Networking :: Blocking Download For LAN Users?
Jul 15, 2010I would like to block downloading for my LAN users through squid or other.
View 2 RepliesI would like to block downloading for my LAN users through squid or other.
View 2 RepliesIn our organization we use Static IP addressing scheme(Some departments have DHCP which is not related to this thread). We use Squid as proxy.
We assign each machine its IP address and make entry in our TinyDNS database, and provide those details to users, which they manually enter in their config and then access the network. We assign different range of IPs to different departments. This we consider as the "proper way" for our organization.
But we have found that lot many users are simply guessing some IPs and using them without having any entry in our DNS record. Though this works for some, most of the time we end up having IP conflicts and disorganization in our organizational allocation policy.
So, my question is, How do I block the specific IPs whose entry is not explicitly defined in our DNS record. In other word if the IP 192.168.20.15(lets say he is jack.ourorganization.com) is defined in our DNS, we should allow access... where as if IP 192.168.20.16(this does not translate to any user as it is not defined in our DNS) is not defined in our DNS we should not allow it access to our network.
How to block an ip address from mikrotik so that when a fake user use this ip he doesn't get internet but in the mean time real user gets internet. Real user will not harm if fake user trying to access.
View 3 Replies View RelatedI have a problem with sendmail. I am using the zen.spamhaus.org dnsbl, and it is doing a wonderful job of blocking incoming spam from open relays. But it is blocking my users who are on a dynamic ip range from any isp remotely. They should be able to authenticate and send messages no matter where they are as long as they authenticate right? I just want to use the blacklist to block incoming mail to my server that is being distributed to our email addresses.
I want to block people that are hosting mail servers and sending mail to my domain from isp sub-nets. But I don't want to block my users that are sitting on isp subnets using their mail client to authenticate over smtp and send an email from my mail servers.
For system calls, is blocking or non-blocking default in C? Simple question, just am not seeing the answer super quickly.
View 4 Replies View RelatedI have a device that is working on modbus protocol andI have written a small program(with block TCP read method ) to read its registers via modbus protocol.my program is working very well but except those times that I unplug the Ethernet cable or turning off the modbus gateway during programs work.at this time my program stops on recv system call (if it reach this system call exacly when I unplug Ethernet cable or turning off the modbus gateway during programs work).I changed my source to work in nonblock TCP method, at this time with the same situation my program does not stop/block on recv system call but after pluging back the Ethernet cable or resuming the connectivity situation back it reads data incorrectly .this is my code:Quote:
#define DEBUG
#include <fcntl.h>
#include <string.h>
[code]...
Am using proxy server as squid. In squid am using proxy_auth.Is any way to get the download size details for each & every users from access.log?
View 4 Replies View RelatedI'm using vsftpd on my server. When I connect (using file-zilla) from other computers on the same network I can't download any files. I can upload, create directories, and delete stuff, but I can't download. I've disabled anonymous access and enabled local user log-in. My /etc/vsftpd.conf
Code:
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
[Code]...
Samba up and running on my pc. pc runs FC12 with kde. A laptop has win vista. The pc can access the shares on the laptop but the laptop has authentication issues to access the pc. Note that windows doesnt enforce authentication forincoming network connections.Using the system-config-samba util i tried to map a windows user to the unix user "feduser". The laptop (named LAPPY) has a user (lapuser) which has on windows no password.What should I tell samba config what the windows username should be? lapuser or LAPPYlapuser doesnt work because when accessing the pc via the laptop, the authentication fails. The only auth that is successful is when choosing the same winusername as the unix username.
Secondary, id like to setup the laptop so that the user doesnt have to provide a name and password, or at least not more then once in the lifetime of the laptop. Note that you cant provide an empty password to system-config-samba. How is that possible?
Strange but not really on issue imho:the samba - KDE control module(kcmshall4) (and the smb.conf) shows 2 shares: the homedirs and the data dir the samba server configurator (system-config-samba) shows only the datadir.
Got PGP 6.5.8 for Linux working with Ubuntu 10.10. It involved converting two .rpm files to .deb with the alien utility and then installing by simply double clicking on the .deb files in the file browser invoking the Ubuntu Software Manager. I put the two .deb files in a tarball (tar.gz) and would like suggestions as to how to make the tarball available for other Ubuntu users to download.
View 3 Replies View Relatedi have a Domain Cotroller installed on Windows & DHCP Server installed on Ubuntu. i want to give access only authenticated Users(Active Directory Users) can get IP from DHCP. No one else canis there any option available here in DHCP ???
View 2 Replies View Relateddoes anybody knows how to setup the same upload/download folder for all users ? My vsftpd has been installed on CentOS. Its using system user.
What should I put in /etc/vsftpd/vsftpd.conf to configure folder
/fileserver
for all users ?
I have configured the proxy server. I want to observer users's download information. What should I need to do? Shall I install squint? what is the process? How do I monitor the users?
View 1 Replies View RelatedI'm trying adjust my proftpd server's settings, that anonymous users could download what they need smoothly.
A small problem made me so bemused:
In the configuration file of proftpd, I place the following setting section in the <anonymous> section,
Code:
After restarting the proftpd server and applying the configuration, I try downloading a file in IE browser. Sometimes, it prompts a saveas dialog, and everything was okay.
However, it occasionally prompts a login form instead of a SaveAs dialog. This makes our customers confused greatly.
So, how could I prevent browser from prompting login form when anonymous users try to download files from our ftp server?
Quote:
OS: CentOS 5.3
Server: ProFTPd 1.3.1
I have a Debian server running at the gateway level on a LAN. This runs squid for creating block lists of websites - for eg. blocking social networking on the LAN. Also uses iptables.
I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve.
1) If I block http://www.facebook.com, people can still access https://www.facebook.com because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. However, is there a better solution for this.
2) As the number of blocked urls increase in squid, I am planning to integrate squidguard. However, the good squidguard lists are not free for commercial use. Anyone knows of a good squidguard list which is free.
3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc.
4) Blocking P2P. Haven't been able to figure out how to do this till now.
I have a lifttime premium account at Megaupload.com. Recently I found that megaupload has blocked all IPs in my area. I have sent emails to their tech but nothing has returned!!I have tried to use proxies to download stuff from megaupload, however, none of them works for suspected bandwidth reason, not to mention that it might be slow too.
View 5 Replies View RelatedSo, let's say there was a website www.qwerty.com, which is completely appropriate if not necessary except for the asdfg subfolder (www.qwerty.com/asdfg), which contains,say, pornographic material I want blocked. Is there any way to block "asdfg" without blocking the entire domain (www.qwerty.com)? I already tried editing my hosts file, but apparently that only works for whole domains.Also, while we're at it, can the hosts file be used to actually block IP addresses, or just domain names (so if I wanted qwerty.com with IP of 128.127.126.125 to be completely blocked, but know my family or employees are little smarter than that, I could add the line "0.0.0.0 128.127.126.125" to prevent all access to that website)?
View 3 Replies View RelatedI have a VPS which is running HTTPD, and its getting blown to bits by a DOS Attack. Turns out mod_evasive is totally useless (due to not running a total - rather counting per child process) and the only way to stop the box from running at 100% on all cores is to term HTTPD. So, what rules can I implement on the iptables firewall to block multiple requests from an IP? I saw this: [URL] Where someone has posted some rules but these dont work ("unknown error 4294967295" on the 3rd line). This is what i'm after though - block multiple requests from a single IP for a certain period of time.
View 3 Replies View RelatedFriends the following shall block a particular machine in the same network, what can be done if it is dynamic IP and from other network?
iptables -A INPUT -s 192.168.0.0/24 -m mac --mac-source 00:50:8D:FD:E6:32 -j DROP
I need to block some of my sites with SQUID Proxy. I added following lines to my SQUID configuration file but still the site remains unblocked.How to block it?
acl blocksites url_regex yahoo http_access deny blocksites
I have also tried saving some url & filter content in a file and edited configuration as follows,
acl blocksites url_regex "/etc/squid/squid-block.acl" http_access deny blocksites
The squid-block.acl file contents are, .cricinfo.com mp3
I'm trying to configure bind9 to block porn by having it pretend to be authoritative for a list of porn domains. It can then return a "fake" IP for the port sites, which points to a page on my server. So far, the only way I have found to do in this in bind requires a separate zone for each porn domain. This doesn't work because of memory problems - I have 1000's of porn domains to block.
I'd like to instead have bind forward queries to rbldnsd, which can take a list of domains in a "data set" file, and use it to return a single A record (pointing to my "access denied" page). However, I think this will not work because I would still need a separate "zone" for each porn domain name.
I am at a university where my bandwidth is severely capped. I can start several other computers near me and download at the limited speed simultaneously. Is there any way for me to share the download between the computers to get the cumulative speed?
View 1 Replies View Related when I try to connect to internet SELinux give my a preventing NetworkManager here is what its say:
Code:
Summary:
SELinux is preventing NetworkManager (NetworkManager_t) "getattr" to /dev/ppp
(ppp_device_t).
[Code]....
I have an ubuntu 8.04 dedicated server running openssh which I am having problems with.
The server is based in England yet I am currently working from Thailand. Slow speeds and timeouts I am used to but it is now over 24hr since I have managed to SSH the server (from here).
I just tried remote desktop on my PC back in the UK and this connected straight away through both SSH and SCP.
Thinking that it may be the IP being blocked from my works network I switched off wifi on my phone and tried to connect over the data network a few times with no luck.
Another strange problem is that when we got the server it was locked into a chroot jail which SSH(22) always leads into. After accessing SSH on port 22 I have to run a break script to gain root access. The sshd_config file says that the server is listening on port 57 yet I have never been able to access this.
Code:
> netstat -a | grep ssh
tcp6 0 0 [::]:ssh [::]:* LISTEN
> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[Code].....
I need to block some of my sites with SQUID Proxy. I added following lines to my SQUID configuration file but still the site remains unblocked.How to block it?acl blocksites url_regex yahoohttp_access deny blocksitesI have also tried saving some url & filter content in a file and edited configuration as follows,acl blocksites url_regex "/etc/squid/squid-block.acl"http_access deny blocksitesThe squid-block.acl file contents are.cricinfo.commp3
View 2 Replies View RelatedI bought a wired broadband dsl router to provide another layer of security for my computer running ubuntu. I just plugged it in without installing any software etc. It blocks the internet connection.
View 3 Replies View RelatedI've setup ufw rules on my system but noticed that the rule i created to allow traffic from my local network is still dropping some RST packets.here's part of the output of dmesg
[43627.361500] [UFW BLOCK] IN=wlan0 OUT= MAC=00:16:ea:03:9c:3a:00:1f:a7:3d:d5:eb:08:00 SRC=192.168.0.4 DST=192.168.0.3 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=2210 PROTO=TCP SPT=59521 DPT=9000 WINDOW=0 RES=0x00 RST URGP=0
[code]....
Today I have tested the networks at several schools in the area,and at the town hall. It is not possible to surf on www on any of these networks using a PC running Linux. My conclusion is that there has to be some kind of filtering of traffic that exclude PC's running Linux. From the same PC I can send and receive email, I can ping and trace (mtr) addresses on www, and I can view webpages that are on servers on the inside of the filtering-gateway. The filter used is InterScan Web Security Virtual Appliance from TrendMicro
I have also demonstrated for the admins at the town hall that using Linux-PC on a "clean" network, surfing is no problem. By doing these small tests I have demonstrated that Linux is not the problem.
Tomorrow I'm going to visit the network providers admins, so that they could see what happens when a PC running Linux tries to access www. What kind of things should I test to document, or find the problems? So far I have just used MTR to document slow respons, wget --no-proxy to document that www hangs and ends time out, ifconfig to show NiC settings, and route.. Could this be a problem with /etc/resolve.conf?
The network provider is the same company that refused to turn on IMAP on the exchange servers, resulting in 3 week without mail at our school. All the other schools had to upgrade Outlook in order to connect to the new exchange-server with MS MAPI settings. MS Gold partners are so nice...
Since yesterday Firestarter has been prompting me that it is blocking external connection attempts as shown in the picture below:I'm not even going to bother covering the IP addresses because I personally don't see why I should care but as you can see, there has been loads of them attempting to connect to ports 3674 - 3675. I ran nmap 127.0.0.1 and it came back as 631 being the only one open. So then I thought maybe lsof -i would mention much more but all it shown was:
@boris:~$ cat meh
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
cupsd 1644 root 5u IPv6 14329 0t0 TCP localhost:ipp (LISTEN)
[code]...
Is there a way to configure my interface to promisc mode and also make it not capture the "transmitted" packets. ?I mean, i want the interface in Promisc mode but only for inbound traffic.If there isnt any using ifconfig, can it be by configuring eth0 to promisc using ifconfig , and filtering outbound traffic from being captured using sockets or something ?
View 4 Replies View Related