- 论坛徽章:
- 0
|
环境:iptables+squid做成透明代理,现在我用netstat -a看系统进程,老看到有这样的进程
[root@zghjght-dgdg]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 2**.9*.22*.6*:40322 218.30.12.59:http ESTABLISHED
tcp 0 0 2**.9*.22*.6*:34724 202.96.140.105:http TIME_WAIT
tcp 0 0 2**.9*.22*.6*:34717 61.188.179.245:http TIME_WAIT
tcp 0 0 2**.9*.22*.6*:34718 61.145.114.152:http TIME_WAIT
tcp 0 1 2**.9*.22*.6*:34807 192.168.1.40:http SYN_SENT
我在squid里已经定义了
http_port 192.168.0.1:3128
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl z src 192.168.0.0/255.255.255.0
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow z
http_access deny all
请问我该如何阻止外部网络连接我的proxy server?
我不大懂iptables ,能给我做条具体的规则吗? |
|