Re: [squid-users] Problems with Squid and ebtables

From: Henrik Nordstrom <[email protected]>
Date: Sat, 30 Apr 2005 22:53:39 +0200 (CEST)

On Fri, 29 Apr 2005, Louis wrote:

> I have server running fedora and squid. It is running in a bridge mode.
> It has two nics and ebtables running, ebtables redirects to squid
> process. All seems to work fine except the server appears to be
> sending spam, when I do a netstat -p | grep smtp it shows the squid
> process trying to send out to many different servers. Here is the main
> part of the config that I am having problems with
>
> visible_hostname cache.mydomain.com`
>
> acl net1 src 10.0.0.0/255.0.0.0
> acl net2 src 0.0.0.0/0.0.0.0

Are you sure about that net2 thing? It matches the whole world...

> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #

Did you by any chance delete the rules above this line? There is several
anti-abuse rules above this line which by example blocks SMTP abuse via
the HTTP proxy (the Safe_Ports, CONNECT etc things).

> I know take out the 0.0.0.0 subnet but when I do that people on the
> outside world cannot access the internal web servers. But the smtp
> traffic Stops. I have tried varies access rules but haven't hit the
> right combination yet.

1. Don't delete the default anti-abuse rules.

2. Don't delete the default anti-abuse rules.

3. When configuring an accelerator limit what destinations may be reached
in a similar manner to how you limit who may use the proxy in a normal
forward-proxy.

acl net1 src 10.0.0.0/8
http_access allow net1

acl webservers dstdomain accelerated.site.1 accelerated.site.2
acl http protocol http
acl port80 port 80
http_access allow webservers http port80

Regards
Henrik
Received on Sat Apr 30 2005 - 14:53:41 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT