Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint firewall]
From: "Kurt Seifried" <bugtraq () seifried org>
Date: Sat, 23 Feb 2002 14:30:29 -0700

Most vendors ship it with ACL's enabled, red hat for example has the comment
to the effect of "add your network here" so you need to define the network
and then create a rule to allow it (otherwise only localhost is allowed by
default to use squid, reasonably safe). Can't automatically use http_port, I
mean is 192.168.0.1 "outside", depending on your network it could be)? what
about 2.3.4.5 or 5.6.7.8? An acceptable solution in my opinion. Plus some of
us do allow the Internet at large to connect and use the proxy, once they've
authenticated of course.

Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.idefense.com/digest.html


I love Squid, and yes, default Squid configuration solves this problem...
But if you want a secure proxy, you have to change the parameter http_port
to listen only to your internal IP address!!! Default config is:
http_port 0.0.0.0
so anyone from the internet can use your proxy (I fond a lot of server so
configured!!!!). Change it to
http_port 192.168.1.254 #private IP

My 0.02...

Tommaso Di Donato



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault