In short, I don't believe so. Squid isn't meant to be limited in such ways, and I still stand firm in believing that OUTBOUND ports that get binded to a local machine has no effect on firewalling. Only DESTINATION ports are compared in Firewall ACL's. >>> "Thomas Pietsch" <Shivering@xxxxxxx> 4/5/2011 3:08 AM >>> Hey, yes i am referring to outbound ports. I know there is no speed advantage of doing so. Its simply a security matter (firewaling, trusted partys and so on .. ). So the proxy shall be running on the same machine as the browser and then proxy every request and response through smth like 20 sockets. Is this possible via squid? -------- Original-Nachricht -------- > Datum: Mon, 04 Apr 2011 16:44:20 -0400 > Von: "Chad Naugle" <Chad.Naugle@xxxxxxxxxxx> > An: Shivering@xxxxxxx, squid-users@xxxxxxxxxxxxxxx > Betreff: Re: Limiting outgoing port range. > Are you referring to Squid's OUTBOUND ports, or the DESTINATION ports? > > Destination Ports could be done by stacking ACL's per a user/group to > specific list of ports ACL, but that's a lot of ACL stacking for > particular users, and the result is if they are outside of the range of > ports, could result in a ACCESS_DENIED, depending on the requested URL. > Ie -- > > acl Joe_User <code to identify "Joe"> > acl Joe_Ports port 21 > acl Joe_Ports port 80 > acl Joe_Ports port 443 > acl Joe_Ports port 8080 > > http_access allow Joe_User Joe_Ports > http_access deny all > > But I would highly doubt that directly mapping SOURCE ports would be > theoretically possible, because, for one, Squid does not _ALWAYS_ query > a destination, as a function of it being a cache. And two, statically > defining a port, or block of ports for a particular user or group can > squelch the amount of possible users to be able to use the proxy, > causing it not to scale well, amongst many other technical issues that > can, and will only create bottlenecks. > > Also, selecting outbound source ports has no technical advantage / > merit versus selecting destination ports, that I can think of. > > > >>> <Shivering@xxxxxxx> 4/4/2011 4:22 PM >>> > Hey, > i need an HTTP proxy which synchronizes outgoing connections to a > limited port range. For example to make only http connections via 20 > outgoing ports. Is squid able to do this with little effort? I've > already searched the FAQ and the mail archive and only found this > question/answer: > http://www.mail-archive.com/squid-users@xxxxxxxxxxxxxxx/msg29951.html > . This is six years old. So i thought i give it a new try ^^. I > appreciate any tips. > Best regards > -- > GMX DSL Doppel-Flat ab 19,99 Euro/mtl.! Jetzt mit > gratis Handy-Flat! http://portal.gmx.net/de/go/dsl > > > Travel Impressions made the following annotations > ------------------------------------------------------------- > "This message and any attachments are solely for the intended recipient > and may contain confidential or privileged information. If you are not > the intended recipient, any disclosure, copying, use, or distribution of > the information included in this message and any attachments is > prohibited. If you have received this communication in error, please > notify us by reply e-mail and immediately and permanently delete this > message and any attachments. > Thank you." -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de Travel Impressions made the following annotations ------------------------------------------------------------- "This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you."