Find the answer to your Linux question:
Results 1 to 4 of 4
Hi, I am running Squid/2.4.STABLE6 under Redhat Linux 9. Couple of days before suddenly access.log started showing entries like below: 1176886755.670 17 122.124.64.157 TCP_DENIED/403 985 CONNECT 203.188.197.10:25 - NONE/- - ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 04-24-2007 #1
    Shafiq
    Shafiq is offline
    Just Joined!
    Join Date
    Apr 2007
    Posts
    4

    External IPs in access.log (Squid)

    Hi,
    I am running Squid/2.4.STABLE6 under Redhat Linux 9. Couple of days before suddenly access.log started showing entries like below:

    1176886755.670 17 122.124.64.157 TCP_DENIED/403 985 CONNECT 203.188.197.10:25 - NONE/- -
    1176886756.000 21 220.137.115.196 TCP_DENIED/403 979 CONNECT 168.95.5.25:25 - NONE/- -
    1176886756.737 14 122.124.64.157 TCP_DENIED/403 985 CONNECT 203.188.197.10:25 - NONE/- -
    1176886759.133 26 122.124.64.157 TCP_DENIED/403 985 CONNECT 203.188.197.10:25 - NONE/- -
    1176886759.824 17 220.137.115.196 TCP_DENIED/403 983 CONNECT 203.188.197.9:25 - NONE/- -

    While all these IPs are external to our LAN. Our LAN IPs are 192.168.0.x

    I shall be very thankful if anyone will be able to help me.

    Thank you.
    Reply With Quote Reply With Quote
  2. 04-24-2007 #2
    jledhead
    jledhead is offline
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    is your squid excessible to the outside in any way, even on other ports.

    a whois lookup didn't help very much with those IPs but it does look like they are trying to connect thru your squid to another machines port 25. I would double check first the outside access to the machine and close it off if its not needed.
    Reply With Quote Reply With Quote
  3. 04-25-2007 #3
    Shafiq
    Shafiq is offline
    Just Joined!
    Join Date
    Apr 2007
    Posts
    4
    Quote Originally Posted by jledhead View Post
    is your squid excessible to the outside in any way, even on other ports.

    a whois lookup didn't help very much with those IPs but it does look like they are trying to connect thru your squid to another machines port 25. I would double check first the outside access to the machine and close it off if its not needed.
    Thank you very much for the reply. Actually I don't know much about Linux. We are using this machine as a proxy server only and we don't need to access it from outside world. Kindly guide me how I can check open ports and close these if any?
    Reply With Quote Reply With Quote
  4. 04-25-2007 #4
    Roxoff
    Roxoff is offline
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,587
    It may not be a linux issue that you have...

    Closing off the ports is a firewall change, and if you're running this as part of a company setup, you've probably got a standalone firewall. You need to close off access to this machine on the firewall - the general principle is to close down all access to everything - i.e. deny everything to everyone, then open up stuff that you want to get through - like email service (forward port 25 to your mail server) or access to a web server (forward port 80 to your apache machine), etc.
    Linux user #126863 - see http://linuxcounter.net/
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules