On Thu, Mar 13, 2008 at 1:05 PM, Agnello George agnello.dsouza@gmail.com wrote:
Bellow was the logs i received in my log file before i added the new rule
1205406926.780 6 219.254.32.113 TCP_DENIED/403 4197 CONNECT 203.141.160.33:25 - NONE/- text/html 1205406926.812 1680 124.115.0.175 TCP_MISS/200 21162 GET http://www.soso.com/q? - DIRECT/60.28.232.146 text/html 1205406926.900 575 89.149.242.226 TCP_MISS/200 894 POST
http://www.glookle.com/usr/proxy/checker5/check.php - DIRECT/89.149.242.226 text/html 1205406927.017 852 71.228.204.50 TCP_MISS/999 5104 GET http://n2.login.scd.yahoo.com/config/pwtoken_get? - DIRECT/209.73.168.34 text/html
After i added the rule ( iptables -I INPUT 1 -s ! 192.168.0.0/24 -p tcp--dport 3128 -j DROP )
i only get the following logs ( which looks OK :) )
9 text/html 1205418879.760 29983 192.168.0.250 TCP_MISS/200 892 GET http://b.mail.google.com/a/eadroit.com/channel/bind? - DIRECT/209.85.201.189 text/html 1205418879.998 705 192.168.0.73 TCP_MISS/200 462 GET
http://livehelp.qualispace.com/pull/requests.php? - DIRECT/67.15.197.19 text/html 1205418880.217 577 192.168.0.74 TCP_MISS/200 562 POST http://www.hostv.com/livehelp/include/status.php - DIRECT/209.123.178.244 text/html 1205418880.942 587 192.168.0.170 TCP_MISS/200 485 GET http://livehelp.qualispace.com/pull/traffic.php? - DIRECT/67.15.197.19 text/html 1205418881.789 595 192.168.0.248 TCP_MISS/200 462 GET
http://livehelp.qualispace.com/pull/requests.php? - DIRECT/67.15.197.19 text/html 1205418882.056 593 192.168.0.151 TCP_MISS/200 462 GET
http://livehelp.qualispace.com/pull/requests.php? - DIRECT/67.15.197.19 text/html
Do they disappear after implementing the above rule?
yep it did
Some misunderstanding here. I was under the impression that you wanted to remove the GET public IPs. But one thing still baffles me. How were clients (like 124.115.0.175) from outside your lan able to access your proxy? Does your proxy have a public IP? If yes, can I have it? Orkut is banned here :P
Regards, NMK.