Linux Iptables allow SQUID proxy incoming client request

Posted on in Categories News last updated August 9, 2005

SQUID is a high‐performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects etc. By default it listen on TCP 3128 port. Following iptables rules allows SQUID incoming client request (open TCP port 3128) for server IP address
iptables -A INPUT -p tcp -s 0/0 –sport 1024:65535 -d –dport 3128 -m state –state NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp -s –sport 3128 -d 0/0 –dport 1024:65535 -m state –state ESTABLISHED -j ACCEPT

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

14 comment

    1. Squid doesn’t talk to the internet on 3128. It listens on 3128. So you have to remove –sport 3128 from your OUTPUT chain.

      [you] (random high port) >=====> (3128) [squid]
      [squid] (random high port) >=====> (80) [internet]

Leave a Comment