OPEN HTTP Proxy -Urgent
 

Hi,

I'm having a problem with a webserver which is an open http proxy. The bandwidth usage so far this month is 500Gb when I usually get 2Gb.
I've installed Squid, ipchains, portsentry and shutdown pop3 and imap services. Still I'm having a 35Gb bw usage per day.

Does anyone have an ideia for a configuration that I might be missing?
Thank you in advanced,
Regards,
F.

Don't you have any logs or anything to see where the requests are coming from? Maybe someone is spamming your server.

please do not mark threads as urgent. it may be urgent for you, but it is not urgent for us. thanks.

I've checked the logs and I get:


cat /var/log/maillog: tons of relaying denied messages.
cat /var/log/squid/access tons of TCP DENIED to Connect

I've changed my ipchain rules to the following:

ipchains -P input ACCEPT
ipchains -A input -p tcp -d 192.84.219.128 smtp -j ACCEPT
ipchains -A input -p tcp -d 192.84.219.128 pop3 -j ACCEPT
ipchains -A input -p udp -d 192.84.219.129 domain -j ACCEPT
ipchains -A input -p tcp -d 192.84.219.129 domain -j ACCEPT
ipchains -A input -p tcp -d 192.84.218.130 www -j ACCEPT
ipchains -A input -p tcp -d 192.84.218.130 rsync -j ACCEPT
ipchains -A input -p icmp -j icmp-acc
ipchains -A input -j DENY -l

and now I can't access my webpage, my pop acccount and I can't ssh to my server.

Can you tell me what is wrong?

Thank you in advanced,
Francisco

If you have a default policy of "ACCEPT" for a chain, you don't need to specify rules. You didn't post any forward or output chain policy/rules, you need to specify some. Btw, are you sure the default policy of "ACCEPT" is what you want? It offers no restrictions at all.