----- Original Message ----- From: "Niels" <zorglub_olsen@xxxxxxxxxxx> To: <squid-users@xxxxxxxxxxxxxxx> Sent: Friday, May 13, 2005 11:01 AM Subject: [squid-users] Re: RE: How do I hide port 3128? > Hi, > > fooler wrote: > > chris robertson already gave you the answer to bind squid with localhost > > (127.0.0.1:3128) if you dont want both the external and internal clients > > to see tcp port 3128... > > > Yes, I can see the idea behind that. However, I think it must be possible > and much simpler to have Netfilter drop external requests to port 3128. I'm > trying to find out how to do that. the simple logic and attack of nmap is that, it send a *tcp syn* to the target host... if the the target host reply a *tcp syn/ack*... then nmap will display that port is *open* otherwise nmap will assumed that port is *filtered*... therefore, filtering thru packet filter, binding to localhost, whatever trick you gonna do... it will give you the same results from nmap... > > you said that you dont want the external clients see tcp port 3128 and you > > have two ethernet cards... bind your squid to your second network card > > having a *private* ip address while your first network card have a public > > ip address... > > > I have one card (eth0, 192.168.1.254) connected to an adsl router and > another (eth1, 192.168.2.1) connected to my lan network. Squid should only > work on the lan -- there are no incomng connections. Binding Squid to > 127.0.0.1 will bind it to ... what exactly? I'm sorry, I'm new to this. Can > you explain your idea in terms of my configuration? if you dont really want to open tcp port 3128 both to your internal and external clients, transparent proxy and binding squid to localhost will do... to give you an idea.. your network card is a *physical* device while your loopback interface (eg. localhost) is a *logical* device.. both physical and logical devices have an ip address if you assigned it... the principle of transparent proxy is that... it will hijack the tcp port 80 and *redirected* to a given or target ip address... if that target ip address is your localhost ip address (127.0.0.1) where squid bind to it (127.0.0.1:3128) then squid will happily recieved those hijack http packets... 127.0.0.1 is not routable therefore both your internal and external clients dont see 127.0.0.1:3128 in your squid box... fooler.
