----- Original Message -----
From: croilan cruz
To: plug@lists.linux.org.ph
Sent: Saturday, September 16, 2006 10:56 AM
Subject: [plug] re:squid-http open
Dearest all,
i just wanna give thanks those who replied to my mail concerning
on squid, who ever ( fooler ) is a million thanks, as in your letter
u discuss syn,rst,ack etc these tcp flags are putting me a head ache
on how to configure the firewall. ex. if your firewall ip was tag being
rejected in sorbs or cbl in what aspect do i need to reconfigure the
firewall?
i put example in the cbl recommendation but still get firewall ip
to their list.
my set up
<net> ------<firewall> ----- <dmz>
any tip to handle this problem....
you have two options to protect your squid from open relay and these are:
1. layer 3 firewall thru iptables
2. layer 7 firewall thru squid's acl
a simple rule both for the two options is to allow the good ip addresses to
access your proxy and the rest deny it...
which ever option you prefer.... it will protect you from open relay outside
of your good ip addresses listed...
but.... protecting your proxy from open relay doesnt mean you are free from
sorbs or cbl database list of bad IPs... if one of the good ip addresess you
listed was compromise and used your proxy as relay (since it allowed to
access it).. still you are mark as bad ip...
fooler.
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
plug@lists.linux.org.ph (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph