I'm having trouble to configure my debian (2.6.26-2-686) with some routing tuning. In fact, I have a VPN provider. I want my Squid Proxy use this VPN provider and I have to use policy routing because my ISP forbid IP spoofing.
View 2 RepliesSeems like this should be a simple question, but I've looked around and have not found an obvious location to keep custom policy based routing rules in Ubuntu./etc/network/if-up.d comes to mind, but I was wondering is that was a "standard" spot. Also it doesn't seem like these rules really need to run each time an interface is up'ed or down'ed.
View 4 Replies View RelatedI'm intending to replace my current router (486DX2 w/16MB running FREESCO which has been faithfully working 24/7 for well over a decade) with a debian box with a bit more grunt and newer features. I'm currently setting up my iptables ruleset and am after a bit of advice re the FORWARD policy. A few example rulesets I have found set the default policy to DROP and the have two lines for each port forward, one to allow the traffic and one to direct the incoming packets to the correct machine.
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 25 -j DNAT --to-destination 10.0.100.10:25
iptables -A FORWARD -i eth1 -p tcp --dport 25 -o eth0 -d 10.0.100.10 -m conntrack --ctstate NEW -j ACCEPT
I'm thinking of setting the default policy to ACCEPT to cut down on typing as my default INPUT policy is DROP and unless there is a valid FORWARD rule for a particular port, the packets aren't going anywhere anyway. Or have I misunderstood something. My googling returned heaps of example scripts & not much intelligent commentary. Alternatively, what do you all use to configure & maintain your debian gateways; hand rolled iptables rules, or any toolset recommendations?
Iceweasel told me "Your Websense policy blocks this page at all times". How can I disable websense in Iceweasel?
View 4 Replies View RelatedI've got Debian Sid x64 on my machine. Problem is that in my KDE setup several programs don't work, namely System Load Viewer plasmoid, plasmoid with temperature info and update-notifier-kde. System Load Viewer always shows 0% RAM and swap usage, as well as no processors, temperature sensors plasmoid shows no sensors available even after I installed lm-sensors and run sensors-detect, update-notifier-kde doesn't show any notifications even if I run aptitude update manualy. I might be mistaken but it seems to me that these three programs are not working because of some common reason, most likely some policy package either missing or misconfigured, but I can't figure out what is it.
View 4 Replies View RelatedI'm facing a strange networking problem here. I'm running Debian Lenny in an OpenVZ container and my network setup is as follows:
link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
[code]...
I need to be able to do the following: Physical Router located at 192.168.40.1 On Ubuntu 10.04 Lucid machine:
eth0 with static ip 192.168.40.2
eth1 with static ip 192.168.40.3
eth2 with static ip 192.168.40.4
Associate a virtual address to eth1 with an entirely different network address such as 192.168.50.1 Do the same (virtual address) for eth2 -- e.g. 192.168.60.1 In the application:
register phone number A at 192.168.40.1 (The application will automatically use eth0 for this)
register phone number B at 192.168.50.1
register phone number C at 192.168.60.1
Somehow forward all traffic (including the register request) sent to 192.168.50.1 to 192.168.40.1 as if the register had been made directly to 192.168.40.1. In other words, the app "sends" registration and traffic to 192.168.50.1 but then Ubuntu forwards it to 192.168.40.1 (but the app does not know that). Similarly, forward all traffic sent to 192.168.60.1 to the router at 192.168.40.1.
Do the same for the reverse, forward all traffic that the router sends back to 192.168.40.3 (eth1) to 192.168.50.1 (within the Ubuntu machine) so that the app knows it is for phone B. Similarly forward all traffic that the router sends back to 192.168.40.4 (eth2) to 192.168.60.1 so that the app knows it is for phone C. Thus, the application believes that it is registering at 3 completely separate routers on 3 completely separate networks via 3 separate network interfaces but in fact is really registering all three to the same router (but does not know that). Similarly, the router believes that it is receiving 3 separate registrations because it receives each registration request and traffic from 3 separate interfaces and thus 3 separate mac addresses (i.e., of eth0, eth1, and eth2). Traffic sent to and from the router for each of the 3 phone numbers (via eth0, eth1, and eth2) are not mixed because the translation happens in both directions.
Is there a way to configure Squid to get the filtering policy from a central policy on a web server.
like squid pointing to [url]
This one has been driving me nuts for some days now:My Gentoo box which is acting as an internet gateway has two point-to-point interfaces, ppp0 (PPPoE to my ISP) and ppp1 (PPTP VPN link to IPREDator). Packets from my local network are just routed through ppp0 and now the fun part starts: I want to MARK (netfilter...) all packets originating from one specific user on that box in order to use another routing table that will contain a default route via the ppp1 interface.Marking seems to work fine as does the second routing table. But quite mysteriously (at least for me), the packets sent out on ppp1 contain the wrong source IP address, namely the address associated with ppp0.So here is what ifconfig and friends tell me:Network interfaces:
Code:
# ifconfig ppp0
ppp0 Protokoll:Punkt-zu-Punkt Verbindung
[code]...
I have setup squid on a local-only ADSL account as per management to cut costs. But now they have asked to route international sites via another proxy. The local sites should still go through the local proxy and the international sites get routed to another vpn.Is it possible to use iptables for domain names and redirect the traffic.
View 2 Replies View RelatedI am having problems while testing out squid proxy server. I just can't get it block anything. So, I'm running Debian lenny on my Virtualbox and Squid on it. I'm having windows 7 on virtualbox too and they can ping each other and the webserver on debian (apache2) is working fine. The problem is i can't get squid to block webpages. I have the correct settings on windows proxy settings, but i'm not so sure about squid. I want to block lets say www . xxx. com for example. So I add to the main configuration file:
[Code]...
I would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
View 1 Replies View RelatedI'm trying to get https/443 traffic go through squid.
View 3 Replies View RelatedI have just installed tripwire. I have created a baseline db using the default policy file. Then I checked the output of the db to see what I did not have on my filesystem that db was searching for (according to the default policy when tripwire was installed), I then changed my default clear text policy file accordingly and used twadmin to generate a new tw.pol file.
Next I come grinding to a halt after this (assuming the next thing is to update the policy in tripwire right? )
Code:
I want to implement routing using fedora 14. The following is how I arrange my computers -
[PC1]<=======>[ROUTER]<=======>[PC2]
And the following are the configuration -
PC1 : (Tiny Core Linux)
eth0 192.168.2.2/24 (netmask 255.255.255.0)
ROUTER (FC14)
eth0 192.168.2.1/24 (netmask 255.255.255.0)
eth1 192.168.4.1/24 (netmask 255.255.255.0)
PC2 (Tiny Core Linux)
eth0 192.168.4.2/24 (netmask 255.255.255.0)
On the ROUTER I have set the ip_forward=1 and eth0.proxy_arp=1 and eth1.proxy_arp=1
then I run the following command :
route add -net 192.168.2.0/24 gw 192.168.2.1 dev eth0
route add -net 192.168.4.0/24 gw 192.168.4.1 dev eth1
On PC1 I executed the following :
route add -net 192.168.4.0/24 gw 192.168.2.1 dev eth0
and for PC2 I run the following
route add -net 192.168.2.0/24 gw 192.168.4.1 dev eth0
After doing those things, I can't ping between PC1 and PC2... but both can ping the router...
All routing settings made with the ip tool (route command) are lost when the redhat server reboots.How to save routing information to a configuration file?
View 2 Replies View RelatedI'm using Debian Squeeze.
When I invoke apt-cache policy , for example , apt-cache policy zlib1g.
I get the output like:
Code:
And below the line "Version table:" , there is installed package version. I assume 1:1.2.3.4.dfsg-3 is version("epoch"+"upstream version"+"debian revision"), but what does the next "0" means?
I have a firewall, this consists of three NIC's:
Code: eth0[192.168.0.2] eth1[192.168.1.2] and eth2[10.10.165.2]
I am trying to ping eth0 from eth2, but I am not able to succesfully get a response from pinging the device, I am using:
Code: ping 192.168.0.2 -I eth2
I have tried to insert routing data into the routing table, but it still doesn't work
I just wanted to ask about official opinion or policy concerning newer versions of KDE. Is 4.6 still so buggy or unstable to be included in experimental? What steps are going to be made concerning KDE and what when? I don't like GNOME, KDE 3.5 is out of the game now in 6.0 and KDE 4.4 is IMHO all but mature and finished. So I am not sure what to do now, Kubuntu is buggy and don't like it but they have 4.6...
View 2 Replies View RelatedI have recently upgraded my OS from Lenny to Squeeze.The new setup boots, but sent a "Warning" message during the upgrade - which said:The reference to "/dev/hdb" (the Hard Disk that has my Linux OSs) in "/etc/lilo.conf" is deprecated.The full text of my entry currently reads:boot=/dev/hdb.So what should the entry read to conform with the new Debian policy?
View 11 Replies View RelatedAfter a system update a couple of days back - which as far as I can remember included some xorg packages - neither of the policy files I have written for my keyboard, synaptics touchpad and mouse work.Below are the files and the Xorg log file.
99-x11-keyboard.fdi
<?xml version="1.0" encoding="UTF-8"?>
<deviceinfo version="0.2">
[code]...
I have configured squid in a single PC to save bandwidth and to block some sites.It works fine,but the only drawback is if the user disables the proxy settings in the browser they can able to browse all sites..Is there anyway to force all my browsers to go through proxy??
View 4 Replies View RelatedI have 10 systems on my network and I have centos5.5 installed on server. All other clients are on WinXP. I am using squid server to share internet on my network.Problem is: whenever an user trying to open a website through squid server, it opens too slow, but if same user tries to open same website by passing squid server, it opens 3 times faster. Downloading speed is same in both scenario. Only buffering speed is slow through squid.
View 1 Replies View Relatedset up a squid on our network, our dhcp server and dns are built in windows os. integrate if i will be built a squid server in centos 5.5.
View 2 Replies View RelatedI have recently upgraded a computer from Wheezy to Jessie, and I'm having trouble getting an internet connection shared via Ethernet by another computer (the provider) to work on it.I have activated the interface of the Jessie computer and configured a static IP on it in the same subnetwork as the provider's ethernet interface with the following commands:
Code: Select all# ip addr add 192.168.123.201/24 dev eth0
# ip link set up dev eth0
I now would like to set the address of the provider as the default route with Code: Select all# ip route add default via 192.168.123.100 dev eth0, but I get the following error message: Code: Select allRTNETLINK answers: File exists.
Indeed, when I run Code: Select all# ip route, the following comes up:
Code: Select alldefault dev eth0Â scope link
I've tried to remove this default route to replace it with mine with Code: Select all# ip route flush table main and Code: Select all# ip route del default but these commands don't seem to work.
After a long time that I didn't touch my PC I just forgot how to configure the routing table I trying to ping the router and get "destination host untraceable" I manually assign the ip of the machine to 192.168.1.2 .And the gateway ip to 192.168.1.1 the only problem now
Is to get to the router interface on 192.168.1.1 to configure my internet and to browse
I have a network with two WAN links. One link is supposed to be for Senior Management and the other for the rest of the company. Currently all traffic seems to be going via one WAN link.
Is it possible to setup squid to select the link to use by checking the mac address of the requesting computer
I am working in a office where only one internet connection available. I have configured 5 other client machines to use internet through squid proxy server. Now I want to restrict the total data usage/transfer (upload+download) to say 1 GB during a calender month. How can I achieve this setting.
View 1 Replies View RelatedI am working in a office where only one internet connection available. I have configured 5 other client machines to use internet through squid proxy server. Now I want to restrict the total data usage/transfer (upload+download) to say 1 GB during a calender month. How can I achieve this setting.
View 1 Replies View RelatedMy Squid is working. But I do not know how to unblock a proxy for two users on my network. My configuration
Code:
acl work src 192.168.16.0/24
acl sites dstdomain "/etc/squid/sites.acl"
acl files urlpath_regex "/etc/squid/files.acl"
acl boss src 192.168.16.12
[Code]....
How to enable blocked sites and files for boss and it_user?