I have a squid3 on a debian lenny box but cannot get access to any site.
If i remove the http_access deny all works, but i just want those ip to get access to squid
My squid.conf
Code:
intranet:/etc/squid3# cat squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#acl all src 0.0.0.0/0
[Code].....
I have a question, on my firewall at work I am seeing a constant flow of denies from many different source IP addresses, of tcp/udp destination port 53372 & 53375.What in the world is that, and why these two ports over and over
View 1 Replies View RelatedRecently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
I actually have a server and a client.The client must connect to the server (via internet) to access to external websites. (You can see the attachment, maybe it's more clear )My actual problem is, I have configure Squid on my server, but I want to force SSL for the connection between the client and the server.I didn't really find nice tutorials about on that, maybe someone have an idea ? Or maybe some indications ?
View 1 Replies View RelatedI wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so
Code: iptables -F INPUT
iptables -F OUTPUT
iptables -I INPUT 1 -s *.*.*.* -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -s *.*.*.* -p tcp -j ACCEPT
[Code]...
After seeing that i went digging in the code and figured it was something todo with memory allocation.
I've setup Squid3 running on Ubuntu 9.04 64-bit server, and configured it to act as a transparent proxy and setup my router following these instructions: [URL]
Everything works great as far as browsing, but my main goal was to cache large downloads (usually executables) that I download frequently. So I set the minimum to 300KB and the max to 100MB. The problem, though, is the cache is not being used. I can download a file at regular speed on one computer, and then try and download it again and it downloads from the internet again, rather than the cache, so the speed is no faster.
Here's my config file:
Code:
#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
[Code].....
i'am trying to configure Squid3 et SquidGuard on ubuntu Server 10.04 for a school. I'm new in linux, before i post this thread, I searched in the french forum and www. I found nothing to help me to resolve this issue. You can see below to configuration file from Squid3. which is stored in /etc/squid3/
[Code]...
I want to deny access to my server by PC's from other sub LAN on my company, so I will add the lines ALL: xxx.xx.xx. to hosts.allow and ALL: ALL to hosts.deny?
VampirD
Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
[Code].....
I can't seem to set this older server right to deny outside access while I build a website on it. What I am trying to accomplish is deny anyone outside of my network access to the website, but replace the 403 error with a temp page letting them know it is coming soon. I have googled for hours and everything I have tried just denies me as well. Seems to be all or nothing.
My last attempt was:
Code:
<VirtualHost *:80>
ServerName www.mydomain.com
ServerAlias mydomain.com
ServerAdmin me@mydomain.com
DocumentRoot /home/me/www/site
ErrorDocument 403 /temp.htm
<Directory />
Options FollowSymLinks -Indexes Multiviews
AllowOverride None
Order Deny,Allow
Allow from 192.168.0.*
Deny from all
</Directory>
</VirtualHost>
I have create distro groups in zimbra and have add member sin there. when i connect an account on mapi etc. [URL] i have create a persona in order client to send from [URL] rather than [URL] How can i restrict inside postfix to relay using [URL]?
View 1 Replies View RelatedI'm trying to use Squid to restrict web access on the computers of my LAN. All of the computers are using static IP address and we use our firewall to deny all HTTP access except for the proxy machine so everyone needs to go through the proxy to access the web.
Most of of the computers have access to websites that are listed on a white list that I called "goodsites". I have a range of IP address that I listed in a file called "super_users". These IP adresses are able to access everything except sites that I have put in a black list called "badsites".
I would like to restrict the use of audio/video streaming for all the IP adresses including the super_users. So far I have been able to effectively block streaming for all the IP addresses except the super_users that are able to bypass this restriction.
Here is the transcript of my squid.conf file:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
[Code]....
I've got a Web app on a server, that may dynamically create some directories inside "/public/sites/medias" from the inside of the app. I've got no problem so far to tell Git to ignore everything _actually_ in "public/sites/medias", but the problem is when users begin to create new dirs and add files like these :
/public/sites/medias
---------------------/images
---------------------------/4
[code]....
I use the
Code:
wget -r -A <extension> <site>
command to download all files from a certain site. this time i already have some of the files already downloaded and listed in a text file via
Code:
ls > <text file name>
How can i make wget to download from the site i want but ignore the filenames listed in the text file?
I have a server running both apache2 (default port) and squid (3128 port) I set an squid ACL so my LAN 192.168.1.0 gets filtered. ok all works fine except for external web petitions. When i try to access my web server from the outside, using my public ip, i get a SQUID DENIED. i guess that is because in squid ACL's there is something like: http_access all deny at the end of the file. How can i allow external petitions to my web?
View 4 Replies View RelatedI am trying to set up my squid3 proxy as a transparent proxy - right now, I have to manually configure browsers to access via proxy. I understand that I have to put some rules into Iptables and also some further directives in the squid.conf.
I have a couple of specific questions. The proxy server is running on a Ubuntu 10.04 workstation and this machine also acts as a dhcp server for the network. I have just one subnet , namely 192.168.0.1-254 There is only 1 network card. Is it much easier to put in a second network card or is it just as easy to configure the existing lan card as a dual IP?
Is it necessary to configure these 2 IP's ( whether they are via 2 lan cards or dual IP on single card ) to be on different subnets. i.e ETH0 192.168.0.1 and ETH1 192.168.1.1 or is ok to have something like ETH0 192.168.0.1 and ETH1 192.168.0.254 ( where ETH0 is the one facing the LAN and ETH1 points to the modem router / switch i.e The Internet ) Where specifically do I save the Iptables rule configuration file and what must I call it ?
I have been beating my head for the last few weeks on this problem, (although I have been taking the wrong approach, it seems).
I need a gateway to direct web traffic to three separate servers/domains. I have been trying to do this with both a dns server and , (seperatly), apache server to forward requests. The dns server was a no go, and <i can only get apache to redirect http and ftp.
After Googling this ALOT, I believe that what I need is a gateway server to redirect my traffic to the 3 different servers. I have been reading about using using nat and iptables for this and was wondering if anyone had any advice/suggestions on this. The other thought I had was to use something like pfSense to create the gateway, but I am still reading the documentation, and I am unsure if this approach will work.
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies View RelatedI am using CentOS 5.4 and did a yum install of cacti. I installed all the necessay packages, like net-snmp, php net snmp and all that. Everything else works but I can't for the life figure out how to monitor traffic on eth0. I do not have any SNMP Interface Statistics or alike in either the Associated Graph Templates or Associated Data Queries.
Heres the output of "snmpwalk localhost -c public -v2c" , SNMPv2-MIB::sysDescr.0 = STRING: Linux xxx.xxxx.net 2.6.18-164.6.1.el5xen #1 SMP Tue Nov 3 17:53:47 EST 2009 i686
SNMPv2-MIB::sysObjectID.0 = OID: NET-SNMP-MIB::netSnmpAgentOIDs.10
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (7515443) 20:52:34.43
[Code]...
I am trying to monitor the interfaces on the local computer only.
I was wondering what the best way of redirecting all traffic, not just http traffic, from my hosted web server on hostmonster (with a domain name) to my home server.... I wondered if it would be possible to do it with a simple script running on the hosted web server?? Also is there a way of getting round having all the ports open on the hosted web server that I want to use on my home server??
View 2 Replies View Relatedany plans to include (or not include) Apache Traffic Server in Squeeze?
View 1 Replies View RelatedI'm currently tunnelling to my Ubuntu pc at home from my laptop in order to bypass my schools false-positive prone filter. Is there a way to record traffic that both comes to and is delivered by my pc?
View 1 Replies View RelatedWhich is best server monitoring (Traffic ) tool ?
Can you provide some form of monitoring on this server or recommend any server-side applications that could monitor the status, in high detail, including traffic, etc?
everything works fine, clients can connect to the vpn server with no problems and they can ping local machines! but no internet access through the vpn connection unless i uncheck the default gateway option on my client machine which is not what i want. I want my clients to get my server's ip address. my server is behind a router (router's ip : 192.168.0.1 | server's local ip: 192.168.0.100) so i used localip 192.168.0.100 & remoteip 192.168.0.234-238 in pptpd.conf. it think there is something wrong with routing or firewall rules, because it seems that the DNS resolution works .. when i try to browse a website my browser says "Waiting for xxxxx.com..." and it stays on that stage forever ! the funny part is that google.com works fine (don't know how).
p.s :
* I have already opened the port in on my router. I even tried it locally to make sure that the router is not the problem here. * already added ms-dns 208.67.222.222 / ms-dns 208.67.220.220 to pptpd-options. (found another guide that suggested to do this, before adding these two lines even dns resolution was not working.)
How could I configure Ubuntu to be setup as follows...
Wireless Client ----> Wireless Router ----> Home Server ----> Internet
What is needed to make all of the wireless traffic go to my internet connection port. I will be having two ethernet cables plugged into the system one from the wireless router and one to my internet router.
I like AWstats for viewing/visualizing web traffic to my server. However, I am in a situation where I would like to visualize ALL traffic to/from a network, in a way similar to AWstats. That is to say, Free and Visual. The program will have to be linux/http/java based as it will run on a linux server off of a Network Tap.
View 5 Replies View RelatedI have just recently switched my setup to have my server be in the middle of traffic and act as my new router while making my other routers just switches. However, after doing this I can no longer access my UPnP devices. They used to show up in my router but I am assuming either there is an issue with my iptables rules or that some how having my server run the dhcp and dns routing is messing with UPnP.
View 2 Replies View Relatedis any apache-module out there that allows duplicating traffic?
I want to test an new Application Server by duplicating the traffic from the old production system. Answers of the new will be DROPped ...
I want to know that squid in 5 min ago and 1 hour ago how much traffic transferred for monitoring purposes?? where can I get this info from running squid? of course I get I have to note that access.log is disabled for some reasons.
View 3 Replies View RelatedThe network in my company use Squid Proxy serveto browse internet.Browser is IE or Firefox, and OS is Windows XP.The company need to use a new software for work, but the software don't have function that can configure Proxy server to connect to Server outside.I don't want to NAT port on router because I cannot control the traffic.Is there any software same as Proxy Client ... installed on Windows XP?My idea is that the software same as ISA server - ISA client
View 1 Replies View Related