Find the answer to your Linux question:
Results 1 to 4 of 4
Hi, I am running Squid/2.4.STABLE6 under Redhat Linux 9. Couple of days before suddenly access.log started showing entries like below: 1176886755.670 17 122.124.64.157 TCP_DENIED/403 985 CONNECT 203.188.197.10:25 - NONE/- - ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2007
    Posts
    4

    External IPs in access.log (Squid)


    Hi,
    I am running Squid/2.4.STABLE6 under Redhat Linux 9. Couple of days before suddenly access.log started showing entries like below:

    1176886755.670 17 122.124.64.157 TCP_DENIED/403 985 CONNECT 203.188.197.10:25 - NONE/- -
    1176886756.000 21 220.137.115.196 TCP_DENIED/403 979 CONNECT 168.95.5.25:25 - NONE/- -
    1176886756.737 14 122.124.64.157 TCP_DENIED/403 985 CONNECT 203.188.197.10:25 - NONE/- -
    1176886759.133 26 122.124.64.157 TCP_DENIED/403 985 CONNECT 203.188.197.10:25 - NONE/- -
    1176886759.824 17 220.137.115.196 TCP_DENIED/403 983 CONNECT 203.188.197.9:25 - NONE/- -

    While all these IPs are external to our LAN. Our LAN IPs are 192.168.0.x

    I shall be very thankful if anyone will be able to help me.

    Thank you.

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    is your squid excessible to the outside in any way, even on other ports.

    a whois lookup didn't help very much with those IPs but it does look like they are trying to connect thru your squid to another machines port 25. I would double check first the outside access to the machine and close it off if its not needed.

  3. #3
    Just Joined!
    Join Date
    Apr 2007
    Posts
    4
    Quote Originally Posted by jledhead View Post
    is your squid excessible to the outside in any way, even on other ports.

    a whois lookup didn't help very much with those IPs but it does look like they are trying to connect thru your squid to another machines port 25. I would double check first the outside access to the machine and close it off if its not needed.
    Thank you very much for the reply. Actually I don't know much about Linux. We are using this machine as a proxy server only and we don't need to access it from outside world. Kindly guide me how I can check open ports and close these if any?

  4. $spacer_open
    $spacer_close
  5. #4
    Super Moderator Roxoff's Avatar
    Join Date
    Aug 2005
    Location
    Nottingham, England
    Posts
    3,914
    It may not be a linux issue that you have...

    Closing off the ports is a firewall change, and if you're running this as part of a company setup, you've probably got a standalone firewall. You need to close off access to this machine on the firewall - the general principle is to close down all access to everything - i.e. deny everything to everyone, then open up stuff that you want to get through - like email service (forward port 25 to your mail server) or access to a web server (forward port 80 to your apache machine), etc.
    Linux user #126863 - see http://linuxcounter.net/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •