Hello everybody.
I ran out of space on my squid log directory because cache.log grew very
fast filled by "forward loop detected" messages.
I'm using my squid as a transparent proxy.
What does that forward loop mean and how could it happen? I've noticed
that the originating IP was from a PC I had
On 20/05/11 00:24, Boniforti Flavio wrote:
Hello everybody.
I ran out of space on my squid log directory because cache.log grew very
fast filled by "forward loop detected" messages.
I'm using my squid as a transparent proxy.
What does that forward loop mean
Your squid is sending requests out
Hello Amos...
> > What does that forward loop mean
>
> Your squid is sending requests out which subsequently arrive
> back to it.
OK.
> > and how could it happen? I've noticed
>
> Most likely your NAT rules are broken. Packets leaving Squid
> MUST NOT be sent back to Squids listening port.
On 20/05/11 03:01, Boniforti Flavio wrote:
Hello Amos...
What does that forward loop mean
Your squid is sending requests out which subsequently arrive
back to it.
OK.
and how could it happen? I've noticed
Most likely your NAT rules are broken. Packets leaving Squid
MUST NOT be sent back
Hello again Amos, you're precious debugger of my situation! :-)
> > What you see there are some services redirected to my
> internal servers
> > and the rule for intercepting web traffic...
>
> Okay. Looks okay. The use of "eth0" replaces a specific Squid bypass.
> Squid will be using the Int
On 20/05/11 19:06, Boniforti Flavio wrote:
Hello again Amos, you're precious debugger of my situation! :-)
What you see there are some services redirected to my
internal servers
and the rule for intercepting web traffic...
Okay. Looks okay. The use of "eth0" replaces a specific Squid bypass
Hy Amos...
[cut]
> .. or in this case, it appears, some security penetration
> testing software. Somehow installed on a users PC.
>
> > Here you can find trace: http://www.sendspace.com/file/ij5qpe
> >
>
> Sorry, that seems to be a summary packet log. Just confirms
Sorry, I just took over y
On 21/05/11 00:36, Boniforti Flavio wrote:
Hy Amos...
[cut]
.. or in this case, it appears, some security penetration
testing software. Somehow installed on a users PC.
Here you can find trace: http://www.sendspace.com/file/ij5qpe
Sorry, that seems to be a summary packet log. Just confirm
Alright Amos!
> > Well, maybe! But that's weird behaviour... why should my
> "protection
> > suite" scan my whole subnet on port 80?
>
> From the (marketing) docs that particular McAfee component
> is designed for admins to do network wide security with.
> Active scans are one way to do thin
