Re: Squid Accelerator configuration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



netfilter-admin@xxxxxxxxxxxxxxxxxxx wrote on 07/19/2004 05:00:10 PM:

> On Monday 19 July 2004 9:33 pm, Jim Matthews wrote:
> 
> > Antony
> >
> > Thanks for the reply.
> >
> > I added port 113 to the "allow" list and when I tried to reconnect to 
the
> > Squid box, those 113 port packets are still being dropped.  Any idea 
why
> > the port 80 packets are being dropped as well?  I think my rules are 
setup
> > correctly, so I'm not sure why they're not being allowed.  I'm 
attaching
> > my rules if someone would like to take a look and see what's 
happening.
> 
> Maybe my earlier explanation was not entirely clear.
> 
> The squid *server* is the ident *client* - it initiates the connection 
to the 
> ident server running on the http client.
> 
> The rules for TCP port 113 in your ruleset seem to assume the opposite - 
that 
> one machine is both http and ident client, and the other machine is both 
http 
> and ident server.

Antony

Ahh...I see.  I've added the following to take care of the ident packets:

-A INPUT -p tcp -m tcp --sport 113 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 113 -m state --state NEW,ESTABLISHED -j 
ACCEPT

Still getting dropped port 80 packets though:

Jul 20 12:23:40 squidbox kernel: drop-n-log:IN= OUT=eth0 SRC=192.168.1.1 
DST=192.168.1.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54027 DF PROTO=TCP 
SPT=43972 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 
Jul 20 12:25:14 squidbox kernel: drop-n-log:IN= OUT=eth0 SRC=192.168.1.1 
DST=192.168.1.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54027 DF PROTO=TCP 
SPT=43972 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 
Jul 20 12:25:41 squidbox kernel: drop-n-log:IN= OUT=eth0 SRC=192.168.1.1 
DST=192.168.1.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54027 DF PROTO=TCP 
SPT=43973 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 
Jul 20 12:26:27 squidbox last message repeated 4 times
Jul 20 12:27:15 squidbox kernel: drop-n-log:IN= OUT=eth0 SRC=192.168.1.1 
DST=192.168.1.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=54027 DF PROTO=TCP 
SPT=43973 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 
Jul 20 12:27:24 squidbox kernel: drop-n-log:IN= OUT=eth0 SRC=192.168.1.1 
DST=192.168.1.5 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30836 DF PROTO=TCP 
SPT=43974 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 

Do I have not my rules in the correct order?  Sorry to keep bugging about 
this issue.  I thought I had solved it, but it's still not behaving 
correctly.


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux