the workstation loading the
> video chat applet to the internet.

then, it's a problem of firewall of the linux box...

> If i add an iptables rule to the forward table on the linux box in front of
> squid for the workstation loading the video chat applet allowing source ports
> 1024 to 65535 and destination ports 1024 to 65535 out directly to the
> internet the video loads and works perfectly, however i would prefer not to
> add rules for each workstation or not to add a global rule allowing ip ranges
> because it would bypass the antivirus scanner running on the squid box and
> make logging and tracking more difficult.

sorry, you must to decide which one, I don't think there's another
possibility.

> Is there any way to redirect these ports to the squid server so that i don't
> have to allow every workstation access to this port range through the linux
> box in front of squid out to the internet?

you would break much of internet traffic. Remember there are dosens of
protocols that aren't proxyable, or not throuwh HTTP proxy.

> Or is there some configuration on the squid box that i have not correctly
> configured for video chat?

maybe you can talk to provider of that videochat, but i doubt he will do
anything about it.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I intend to live forever - so far so good.