My company web access is behind proxy(http://abc.proxy). Network admin can get to check who is top10 user and web they access. I owned a centos server. I have a thought that create an encrypted tunnel within proxy so the admin cant detect my http address. This is how it going to works
client with OpenVPN -> OpenVPN server(centos with company proxy)-> proxy -> internet
My connectivity in my client are using OpenVPN server as bridge. Hence, no record for client is recorded in my Network admin monitoring list. OpenVPN server's activity can be traced by network monitoring tools, just assume that our ultimate goal is to hide client activity.
I have a http proxy account. It works well under windows through wodTunnel(an active X control component). But, I usually works under linux. I want to use it here. But I don't know how. I tried gstm, it can connect to the server successfully, but it seems can't respond to my http request. What should I do next?
I am working on a project to create a video conferencing environment. For this I use a default installation of BigBlueButton on ubuntu 10.04. One of the main problems here is that it's not safe enough to share classified documents trough this software. It's a simple webserver that uses nginx. What I want to do is make this connection secure.
One of the problems is that I don't only have a connection trough port 80 but it uses the following ports: Port 80 (HTTP), 1935 (RTMP), 9123 (Desktop sharing). I would like to use a proxy instead of some tunneling or vpn to do this. Would anyone happen to know anything about squid or another equivalent to do this?
I've been trying to make myself anonymous, but I cant find 'Tor' anywhere, tried 'yum & kpackagekit' neither have it. I did find 'Privoxy', installed it, set proxy for HTTP and HTTPS in Firefox, but it says 'unknown proxy' when I try to use it! I've been to the Privoxy web site and read through the 'User manual', but most of it is 'geek' to me!
I've got two routers, 10.0.0.0/23 and 192.168.2.0/24, which are joined by a Linux box with interfaces eth0 (10.0.0.2) and ra0 (192.168.2.2). I've got masquerading for ra0, and a route to 192.168.2.0/24 on 10.0.0.0's router. I CAN ping hosts on 192.168.2.0 from 10.0.0.0 just fine, but I CANNOT access web pages.Strangely, If I enable masquerading on eth0, and add a route to 192.168.2.0s router to 10.0.0.0, I can ping AND access web pages from 192.168.2.0Here is my current iptables
I've been doing some security testing in a lab environment that does not have direct internet access. It's actually a little complicated: From home to connect to my lab machine, I
1. SSH to machineA. 2. SSH from machineA to machineB
where machineB is my actual lab machine. neither machineA or machineB allow anything other than SSH, and machineB is only accessible from machineA. However, I really need to run yum on machineB. I have managed to get internet access via Firefox on machineB by creating a series of SOCKS proxy via SSH.
where machineC has internet without limits placed. This is the only way I have managed to get internet working. I tried using ssh -L all the way from machineB->machineA->machineC but it didn't work (even when setting Firefox to use http proxy). I tried using ssh -D all the way, but again that doesn't work either.
I do have access via Firefox using socks proxy. However, yum update fails to retrieve mirror list, and from what I have found I don't believe yum supports socks proxy directly. Instead, it uses http_proxy / ftp_proxy. how to get yum to go out over the SOCKS proxy I created (same one using in Firefox)? It seems like since Firefox can access the internet and everything without issues, i should be able to get yum to tunnel through the same connection to access everything.... I tried
I am using FC11. My problem is whatever application that needs access to the internet are blocked by company's proxy server. So, configuration is like
my_machine---------> firewall ----------> outside world..google and etc
Now, If I am using firefox then I have configured it to use proxy server and required login details and etc. But, my eclipse, ssh, git and all those needs internet connection as well... Is there anything like which sets all details (proxy server, user name and passwd) system wide ? So that I dont have to pass it to each application...
I want to access my hard drive to copy over my old documents. So I boot into a LiveUSB, mount my ubuntu partition, and then cd to my home directory, but I can't open it. I get "permission denied." I encrypted my whole home directory and know the password, but how do I "decrypt" it or login as the partition's root so I can access the documents that way. I'm booted into the USB, but can't access the home directory. I get "You do not have the permissions necessary to view the contents of 'jake'".
An application that supports SOCKS 5 protocol can forward its network connection over ssh and dynamically forward to any host name that you specify isn't it ? that means firebox web browser can use SOCKS 5 protocol can be used by pass proxy settings isn't it ? so how can a sys admin remotely detect if a particular user is bypassing proxy settings using SOCKS 5 protocol ?
I've read the documentation, but I'm still confused. I have two servers, one running Postfix and SquirrelMail, and another i want to setup a wiki(already setup) and Photo Gallery.On my Second server(2)I have two virutal webservers, wiki.rmasonfamily.info and photo.rmasonfamily.info, both running on port 80.My first computer is running my mail server again as a virtual server, mail.rmasonfamily.info. Default server is not used in either one.
Server 1 will be my proxy server, and if I understand correctly, my reverse proxy. Ubuntu had Apache set with a configuration in etc/apache2 using sites-available with configuration for each Virtual Server with sites-enabled with links to configuration files in sites-available. My Virtual Server in Server 2 are working fine, along with my mail server in Server 1. this is the code I assume I must use to bypass to wiki.rmasonfamily.info. In server 1, under sites-available, in the file wiki.rmasonfamily.info this is the code I put
<VirtualHost *:80> ServerName wiki.rmasonfamily.info ProxyRequests Off ProxyPreserveHost On
I logged in to Recover Mode ("Drop to root shell prompt") this morning to do something. Naturally, I wanted access to my encrypted home folder.
The README file says to run ecryptfs-mount-private. However, that command returns an error: "ERROR: Encrypted private directory is not setup properly."
This cannot be correct, because if I log in normally, I get my home folder without any problem.
How can I access my encrypted home folder when I boot via Recover Mode?
point me at a free proxy to bypass this which can simply be installed, built and/or run.setting up a server outside china and running a tunnel to it from my comp is not an option. also, below is a list of sofware that i have tried and failed to work:
Tor with vidalia Tun with squid (i think squid) hamachi (which i later realized would never have worked)
i tried to get haystack but it wouldn't build.
PS: if this post is in the wrong area, please tell me where to move it...
installed dansguardian and now working fine.I got a small problem. People bypassing proxy settings in firefox, means they go to settings and changes proxy settings to no proxy.. how to prevent this? How can I force people to use proxy to connect Internet? I done some googling but, unable to find a solution.
I installed Ubuntu 10.10 64 on my laptop with the entire 500gb setup as encrypted LVM. This has worked well for several months with no problems. During this time i have been backing up the data to an external usb drive (1tb) on a regular basis. The usb drive was not encrypted. So, I thought it would be a good idea to encrypt the backup drive too. I wiped out the backup drive and set it up as one large encrypted lvm and mbr. This seemed to work fine but immediately afterwards I decided to erase that and set it up as encrypted lvm guid instead of mbr. I couldn't delete it while logged into my desktop so i decided to do it from a bootable gparted usb stick. In gparted i erased the 1TB backup drive once again and planned on setting it up the way I wanted once I was logged back into my ubuntu desktop. Now I cant boot into my desktop with the following errors:
cryptsetup: evms_activate is not available b0d) does not begin with /dev/mapper/
Then after waiting for a few minutes I get an error followed by (initramfs)
When booting from a live version of ubuntu the 250MB boot patition is recognized and 500 partion is there but it is labeled as empty/unused.
Also, I did choose to use the exact same passphrase as what is used on the main bootable drive when I set up the encrypted partition on the external 1TB drive.
I've just started using ubuntu one. However, some of the files I store on there are sensitive so I encrypt them using seahorse. Right click, encrypt etc etc. My question is, is there a way to automatically get the encrypt process to delete the un-encrypted file when it makes the new encrypted copy?
I'm using Fedora 10 as a proxy server using squid, but I recently noticed that some users use the IPS's Dns to bypass the proxy and surf the web freely. So my question is, is this a problem with Squid or perhaps I can solve the problem whit IPTables.
A church I've been working with has a CCTV system that has a web interface for viewing the camera feeds. We need to see the page from the outside, but it is just an HTTP page, no encryption. The box itself does not accept any sort of SSL encryption. How I can get this on the net in a secure way? At worst I could set up a remote desktop type solution, but I was really hopping I could use some apache magic and just re transmit the page to https and ssl encrypted.
My school network uses a http proxy to access the internet, but I am dubious about the security, and so I would like to use http inside ssh to keep my data secure. I don't really know where to start on this, so a step-by-step guide, or links to resources, would be helpful.
Machine 1) I have a Server with RHEL5. eth0 = 192.168.48.x (static class C ip connected to VLAN switch)
Internet available via HTTP proxy through vlan but from other main server but not from machine below.
Machine 2) I also have a Server with RHEL4. eth0 = 124.30.XXX.xxx (public IP for availing internet) eth1 = 192.168.60.xxx (class c ip to share internet via squid on the same LAB) eth2 = 192.168.16.xxx (class c ip connected to VLAN switch)
Now what I want is ssh connectivity available to Machine 1, so as to enable remote machines on the internet connected. I know that it might be hard for Machine 1 to share ssh directly on the internet but if there is any kind of tool or tricks to setup pls tell. So the only chance is ssh via machine 2 then after connected to Machine 2 then again ssh to Machine 1. But how do I make ssh available online? IPtables are set correctly machine 2 can't be ping on the internet.
I love My linux OS, and I carry It with me all the time in USB. I used to be able to boot from USB in the University computers, but not any more. Now it required Admin password in order to boot from CD or USB. I tried The VMWare, but I didn't like it. Is there any way I can get around it.
I need to have Opensuse 11.2 use my proxy server here in the office and it is by hostname/ip:8080 only not HTTP. The problem is using Yast2 I don't have the option of using the proxy that way it wants http. I've been using opensuse on and off since 9 (great flavor BTW my favorite) Easy as you need it to be and just as complicated as you want it to be, a perfect mix.
My router has two bridges, br0 and br1. I'm sharing wifi access, and the guest subnet will be 192.168.2.x.The home subnet will be 192.168.1.x. I want all traffic destined for port 80 from the guest net to forward to a proxy port on a box on the home network. That's the only traffic I want to cross the bridges. How do I set this up with iptables on the router?
I'm behind a very blocked firewall that only allows connections through port 80 and 443. I wish to ssh to my machine at home, but the port is blocked. Is there a simple server that I can run to route my ssh connection through http?
I am trying to configure an eBox to act as an http proxy but having trouble using that proxy on client computers to browse internet. The ifconfig on ebox returns the following:
eth0 is on the internal lan with the client from which I want to access the internet eth1 is can access internet all right.
The ifconfig on a client returns eth0 Link encap:Ethernet HWaddr 00:0C:29:46:58:7F inet addr:10.45.48.102 Bcast:10.45.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fe46:587f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:16014030 errors:0 dropped:0 overruns:0 frame:0 TX packets:835276 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1297106653 (1237.0 Mb) TX bytes:738158694 (703.9 Mb)
I configured the Firefox on the client to use eBox's ip address/port in the proxy settings but I still can't get on the internet.
eBox is on a vmware workstation 7. It is eBox 1.4.1 eBox has two virtual nics (above) - one is NAT (eth1) and the other is bridged (eth0) The client is on vmware ESXi 4.0. It's an openSUSE 11.2.
i want to redirect the packet to proxy server. can u help me.
Present network.
MY internal network ==> switch ==> proxyserver ==> router ==> internet. (for internet i use to connect proxy, in web browser==> lan settings ==> proxy server ip address )
What i want is
My internal network ==> getway or firewall ==> switch ==> proxy server ==> router==> internet. ( where this getway or firewall i can configure for forward http request to proxy server.)
so that i can separate my internal network from intranet but able to access the internet.
My box has to connect to internet using specified http proxy.I have set proxy in both kde control center and yast2 control center. They both tell me the proxy works fine. But when I really try to use yast2 to update my system, it report an error:
Code: Failed to download ./repo/repoindex.xml from [URL] History: - [AbstractCommand.cc:195] URI = [URL]
Even I try Code: export http_proxy=http://XXXX yast in command line,the error still exist.
In debian apt-get and slackware slackpkg,my proxy works fine. So I am sure it is not my fault and maybe it is a bug of yast2.
I'm a little stumped on this one so I reaching out to see if anyone here has any idea. I just changed my ISP to Surewest as they're doing fiber straight to the house in my area so I have 8Mbps up and down.
I have my linux box running openssh and I have no problems SSHing into it from my remote laptop at work. I use putty to connect to it and create a tunnel so I can configure my firefox to use it as a SOCKS proxy. The problem is my response time for page loads in firefox is atrocious now. It'll take over a minute to load yahoo.com. The only real differences in my setup now are my ISP and router hardware at home. Previously, I was using the firewall that was built into my AT&T Uverse gateway. Now, I'm using my old Linksys WRT54G v5.0 router with the latest firmware. My linux box is wired directly into it with ethernet. When I run the speed tests from that box I get my correct speeds of 8Mbps up and down with <15ms ping. From what I can tell, all of my router settings are correct.
I have a problem setting up a SSH tunnel. I know how it's usually done, but the setup is different this time. I am behind a HTTP(S) and FTP proxy, that does NTLM authentication, and I want to access a server beyond the proxy. MY CLIENT <-> LAN <-> HTTP PROXY <-> INTERNET <-> MY SERVER
So far, the best I have achieved is installing and configuring CNTLM as a local proxy for the authentication part. Using CNTLM, I managed to access and mount a secured (https) DAV share using davfs2. In theory, CNTLM should let me setup permanent tunnels from local ports to distant ports, and it does; however these tunnels don't seem to work for SSH nor for IMAP (another protocol I tried).
I suspect the problem is that neither SSH nor IMAP is HTTP- or FTP-based, but anyway it does not work. So back to square one: how should I proceed to get ssh to connect through the HTTP proxy (with NTLM authentication) to the remote server? For that matter, if there's a better way than SSH to create a tunnel, that would work in my situation, that's OK with me. Just in case, here are the relevant parts from my firewall setup on the server:
# allow continuation of established connections iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t filter -A INPUT -f -j ACCEPT
# allow local connections iptables -t filter -A INPUT -i lo -j ACCEPT
# open ports: # ssh iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT Yves.
