IP's extrañas en mi squid

Publicado por j0r9e, Junio 09, 2014, 12:16:31 PM

Tema anterior - Siguiente tema
Imprimir
Ir Abajo Páginas1
Acciones del Usuario

j0r9e

Junio 09, 2014, 12:16:31 PM
Estimados,

Hace una semana pude hacer funcionar mi servidor caché de 32 bits, todo funcionaba bien hasta hace un par de días que me empezaron a salir unas ip's que no pertenecen a mis subredes. Acá está el log del squid, para ver si alguien me puede ayudar.

Saludos


Mon Jun  9 13:01:13 2014  60777 115.239.231.109 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:01:21 2014  60776 115.239.231.109 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:01:23 2014  61464 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:01:31 2014  59983 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:01:41 2014  61134 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:01:49 2014   5518 60.173.8.237 TCP_MISS/000 0 POST http://pt.3g.qq.com/login? - DIRECT/pt.3g.qq.com -
Mon Jun  9 13:01:51 2014  60053 115.239.231.109 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:01:52 2014   5537 60.173.8.237 TCP_MISS/000 0 POST http://pt.3g.qq.com/login? - DIRECT/pt.3g.qq.com -
Mon Jun  9 13:01:57 2014  61574 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61574 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61572 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61572 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61539 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61530 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61518 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61516 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61514 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61482 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61452 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:02:03 2014   5516 60.173.8.237 TCP_MISS/000 0 POST http://pt.3g.qq.com/login? - DIRECT/pt.3g.qq.com -
Mon Jun  9 13:02:24 2014  60664 115.230.125.80 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:30 2014  61146 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:34 2014  60913 115.239.231.109 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:36 2014  59984 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59983 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59980 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59974 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59974 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59957 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59956 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59949 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59947 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59943 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59942 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:42 2014  59496 1.57.158.183 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:46 2014  60184 115.239.231.109 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:49 2014      0 114.215.106.40 TCP_DENIED/403 3403 CONNECT 115.238.189.121:800 - NONE/- text/html
Mon Jun  9 13:02:53 2014  59953 115.239.231.109 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:58 2014  59749 115.230.125.80 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:58 2014   5521 60.173.8.237 TCP_MISS/000 0 POST http://pt.3g.qq.com/login? - DIRECT/pt.3g.qq.com -
Mon Jun  9 13:03:00 2014  59350 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:03:05 2014  59411 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:03:21 2014  29741 125.66.22.251 TCP_MISS/000 0 GET http://tw.gigacircle.com/328723-1 - DIRECT/tw.gigacircle.com -
Mon Jun  9 13:03:40 2014  59714 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:03:51 2014  61037 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.

firecold

#1
Junio 09, 2014, 01:33:39 PM
Cita de: j0r9e en Junio 09, 2014, 12:16:31 PM
Estimados,

Hace una semana pude hacer funcionar mi servidor caché de 32 bits, todo funcionaba bien hasta hace un par de días que me empezaron a salir unas ip's que no pertenecen a mis subredes. Acá está el log del squid, para ver si alguien me puede ayudar.

Saludos


Mon Jun  9 13:01:13 2014  60777 115.239.231.109 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:01:21 2014  60776 115.239.231.109 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:01:23 2014  61464 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:01:31 2014  59983 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:01:41 2014  61134 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:01:49 2014   5518 60.173.8.237 TCP_MISS/000 0 POST http://pt.3g.qq.com/login? - DIRECT/pt.3g.qq.com -
Mon Jun  9 13:01:51 2014  60053 115.239.231.109 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:01:52 2014   5537 60.173.8.237 TCP_MISS/000 0 POST http://pt.3g.qq.com/login? - DIRECT/pt.3g.qq.com -
Mon Jun  9 13:01:57 2014  61574 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61574 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61572 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61572 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61539 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61530 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61518 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61516 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61514 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61482 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:01:57 2014  61452 183.91.52.223 TCP_MISS/503 0 CONNECT memberprod.alipay.com:443 - DIRECT/110.75.142.57 -
Mon Jun  9 13:02:03 2014   5516 60.173.8.237 TCP_MISS/000 0 POST http://pt.3g.qq.com/login? - DIRECT/pt.3g.qq.com -
Mon Jun  9 13:02:24 2014  60664 115.230.125.80 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:30 2014  61146 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:34 2014  60913 115.239.231.109 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:36 2014  59984 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59983 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59980 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59974 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59974 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59957 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59956 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59949 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59947 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59943 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:36 2014  59942 183.61.146.96 TCP_MISS/503 0 CONNECT mail.10086.cn:443 - DIRECT/221.176.9.121 -
Mon Jun  9 13:02:42 2014  59496 1.57.158.183 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:46 2014  60184 115.239.231.109 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:49 2014      0 114.215.106.40 TCP_DENIED/403 3403 CONNECT 115.238.189.121:800 - NONE/- text/html
Mon Jun  9 13:02:53 2014  59953 115.239.231.109 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:58 2014  59749 115.230.125.80 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:02:58 2014   5521 60.173.8.237 TCP_MISS/000 0 POST http://pt.3g.qq.com/login? - DIRECT/pt.3g.qq.com -
Mon Jun  9 13:03:00 2014  59350 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:03:05 2014  59411 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:03:21 2014  29741 125.66.22.251 TCP_MISS/000 0 GET http://tw.gigacircle.com/328723-1 - DIRECT/tw.gigacircle.com -
Mon Jun  9 13:03:40 2014  59714 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.70.8 -
Mon Jun  9 13:03:51 2014  61037 113.242.174.229 TCP_MISS/503 0 CONNECT sso.kongzhong.com:443 - DIRECT/180.235.

Amigo una pregunta usted esta usando Raptor en paralelo con MK o lo esta usando en modo gateway, ya que si lo esta usando en modo gateway deberia definir en acl's sus rangos de red, saludos

j0r9e

#2
Junio 09, 2014, 02:56:49 PM
Estimado, lo estoy usando en paralelo a un Mikrotik y estoy haciendo redirección por NAT.

Estas son mis reglas del firewall

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here
    disabled=yes to-addresses=0.0.0.0
add action=dst-nat chain=dstnat disabled=yes dst-port=81 in-interface=wan \
    protocol=tcp to-addresses=192.168.1.21 to-ports=80
add action=masquerade chain=srcnat comment="default configuration" disabled=ye
    out-interface=wan to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade wlan-lan5" disabled=no
    out-interface=wan src-address=192.168.88.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no out-interface=wan src-address=10.5.50.0/24 to-addresses=0.0.0.
add action=dst-nat chain=dstnat comment=SSH_Raptor disabled=no dst-port=2200 \
    protocol=tcp to-addresses=192.168.10.2 to-ports=22
add action=dst-nat chain=dstnat comment=WEBADMIN_Raptor disabled=no dst-port=8
    protocol=tcp to-addresses=192.168.10.2 to-ports=82
add action=masquerade chain=srcnat comment=NAT_Raptor disabled=no \
    out-interface=wan src-address=192.168.10.0/30
add action=masquerade chain=srcnat comment=NAT_VPN disabled=yes out-interface=
    wan src-address=192.168.100.0/24
add action=dst-nat chain=dstnat comment="Redirect Raptorcache" disabled=no \
    dst-port=80 protocol=tcp src-address=!192.168.10.2 to-addresses=\
    192.168.10.2 to-ports=3128

Saludos, gracias por la pronta respuesta.

firecold

#3
Junio 09, 2014, 06:03:16 PM
Cita de: j0r9e en Junio 09, 2014, 02:56:49 PM
Estimado, lo estoy usando en paralelo a un Mikrotik y estoy haciendo redirección por NAT.

Estas son mis reglas del firewall

/ip firewall nat
add action=passthrough chain=unused-hs-chain comment="place hotspot rules here
    disabled=yes to-addresses=0.0.0.0
add action=dst-nat chain=dstnat disabled=yes dst-port=81 in-interface=wan \
    protocol=tcp to-addresses=192.168.1.21 to-ports=80
add action=masquerade chain=srcnat comment="default configuration" disabled=ye
    out-interface=wan to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade wlan-lan5" disabled=no
    out-interface=wan src-address=192.168.88.0/24 to-addresses=0.0.0.0
add action=masquerade chain=srcnat comment="masquerade hotspot network" \
    disabled=no out-interface=wan src-address=10.5.50.0/24 to-addresses=0.0.0.
add action=dst-nat chain=dstnat comment=SSH_Raptor disabled=no dst-port=2200 \
    protocol=tcp to-addresses=192.168.10.2 to-ports=22
add action=dst-nat chain=dstnat comment=WEBADMIN_Raptor disabled=no dst-port=8
    protocol=tcp to-addresses=192.168.10.2 to-ports=82
add action=masquerade chain=srcnat comment=NAT_Raptor disabled=no \
    out-interface=wan src-address=192.168.10.0/30
add action=masquerade chain=srcnat comment=NAT_VPN disabled=yes out-interface=
    wan src-address=192.168.100.0/24
add action=dst-nat chain=dstnat comment="Redirect Raptorcache" disabled=no \
    dst-port=80 protocol=tcp src-address=!192.168.10.2 to-addresses=\
    192.168.10.2 to-ports=3128

Saludos, gracias por la pronta respuesta.

Entonces tambien tendras que definir una acl's especificas para que solo puedan acceder los rangos que tu fijes, eso te podria decir yo. con respecto a squid, ya que con MK no te podria aconsejar ya que no lo uso, Saludos
Imprimir
Ir Arriba Páginas1
Acciones del Usuario