Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall]

["Kurt Seifried" <bugtraq () seifried org>]

Most vendors ship it with ACL's enabled, red hat for example has the comment
to the effect of "add your network here" so you need to define the network
and then create a rule to allow it (otherwise only localhost is allowed by
default to use squid, reasonably safe). Can't automatically use http_port, I
mean is 192.168.0.1 "outside", depending on your network it could be)? what
about 2.3.4.5 or 5.6.7.8? An acceptable solution in my opinion. Plus some of
us do allow the Internet at large to connect and use the proxy, once they've
authenticated of course.

Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.idefense.com/digest.html


> I love Squid, and yes, default Squid configuration solves this problem...
> But if you want a secure proxy, you have to change the parameter http_port
> to listen only to your internal IP address!!! Default config is:
> http_port 0.0.0.0
> so anyone from the internet can use your proxy (I fond a lot of server so
> configured!!!!). Change it to
> http_port 192.168.1.254 #private IP
>
> My 0.02...
>
> Tommaso Di Donato