i have configured the squid for my lan. My lan has three redhat 5.3 web servers. Now by using proxy server, i wish to give access to external clients for my web server and restrict to local client, accessing wan through port 80
View 2 RepliesI want to restrict some site (Social Networking) through my newly configured squid proxy. But It always allow those site How to block those site. My squid.conf file is configured as follow :-
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
[coder].....
I am looking at ways in which I can restrict the SSH session requests come by specific SSH client (say Putty or NX Client). Is it possible to restrict SSH client login to a client application?
View 8 Replies View RelatedPlease review my webmin Linux firewall. This is a squid proxy / Firewall / Router. Everything works fine until I change that last line to reject or drop all. Then the traffic behind the firewall that is trying to reach the internet gets borked. I can only assume that something is killing the connections to squid. But everything looks right to me. Here is my prerouting. (please ignore the green box) The red box is the action to be taken following the given rule. But I don't think the problem is in prerouting.
View 1 Replies View RelatedI'm looking to setup a web proxy using squid.I already have a hardware firewall NAT'ing device that all the connections go through.I'm planning to install the squid web proxy on a VM (single nic) and place it behind the hardware firewall as below:internet -- modem -- Firewall --switch--squid proxy (192.168.10.100)--client workstation ((192.168.10.200)(client workstation is connected to the same switch as the squid proxy)And on the client workstation's Internet Explorer: Tools->Options->Connection-Lan Settings and check the box for "Use a proxy server for your LAN then type the address of the squid proxy (192.168.10.100) and set the port to 3128. Check the box for Bypass proxy server for local addresses.
View 1 Replies View Relatedis this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
I am trying to set up squid to make switching proxies easier. I have a laptop which I use at work and at home. At work, I need to connect to the internet via a authenticated proxy. At home, I connect directly to via mobile broadband. So I end up switching proxy settings twice daily, which is just irritating! To solve this I want to set up a system whereby I never have to worry about a proxy - my browser sees a direct internet connection which squid (on my computer) intercepts and forwards either to the mobile broadband connection or to the work proxy (along with the required authentication) depending on which is available. I've read various articles on how to do clever things with iptables and squid, but I don't understand enough of the networking jargon or concepts to know when I need to change to make it work in my situation, or if it is even possible.
View 2 Replies View RelatedI want to write a custom rule to allow all connections to the ip addresses on my local network (192.168.2.2 through ...99) but I don't know how. I know adding a custom rule asks me to read a file and put it in "iptables" format, but I don't know how...
View 5 Replies View RelatedLinux VPN client exists which will connect to a Sonicwall firewall?
View 1 Replies View RelatedI have tried various rules, like opening port 53 for the DNS with little success. I finally figured that you need to set the source port to 53 and NOT the destination port.However, I have been unable to figure out what ports apt-get requires. The only way I get it to work is to accept everything in iptables.
View 1 Replies View RelatedI'm having problems with squid, and i don't know how to solve them because I'm new to linux. a. Why squid in my computer often does not work? The process has already started (using the command sudo squid start), but the Internet on client computers can not connect. This can be be resolved if the proxy server computer is restarted. Anybody know why is this happen?
b. How do I set the client bandwidth limitation using squid? I want the client computers can only use maximum 60-70 KB / s. Do I need another additional software package?
I'm trying to setup iptables to send web (tcp?) traffic through Squid and Privoxy transparently (to save having to setup everything per browser and hoping they honor their settings). I know I have done this before but I can't find the old config nor remember the exact options needed to do this.What I am wanting specificially is for Privoxy to grab the data as it leaves the browser, do its thing then pass it on to Squid before sending it down the line, then doing the same incoming (Privoxy -> Squid -> requesting app).
View 1 Replies View Relatedhow to resolve an ip with a port in linux?, how to include this on the dns. So the user don't have to remember the ip address and the port. like the user will only type http://scanfiles then it will resolve the corresponding ip. is it possible?
View 3 Replies View RelatedI am not sure whether it's possible or not. We running squid proxy server for our office. We restrict users using ACL to access the internet. There is some who do the followings:
1. Create a own proxy in there box who has the internet access.
2. Other users use those box as proxy and access to the internet.
I have been trying to get Squid to work so that I can restrict access to a particular web site during certain hours every night. I can't seem to get it working, however. I am still able to access the site. The following are the relevant lines from my squid.conf file:
acl restricted-domain dstdomain "/etc/squid/denied_domains.acl"
acl test time 19:00-20:00
acl bedtime time 22:00-23:59
[code]...
i have seven department in my office. i want to restricte web sites for all the departments but not same web sites for all the departments i.e. different sites for different departments.i have no idea about this issue.
View 1 Replies View RelatedI have a UBUNTU server 10.04 LTS with 3 network interfaces (eth0,1,2) which eth0 is connected to my lan and others connected to two different ISPs , I would like to know is there any way to share bandwidth of this two ISP for my LAN , I mean for example if eth1 has X MB bandwidth and eth2 has Y MB bandwidth my clients those who use download manager for downloading file from internet has X+Y MB download and upload bandwidth.I do not want just limiting each user or service to use one of those interfaces I want to share them for all to increasing my internet bandwidth
View 4 Replies View RelatedI am having trouble with yahoo audio/video voice calls. I am behind squid firewall on WAN. I have asked my IT Admin to open the audio/video ports. He have open the ports but still the audio/video buttons are disabled on chat window.
View 7 Replies View RelatedI want to restrict the access to my local web server by IP address. Im in a LAN (192.168.200.xx) so i have this:
[code]....
But when i try to connect from 192.168.200.4 it says i don't have permission to access
I am looking to redesign my network which I'll get into bellow but basically i am looking to setup an transparent/bridged firewall with squid and dansguardian. However, I want to require LDAP authentication to access internet. You'll understand why from diagram below.
My question is, since bridged firewalls operate at layer 2 and have no/require no IP address, can you access higher layered apps with them? Example would be to have the proxy authenticate to LDAP system to check for valid user and valid net permissions, server has to somehow send a reply back, so without an IP, this can't happen right.
Below are two designs I am looking into implementing. Everything Internally will be Authenticated against LDAP with a small possibility of some public servers using LDAP too, but in my way of thinking anything using LDAP would should be behind the router on private link. FYI, the PROXY and the Linux Router would be two physically separate systems. So I guess my second question would be, can systems outside private network access limited internal services securely and be restricted at the same time?
Code:
Option 1:
(TRANSPARENT)
------------ -------------
| CBL MODM | ---------> | PROXY/FW |
------------ -------------
[code]....
.i need to configure squid in my company how to install and configure squid in my SUSE server...
View 2 Replies View RelatedI've been all around the net and can't find a "simple" answer how to block our LAN users from downloading torrents. Is it really that difficult?
Here's our setup:
1. The Server's Configs:
2. sudo gedit /etc/squid/squid.conf
3. sudo gedit /etc/rc.local (to start Firewall rules on bootup)
4. Server NOT a DHCP Server
5. No other iptables rules are configured, just the above ones.
Before in a 1 NIC setup, I blocked Workstations MAC addresses in the Router + Squid Proxy Server (Not Transparent), it worked, but some Online Java Apps didn't work and users can't send/receive email so I abandoned the method.
Now, I installed transparent Squid Proxy with 2 NIC cards, it works, but workstations can still download torrents! I know Squid doesn't block ports, right? So the answer must lie in Iptables Firewall? I basically use Squid just to deny access to Facebook, Friendster, or other "unproductive sites".
Quote:
How to block torrent downloading by using a Firewall? Or is there another "simple" way?
I've heard that it's better just to allow regular ports (80, 22, 465, etc...) then block all the rest, this way, you can prevent unnecessary ports.
I'm not an Iptables/Firewall expert so can you pls. explain it a bit more detailed if that's the case.
I'm also aware of just telling our users NOT to download torrents, but I just want to prohibit it entirely.
I know I will be the most "uncool" employee in our office.
I have vsFTPd running on my server. If I connect via 127.0.0.1, then all is well and I can use the "ls" command to get a directory listing. However when trying this remotely, the FTP client hangs and I do not get a directory listing.
View 4 Replies View RelatedI have setup squid on a local-only ADSL account as per management to cut costs. But now they have asked to route international sites via another proxy. The local sites should still go through the local proxy and the international sites get routed to another vpn.Is it possible to use iptables for domain names and redirect the traffic.
View 2 Replies View RelatedI am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
I have a local install of Wordpress and I've added a port forward rule in my firewall to share our site with family and friends (we're using a members only plugin). I have a DYNDNS account and my router automatically updates with this account.The problem I'm having is when I test accessing our local site from outside my network. I use my dyndns account name and port number to access my local Wordpress, I can see the login screen but once I login, the url changes from my dyndns name to the IP Address of my local server and then I never see any pages on my site.
I'm thinking it has something to do with either the WordPress address (URL) or the Site address (URL) since they currently have the ip address of my local ubuntu server that hosts our Wordpress site.So what have I configured incorrectly here?
If I allow, my server's IP is:
11.11.11.11
If I allow 11.11.11.11, and block 22.22.22.22
22.22.22.22 can't access the server
But if I allow 11.11.11.0/24, and block 22.22.22.22
22.22.22.22 can still access the server!!
Does anyone know why that is?
what I need to do to the firewall in order to make a shared printer available to other machines on my network?
I have the printer set up and have tested it with the firewall switched off, but as soon as I restart the firewall, the printer is inaccessible.
I thought that all traffic on the internal network was allowed, but it seems that I need to create an explicit rule in order to get the shared printer working. Unfortunately, I haven't been able to figure out how to do that yet.
I run a small (cabled) network between a desktop with XP with two printers hooked to it and a laptop with Ubuntu 10.04.1 64b. I can approach and use these printers from my laptop and filesharing works also. BUT ... this only works when my Ubuntu firewall (Gufw 10.04.5) is switched off. I am operating behind my router_modem which has a hardware type of firewall switched on at all times so I presume I'm safe. Now my questions:
1. Is this really safe enough?
2. What kind of settings would Gufw need to be able to use it AND use my mini-network for printing? I have no experience whatsoever with firewall rules and settings.
i have a squid proxy on a centos 5.4 64 Bit machine.
i can share internet on my other boxes hosting centos 32 bit and windows by entering the proxy server IP in the network proxy (centos) internet explorer (windows).
but i cannot get mails on my thunderbird client behind the proxy even though i have included ports 110 and 25 in the squid. i v heard it cannot do it as squid is not imap proxy.