i installed CentOS 5.4 with squid and dansguardian as internal use in a firm. There is a domain server and primary dns windows, but by "wpad" file every internal computer is automaticly forwarding on CentOS proxy.Dansguardian port 8080Squid port 3128Now i have a problem, how to inform my customers who use your laptop in our lan that they have to configure the proxy.
View 4 RepliesI need to understand what is happening with my VPN , I manage the Firewall server that have install POPTOP ($Id: pptpd.conf,v 1.10) for VPN conecctions. Actually only 3 users are using the service, about 1 month ago, I have problems with connection and service that consistently falls, sometimes it can get 1 hour of connection and then falls,My Server is on Centos , Kernell 2.6.18-53.el5PAE
This is my File on /etc/pptpd.conf
Code:
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.10.1
remoteip 192.168.10.230-250
This is my File on /etc/ppp/options.pptpd
Code:
name servername
name pptpd
auth
refuse-pap
[code]....
I've tried to read many of the topics in this forum first and tried to find a solution to my problem, but can't find one.I'm testing CentOS 5.5, it's the first time I'm using a CentOS Linux release.I'm trying to configure the proxy "client side " on it and cannot find how to do it.On other Linux release I've used the ENV variable like "http_proxy" or "HTTP_PROXY" etc etc.This time, I don't know why but it doesn't work.I've put the name and @ip of the proxy in /etc/hosts and tried different version upper/lowercase of "http_proxy" "HTTP_proxy" "ftp_pr.." but it doesn't work.If I configure manually Firefox and puting the name or @ip of the proxy we have on our network, it works.But if I try to use ENV variable it doesn't work...
View 1 Replies View RelatedI have a DELL running CentOS 5.4 with 2 active NICs, one with an external IP address (eth0) on 123.456.78.9 and another that is connected to our internal network (eth1), 192.168.2.x. When I reboot the server, everything works glowingly. External traffic is correctly routed over the external interface (eth0) and internal traffic over the internal interface (eth1). After some random amount of time, a couple of hours and sometimes a couple of days, all traffic starts getting routed over our internal network, so DNS requests fail, internet pages don't load, smtp connections fail, etc.
I'm assuming that everything that's not headed for our .1, .2 or VPN internal networks would go out the external interface. And why this works for a period of time and then stops working is beyond me. And when external traffic starts going over the internal interface, I just reboot and it starts working like it's supposed to again.
I have just installed CentOS and it is working fine!I made a masquerade with the document there: I didn't used the script, because right now, I do not completely understand it, and obviously I am not modifying anything by leaving it like that.I was using Mandriva before and I am used to graphical tools My questions are:I add the following lines in my iptables:
[root@localhost ~]# service iptables stop
[root@localhost ~]# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
[root@localhost ~]# service iptables save
[code]....
I will try to explain a bit first about my network typology: I have one cent os 5.5 machine with 2 nics - external one 86.x.x.122 and internal one with 2 IPs: 192.168.1.1 and 89.x.x.121. The ideea is that I have a public subnet (86.x.x.120/29) of IPs which are routable only through 86.x.x.122 so I have a webserver hosted on a different machine with the IP of 89.x.x.122 and GW 89.x.x.121 - everything works perfectly fine, except that I cannot access from the internal network 192.168.1.0 / 24 the so called DMZ (roughly) - the 89.x.x.122.
What really makes me crazy is that I setup the IPtables rules correctly because I can access the webserver from the outside world but I cannot accessit from the internal network...
what I'm missing - why the 192.168.1.0/24 cannot see the 89.x.x.122 machine... What IPtables rules should I add?
i am forwarding HTTP request to a internal server, it is quiet successful but access logs donot show the ip of the external m/c. Rather it shows the ip of the machine on which i have enabled port forwarding.
View 2 Replies View RelatedI have configured CentOS 5.4 as a router/firewall (iptables) as such, and it is working fine:
eth0 - Public IP/Intenet, DHCP
eth1 - 192.168.0.0 internal "net1"
eth2 -10.0.0.0 internal "net2"
I want to add a fourth NIC, eth3, which will be assigned its own Public IP/Internet address (thru DHCP; my ISP provides two). The purpose it to route all net1's internet-bound traffic through eth0, and all of net2's internet traffic to eth3. This allows me to use one router/firewall machine instead of two separate ones. I anticipate that without some specific routing instructions, the default route will be eth0 for all net1 and net2 internet traffic (eth3 will be ignored).
I thought of using just one NIC (eth0) but create an alias (eth0:0), but IPtables (and possible DHCP) can't differentiate between the two (besides, nics are inexpensive). Is there a way to do this through routing commands, or even use iptables prerouting/forward functions (or is using iptables problematic)?
I have big problem with correct settings of iptables as a router. My network topology (UTM Hardware router) 192.168.1.1--->eth0 192.168.1.2(centos with apache ftp and transparent squid 8080)--->eth1 192.168.0.1(LAN with dhcp)
eth0=WAN 192.168.1.2
eth1=LAN 192.168.0.1
I have problem with hanging connections through squid which are very slow or connection failed. Sometimes i received DNS timeout error from squid stable 2.6 21
[Code]...
I need to install web proxy on my VPS, means, i'll get ip:port (without login and password) to add on firefox and to connect throught that Proxy ....
I have successfully installed Squid (with the command line : yum install squid)
Now, i need to know how to change squid.conf to be able to use that ip:port on firefox .
I'm trying to set up a server for an NPO who connects to the Internet through an internal proxy (Websense). I can't access the Internet unless through the proxy.
Since it's a server I did not install a GUI so I'm wondering how to connect the new server to said proxy server. I have the IP address, port number and username-password for the proxy server. The new server has a static IP address and is ready too go!
Suppose I have a bunch of web servers running on my internal network:
And I have a dyndns account, I was wondering:
How can I do this?
Here is my network diagram ADSL router----firewall--LAN inside the LAN my squid is running. currently all users are working with out proxy server. I installed the proxy server inside the LAN. now all users can access web browsing ,but no other ports are working , like POP3, smtp, then some other TCP port based applications are not working. My firewall ( juniper) is created and tested the rules to allow the POP3 and smtp and selected poprts which is working , but I redirected through squid proxy server the clients are not able to access. where do I have to create rules?
** in squid proxy( i already did in safe port list stillnot working)
** IP tables?
i have a website named [URL]... now i want to access this website using proxy server(squid,or etc...) under my personal server named [URL]...means that [URL]...
View 4 Replies View RelatedHow To: Load Balancing & Failover With Dual/ Multi WAN on Linux proxy server I have 3 WANs connection (2 ADSL and 1 Wimax). And 30 clients on LAN.
eth0 connect with Wimax
ip= 172.23.x.x
eth1 connect with ADSL1
ip=10.10.6.x
eth2 connect with ADSL2
ip= 10.10.5.x
eth3 connect with LAN
ip=192.168.1.x
how to do Load Balancing & Failover With Dual/ Multi WAN on Linux proxy server.
I'm trying to setup a Centos 5.6 Squid Proxy Server with Content Filtering & Antivirus Scanning Incoming HTTP Traffic from the Internet
I then proceeded to setup an configure the Proxy Server, i was able to test and confirm that Squid and Dansguardian Content Filter is working, however i dont know if Clamav is scanning HTTP traffic before it hits the client/server. Is there a way i can check if the Antivirus scanning is working.. is there some log file or real world test i can i can do to confirm that Clamav is scanning incoming traffic or even blocking potential viruses ??
Anyone who has squid proxy server with Clamav configured and its working can share there settings/setup with me and how they tested it ??
Currently my DHCP Server is working now what i want to have is auto detection of squid proxy in any browser but I still got an error in my dhcp server when I restart it.
My Config:
# DHCP configuration generated by Firestarter
ddns-update-style interim;
ignore client-updates;
[code]....
I recently tried installing GNOME Inform for Linux on my lpia architecture ubuntu netbook remix-running netbook, only to get the error message:
dpkg: error processing gnome-inform7_5Z71-0ubuntu1_amd64.deb (--install): package architecture (amd64) does not match system (lpia)Errors were encountered while processing: gnome-inform7_5Z71-0ubuntu1_amd64.deb
I have not been able to find a Lpia archive, although I will keep on looking. Is there anything else I could do, or could someone direct me to an Lpia archive? I'm specifically trying to get the GUI version of Inform, not the Command-Line version.
My home network consists of a file server with a RAID5 array of disks and various 'client' computers. Various parts of this RAID array are shared using NFS. The NFS server and clients all work fine for all shares. This computer consumes a lot of power so is only on when needed and the problem I'm struggling with is how to inform the clients that are running when the server starts so they can mount the NFS shares they're interested in? At the moment that the server runs a series of scripts on each client using a command like 'ssh someuser@client -X /home/someuser/bin/mountscript.sh'. This only works if someuser can ssh to client from server without a password (or permission is stored in .ssh/known_hosts), requires a fair bit of work when I add a new client, and is prone to break when I fiddle with things. Is there a more elegant system, maybe one that would allow the file server to broadcast a 'I'm here' message to all clients, or the entire network, on startup, and similarly an 'I'm going away' message when it shuts down again?
View 4 Replies View RelatedI am installing a cluster which is hidden from the rest of the world and there is no router either froma general login node. I would therefore require a local repository of the updates to CentOS5.4. When I checked I only found instructions for a full mirror. As I have no room and neither the human resources to setup and maintain a full-blown mirror, this is not a solution. However if I try to find updates for 5.4 to download in a repository-type of way I fail to find a solution. Maybe I am just not looking in the right places.
View 1 Replies View RelatedAt the moment I have a proxy and all the users have to configure it in the browser to access internet. I want to make the users able to browse even without configuring the proxy in the browser. but eventually it should be received in the proxy rather than giving an error to the user. I heard with transparent proxy I can redirect all the traffic from a particular network, to a particular host( ie my existing proxy).
I tried this using firewall rules. But then the existing proxy doesn't understand the protocol of the requests. I heard that it should be in the kind of proxy protocol.
I had problems with hard disk failing and bad block informations in smartctl and palimpsest.
After several avaliations a concluded that apps don't show smart informations if a hard disk partition is monted.
When i boot with livecd it shows a failure in the hard disk, but in monted system dont.
I'm setting up a new linux box to give email and web services to some small companies I manage.I'd like to secure things up a bit, as I don't want that user in Company A be able to access Company B data.For starters I'm planning to create a new place for placing users, groups, files and some other Company related stuff.I want to be able, when I add a user for some company, that the user home dir will be set to /customers/ companyX/users/userX
Question 1: is this folder structure ok, or is there a better,safer place to put it other than / ?
Question 2: how can I set a new user home dir to the path above, when I add it? Similarly, how can I set the email location?
I'm in the process of building a security team and want each individual of the team to concentrate on the GIAC certifications mentioned in the [URL] website. I was wondering if any inputs on how can I structure this team and how can I target customers?
View 7 Replies View RelatedI've setup squid proxy st time on centos 5.This is my current setup.squid.conf:Quote:acl our_networks src 192.168.10.0/24 ttp_access allow our_networksQuote:
internet -- modem -- Firewall --switch--squid proxy (192.168.10.100)
--client workstation ((192.168.10.200)
(client workstation is connected to the same switch as the squid proxy)
[code]...
I'm looking for a way to distribute files to customers and vice versa via web. What I'd like to find is a program that allows a user to upload a file to a web server and then email a link to the file to the recipient. It would have to be secure of course.
View 3 Replies View RelatedMy Linux server which is running my company website have been hacked. Today I saw a number of clients (customers) with some fun characters entries on my database. Access denial on really clients. Please assist, am running Linux Ubuntu 9 and I dont know where to start troubleshooting this. let me confession that I am still on the learning curve on Linux
View 8 Replies View RelatedI'm using Ubuntu 10.10, with a wireless HP j4680. That prints on occassion. I've tricked it once by creating a new printer System/Admin/printers, setting the "new" printer to default then deleting the old printer. Not working that way this time. I've search the old forums, a lot of activity in 2007-2008 but nothing since.
Is there a way to defeat HP's efforts to force it's customers to purchase the extremely high, close to 50.00 dollars in my area.
We purchased a virtual server from GoDaddy (1 month trial) to set up as a proxy for our networks (24 of them). I am having 2 separate issues. The first is I can't configure/install NAT and support is telling me the only way I can is to purchase a dedicated server. Here's the error:
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?) Perhaps iptables or your kernel needs to be upgraded. Here's the fix: [URL] So, what I am hoping to do is configure this by just opening port 3128 directly, and only allowing access from our networks. As a test I did this and allowed only from our office and it did not work. However I can't connect, so I am wondering what I am doing wrong? Here's my squid configuration:
[Code]....
I am new to CentOS and need this urgent help.
On my machine, I am not able to login using any of the user account or root. It's showing this message:
Then comes another message:
YOur session lasted for less than 10 seconds. Try logging using Failsfe.
....
session_child_run: Could not exec /etc/X11/xinit/Xsession default
I tried to use the failsafe as well, but nothing seems to work.
Would someone please help me regarding this issue?