Kinkie wrote: > On 5/4/07, Pat Riehecky <prieheck@xxxxxxx> wrote: >> I just put iptables on our squid box and noticed some very strange >> activity (IPs have been changed to protect the innocent): >> >> [44165032.820000] Dropped default (OUTPUT): IN= OUT=eth0 >> SRC=MY.PROXY.IP.ADDRESS DST=SOME.RANDOM.IP.ADDR LEN=40 TOS=0x00 >> PREC=0x00 TTL=64 ID=41807 DF PROTO=TCP SPT=3128 DPT=2660 WINDOW=7140 >> RES=0x00 ACK PSH FIN URGP=0 >> >> I have literally thousands of these where it looks like squid is >> actively opening connections (well trying...) to the outside world. The >> intervals are somewhat random (and if you really care I can extrapolate >> them). > > It's probably a problem with iptables, not squid. > What's probably happening is that your iptables rules include some > rules that accept packets for sessions in a RELATED or ESTABLISHED > state. And session management is the problem, because sesssions have > their own timeout. > ... > In other words, nothing to worry about That supposes that the connection are with legitimate clients, but since the OP referred to "SOME.RANDOM.IP.ADDR", and "connections ... to the outside world", I suspect it was an open proxy.
