[squid-users] Packets logged as blocked even Firewall (IPtables) accepts them ...
Matus UHLAR - fantomas
uhlar at fantomas.sk
Tue Jul 18 13:28:48 UTC 2017
On 18.07.17 14:29, Walter H. wrote:
>-A INPUT -i br0 -m state --state ESTABLISHED,RELATED -j ACCEPT
>-A INPUT -i br0 -m tcp -p tcp --dport 3128 -m state --state NEW -j ACCEPT
>-A INPUT -j LOG --log-prefix "IP[IN]: " --log-level 7
>[17-Jul-2017; 19:49:13.590130] IP[IN]: IN=br0 OUT=
>MAC=24:01:00:00:01:24:24:00:08:01:05:24:08:00 SRC=192.168.0.10
>DST=192.168.0.1 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP
>SPT=54916 DPT=3128 WINDOW=0 RES=0x00 RST URGP=0
it's a RST packet, apparently for connection that was already closed and
thus is not ESTABLISHED,RELATED nor NEW
logging state INVALID could explain
>by the way the router box has of course more interfaces
>a br0 (LAN) and eth1 (WAN), where can I ensure that squid only listens to
>the LAN IP?
here:
># Squid normally listens to port 3128
>http_port 3128
see http://www.squid-cache.org/Doc/config/http_port/
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
More information about the squid-users
mailing list