Bugtraq mailing list archives
Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall]
From: "Kurt Seifried" <bugtraq () seifried org>
Date: Sat, 23 Feb 2002 14:30:29 -0700
Most vendors ship it with ACL's enabled, red hat for example has the comment to the effect of "add your network here" so you need to define the network and then create a rule to allow it (otherwise only localhost is allowed by default to use squid, reasonably safe). Can't automatically use http_port, I mean is 192.168.0.1 "outside", depending on your network it could be)? what about 2.3.4.5 or 5.6.7.8? An acceptable solution in my opinion. Plus some of us do allow the Internet at large to connect and use the proxy, once they've authenticated of course. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ http://www.idefense.com/digest.html
I love Squid, and yes, default Squid configuration solves this problem... But if you want a secure proxy, you have to change the parameter http_port to listen only to your internal IP address!!! Default config is: http_port 0.0.0.0 so anyone from the internet can use your proxy (I fond a lot of server so configured!!!!). Change it to http_port 192.168.1.254 #private IP My 0.02... Tommaso Di Donato
Current thread:
- Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall] Tommaso Di Donato (Feb 23)
- Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall] Keith Simonsen (Feb 23)
- Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall] Kurt Seifried (Feb 25)