On 24.09 10:45, MikeB wrote: > Subject: Is there any way to prevent ports 1024 to 65535 from bypassing squid? look at safe_ports acl, provided in default config. > Squid does work except some requests , specifically java video chat > requests access port 80 through squid properly but the video does not work > and the linux box in front of squid rejects a port within the range of > 1024 to 65535 not from the squid box but from the workstation loading the > video chat applet to the internet. then, it's a problem of firewall of the linux box... > If i add an iptables rule to the forward table on the linux box in front of > squid for the workstation loading the video chat applet allowing source ports > 1024 to 65535 and destination ports 1024 to 65535 out directly to the > internet the video loads and works perfectly, however i would prefer not to > add rules for each workstation or not to add a global rule allowing ip ranges > because it would bypass the antivirus scanner running on the squid box and > make logging and tracking more difficult. sorry, you must to decide which one, I don't think there's another possibility. > Is there any way to redirect these ports to the squid server so that i don't > have to allow every workstation access to this port range through the linux > box in front of squid out to the internet? you would break much of internet traffic. Remember there are dosens of protocols that aren't proxyable, or not throuwh HTTP proxy. > Or is there some configuration on the squid box that i have not correctly > configured for video chat? maybe you can talk to provider of that videochat, but i doubt he will do anything about it. -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. I intend to live forever - so far so good.
