My Squid proxy server running on port 3128. Since this is frequently scanned by adversaries looking for proxy servers; I've changed port to 10000 and restart squid. But my squid is not working on port # 10000 it only works on port # 3128? How do I force Squid to listen on uncommon port under CentOS Linux v5.3?
Yes, the default listening port for the Squid service is 3128. You can change it to something else to improve security.
Squid Listen on Uncommon Port
Open squid.conf file, enter:
# vi squid.conf
Use an arbitrary port such as 10000:
http port 10000
Save and close the file. Restart squid:
# service squid restart
Verify port is open:
# netstat -tulpn | grep ':10000'
You also need to update SELinux configuration. Type the following command to add a new SELinux port mapping for the Squid service:
# semanage port -a -t http_cache_port_t -p tcp 10000
semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. Above command will allow Squid to listen on port 10000.
Configure Squid Authentication
You can improve squid security by configuring authentication.
Squid Iptables
Edit your /etc/sysconfig/iptables file and only allow Squid access from 10.0.0.0/8 for port # 10000:
-A RH-Firewall-1-INPUT -s 10.0.0.0/8 -m state --state NEW -p tcp --dport 10000 -j ACCEPT
Finally, restart iptables:
# service iptables restart
You should follow me on twitter here or grab rss feed to keep track of new changes.
Featured Articles:
- 30 Handy Bash Shell Aliases For Linux / Unix / Mac OS X
- Top 30 Nmap Command Examples For Sys/Network Admins
- 25 PHP Security Best Practices For Sys Admins
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- Linux: 20 Iptables Examples For New SysAdmins
- Top 20 OpenSSH Server Best Security Practices
- Top 20 Nginx WebServer Best Security Practices
- 20 Examples: Make Sure Unix / Linux Configuration Files Are Free From Syntax Errors
- 15 Greatest Open Source Terminal Applications Of 2012
- My 10 UNIX Command Line Mistakes
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- The Novice Guide To Buying A Linux Laptop
{ 5 comments… read them below or add one }
# vi /etc/ squid/squid.conf
add this line
http_port 10000
squid -k reconfigure
how to do in redhat EL4?
what about in Gentoo Linux
How to manage SElinux in Ubuntu 9.04. Please help
make sure you have configured your firewall properly (e.g: iptables) to make the squid works..