LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-03-2011, 07:20 PM   #1
Skaperen
Senior Member
 
Registered: May 2009
Location: center of singularity
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,681
Blog Entries: 31

Rep: Reputation: 176Reputation: 176
Squid3 is listening on random UDP ports - what is this?


I just installed Squid3 (on Ubuntu 11.04 server amd64) and trying to lock it down. It started by having both TCP and UDP listens on 0.0.0.0 or [::]. I configured "http-port" to get the TCP listens to be only on 127.0.0.1 and [::1] and that much worked. But the UDP listens are troubling. They are not on port 3130 (for ICP). Instead, they are randomized and are different every time Squid3 starts up (one port for 0.0.0.0 and another port for [::]). So iptables isn't going to be an easy option to block it since it changes every time Squid3 is restarted.

Anyone know what this is and how to turn it off?
 
Old 10-03-2011, 08:13 PM   #2
corp769
LQ Guru
 
Registered: Apr 2005
Location: /dev/null
Posts: 5,818

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Hello,

Read here - http://firewall.at/support/squid/Users-Guide/x505.html

Cheers,

Josh
 
Old 10-03-2011, 08:52 PM   #3
Skaperen
Senior Member
 
Registered: May 2009
Location: center of singularity
Distribution: Xubuntu, Ubuntu, Slackware, Amazon Linux, OpenBSD, LFS (on Sparc_32 and i386)
Posts: 2,681

Original Poster
Blog Entries: 31

Rep: Reputation: 176Reputation: 176
Quote:
Originally Posted by corp769 View Post
All that seems to describe is how to change the port number (I already used that to change the listen address binding, instead, using 3128 as the port number). I don't see anything in this document page that describes what these random UDP ports are and how to disable them. I don't have any peering set up (unless it is on by default, in which case I need to find out to turn it off), and I believe that uses port 3130, anyway.

Here is the config, sans comments, and the latest netstat showing the ports (52749 and 49844 this time, but will be different when squid is restarted):

Code:
baldr/root/squid /etc/squid3 8# egrep -v '^#' squid.conf | cat -s

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow localhost

http_access deny all

http_port 127.0.0.1:3128
http_port [::1]:3128

hierarchy_stoplist cgi-bin ?

coredump_dir /var/spool/squid3

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

baldr/root/squid /etc/squid3 9# netstat -antup | fgrep squid
tcp        0      0 127.0.0.1:3128          0.0.0.0:*               LISTEN      5242/(squid)    
tcp6       0      0 ::1:3128                :::*                    LISTEN      5242/(squid)    
udp        0      0 0.0.0.0:52749           0.0.0.0:*                           5242/(squid)    
udp6       0      0 :::49844                :::*                                5242/(squid)    
baldr/root/squid /etc/squid3 10#
FYI, the page you gave says "Squid's default HTTP port is 3129". Typo?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Is it possible to have TCP and UDP servers listening and writing on the SAME port? Aquarius_Girl Programming 17 02-18-2011 12:42 AM
listening ports cornish Linux - Networking 4 02-03-2008 07:36 AM
UDP server with socket listening on all IP addresses XTF Programming 0 06-04-2004 03:19 PM
Ports listening? dareino Linux - Networking 2 03-31-2004 08:40 AM
NTP listening on UDP+TCP(!)/123 hugohindemith Linux - Networking 4 12-15-2003 10:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:28 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration