I have setup squid on a local-only ADSL account as per management to cut costs. But now they have asked to route international sites via another proxy. The local sites should still go through the local proxy and the international sites get routed to another vpn.Is it possible to use iptables for domain names and redirect the traffic.
View 2 Repliesi built a new basic squid proxy server. so when i check my ip from internet various website. it shows my local ip address.
1) how to know squid proxy mode working in which mode, like tranparent rever or web proxy etc
2) how to hide all local ip from outside world, let our isp proxy global show everywhere by which traffic go out
I'm having trouble to configure my debian (2.6.26-2-686) with some routing tuning. In fact, I have a VPN provider. I want my Squid Proxy use this VPN provider and I have to use policy routing because my ISP forbid IP spoofing.
View 2 Replies View RelatedI've setup an XP VM using Red Hat's KVM. The physical Red Hat box has two NICs, a fiber one in use and active and a CAT-5 one that is disabled and with no wire connected. The physical box has br0 active and bridging on the subnet of 192.168.10.0/24. ip route show also displays for virbr0 192.168.0.0/16 My physical box (192.168.10.228)can ping the virbr0 IP of 192.168.122.1, but not the XP VM of 192.168.122.228
I have played around with Window's route command to try and setup some method for the Windows VM to ping the 192.168.10.0 network, but have not had any luck. I've also messed around with the Red Hat netmask and such to work it from the Linux side. But then, as would be expected, I can't talk to other Linux boxes on the physical network.
Does anyone have any ideas how to get the Windows box to communicate with the Red Hat box and the other Linux systems beyond while keeping the two distinct networks of 192.168.10.0 and 192.168.122.0 leaving them both as Class C (255.255.255.0)? I mentioned the unused CAT-5 NIC thinking perhaps it could operate as an internal router even with no cable attached. That was just a random thought and I have not even explored that.
I have a multihomed server, connected on two different ISPs. All default trafic goes to ISP1 via wan1. There is special local processes in my system, what must go through ISP2 via wan2. This processes are make connections to TCP:80.
What did I do:
[root@localhost ~]# ifconfig wan1 10.44.8.252 netmask 255.255.255.0 broadcast 110.44.8.255 up
[root@localhost ~]# ip r r default via 10.44.8.1
[code]....
I see that frames goes out with SRC of wan1... I tried this:
[root@localhost ~]# iptables -t nat -I POSTROUTING -o wan2 -p tcp --dport 80 -j SNAT --to-source 192.168.86.2
and saw:
[root@localhost ~]# telnet 194.87.0.50 80
[root@localhost ~]# tcpdump -i wan2 -nnt port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
[code]....
The connection did not established... Conntrack does not see it!
my local clients connected to the IPv6 internet.
I've already designated a machine to act as the router to the hurricane electric tunnel. I created a he-ipv6 device on it and can ping ipv6.google.com. No problem.
The problem happens when I want clients to use that router. That is, I can't ping ipv6.google.com from other machines on my LAN.
I setup /etc/radvd.conf, which seemed to successfully give out addresses to my clients:
interface eth0
{
AdvSendAdvert on;
prefix MY:HEREFIX::/64
[Code]....
I start the daemon and check that my clients have new ip6 addresses. So far so good. On my router, I do a sysctl -p and see that /proc/sys/net/ipv6/conf/all/forwarding = 1. I haven't touched ip6tables/iptables yet. Both are in a flushed state.
My ipv6 router is actually inside the LAN which gets internet from another machine which has let ipv6 packets through using protocol 41. I figure I don't have to worry about anything else because if my router can ping6 ipv6.google.com, the failure point would be there.
So my clients get ip6 addresses, but can't ping6 the router nor the ipv6.google.com. They do resolve ipv6.google.com however and I checked the traffic on the router over he-ipv6 from ifconfig and RX and TX bytes were changing during the ping.
My router has only one physical device for forwarding, eth0 and the tunnel device he-ipv6. Do I need to add some kind of ip6tables to see a simple ping from my clients?
I have problem with port based routing for local traffic. I can't use trick with iptables -t mangle, ip route table 1, ip rule fwmark table 1 because it works only with forwarded packets. I can't even use patch-o-matic because it's obsolete. And xtables-addons doesn't contain support for "-j ROUTE" yet.
View 2 Replies View RelatedI am using Network Manager to connect to a VPN server so that I can access some of the computers on the local network there. When I'm connected, I have two problems: All my internet traffic goes through the VPN. My computer is no longer visible on my local network. I waste a lot of time connecting and disconnecting the VPN. Is there any way I can set up a VPN so that I am still on my local network and only requests to 172.x.x.x go through the VPN. I suspect it can be done with iptables, but all the info about iptables goes WAY over my head.
View 8 Replies View RelatedMy squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
View 1 Replies View RelatedI would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
View 1 Replies View RelatedI am trying to set up squid to make switching proxies easier. I have a laptop which I use at work and at home. At work, I need to connect to the internet via a authenticated proxy. At home, I connect directly to via mobile broadband. So I end up switching proxy settings twice daily, which is just irritating! To solve this I want to set up a system whereby I never have to worry about a proxy - my browser sees a direct internet connection which squid (on my computer) intercepts and forwards either to the mobile broadband connection or to the work proxy (along with the required authentication) depending on which is available. I've read various articles on how to do clever things with iptables and squid, but I don't understand enough of the networking jargon or concepts to know when I need to change to make it work in my situation, or if it is even possible.
View 2 Replies View Relatedi have configured the squid for my lan. My lan has three redhat 5.3 web servers. Now by using proxy server, i wish to give access to external clients for my web server and restrict to local client, accessing wan through port 80
View 2 Replies View RelatedI'm trying to setup iptables to send web (tcp?) traffic through Squid and Privoxy transparently (to save having to setup everything per browser and hoping they honor their settings). I know I have done this before but I can't find the old config nor remember the exact options needed to do this.What I am wanting specificially is for Privoxy to grab the data as it leaves the browser, do its thing then pass it on to Squid before sending it down the line, then doing the same incoming (Privoxy -> Squid -> requesting app).
View 1 Replies View RelatedI have two networks. One of them is wired, the other is wireless. The wired has an internet connection and a few other computers connected to it. The wireless network has a few hosts connected to it too, but it has no internet connection. What I've been trying, fruitlessly, to do, is make all connections that are bound to the internet, or my wired network, be routed that way, and all the connections to the hosts of the wireless network go that way.
Here's the setup..
Wired:
192.168.1.0/24 Gateway = 192.168.1.1
Route internet through here
Wireless
192.168.2.0/24 Gateway = 192.168.2.1
If my computer sends a packet to the internet, it should be routed through 192.168.1.1 If I send a packet to one of the local hosts of the wireless network, it should be routed through 192.168.2.1. Here's the routing table I've set up(This is one of many configurations I've tried)
Code:
$ ip route show
192.168.2.1 dev wlan0 scope link
192.168.2.0/24 via 192.168.2.1 dev wlan0 src 192.168.2.4
[code]....
With this, and everything else, I get destination host unreachable when pinging. The strange thing is that, if I unplug my eth cable, reboot and connect to the wireless network, everything is fine and I can access the router and the others. I'm trying to improve my networking skills, as I've had this of setting up a small linux box as a router for quite some time, for the fun of it, but I need to get routing under control before I go ruin my network.
I have a firewall, this consists of three NIC's:
Code: eth0[192.168.0.2] eth1[192.168.1.2] and eth2[10.10.165.2]
I am trying to ping eth0 from eth2, but I am not able to succesfully get a response from pinging the device, I am using:
Code: ping 192.168.0.2 -I eth2
I have tried to insert routing data into the routing table, but it still doesn't work
I have a server that has two NIC cards installed eth0 and eth1 we use a linksys router (192.168.2.1) which runs DNS for our LAN. I have installed Squid on the server which runs Ubuntu server (8.04 Hardy) w/ GUI. I can surf the net on the server with google chrome configured to use proxy server localhost:3128...works good. The router is wire directly to eth0. I have my laptop (running Ubuntu Hardy) wired to eth1 and I want to be able to surf the Internet through my server. From my laptop, I can ping 192.168.2.100 which is the IP address assigned to eth1[?] by my router. I assume I need to establish a route from my laptop to my server. I would like to archive this via the CLI and I am not having any luck thus far. If I add static IP addresses to eth1on the server and eth0 on my laptop will this simplify the process? How can I add a route which will allow me access to the Internet via my laptop?
Server:
Code:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth1
0.0.0.0 192.168.2.1 0.0.0.0 UG 100 0 0 eth1
0.0.0.0 0.0.0.0 0.0.0.0 U 1000 0 0 eth0
ifconfig eth1 on the server:
Code:
eth1 Link encap:Ethernet HWaddr 00:30:48:85:cc:1b
inet addr:192.168.2.100 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::230:48ff:fe85:cc1b/64 Scope:Link
Up Broadcast running Multicast MTU:1500 Metric:1
RX packets:7701 errors:0 dropped:0 overruns:0 frame:0
TX packets:7898 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:5572718 (5.3 MB) TX bytes:1506869 (1.4 MB)
Base address:0x9000 Memory:ef400000-ef420000
I have one main subnet 192.168.50.0/24 with a defaultrouter 192.168.50.1 connected to the internet. I have an NFS server on that network. Everything is working as desired and machines are able to see each other and access the internet.
Now, I would like to add two more interfaces to the NFS server (running Slackware Linux), each on its own different subnet, say 192.168.51.0/24 and 192.168.52.0/24. The clients on those new subnets should also be able to access the internet (through the router 192.168.50.1). how to setup routing? Do I need any additional hardware router in between, or just a software configuration on the NFS server?
On a side note I have VLAN capable switches (couple of ProCurve 1800-24G) and would like to separate the three subnets using VLANs instead of using three separate switches.
I have the following setup:
Location A:
Internet -> ISP 1 -> Firewall 1 (external IP address) -> Web Server 1 (internal IP address)
Location B:
Internet -> ISP 1 -> ISP 2 -> Firewall 2 (external IP address) -> Web Server 2 (internal IP address)
I want to find out if I can failover to another location without having to make changes on the DNS server. Just by redirecting traffic from ISP 1 router to ISP 2 router.
I have configured qmail on my CentOS5.5 server. I am planning to divert all the mails sent to one domain to be diverted to another domain. For example, I wish mails sent to user@my.external.domain.com to be seamlessly diverted to user@my.internal.domain.com. I tried.Code: my.external.domain.com:my.internal.domain.com in the smtproutes file. It did not work Also how can I have the reply to address different from the one I sent. Again, I wish, if I send emails from user@my.internal.domain.com.
View 10 Replies View RelatedI have an environment of roughly 30 machines that all have ssmtp installed with identical config files. I also have logwatch installed on all of them, and it runs nightly as it is supposed to. The problem is that any given night, a random number of machines do not send out the resulting email from logwatch but instead dump it to ~/dead.letter. The number of failures changes every night, but most of the time it is between 20 and 30 of my servers.
View 2 Replies View RelatedOur company is an education training and there are 2 mail servers by used.One is postfix in CentOS,other is WinWebMail in windows2003.
Postfix server has 1 public IP and 1 private IP(192.168.1.224),but WinWebMail only has 1 private IP(192.168.1.253).Bcuz we'll broadcost news of training to students and ourselves,but postfix is cannot do that automaticlly,I guess that that is 2 server are the same domain name in DNS server[URL].The question is Postfix can send all mail but [URL].now I wanna try to used postfix have a routing to WinWebMail server,I mean I add a countant in WinWebMail server,if we wanna send some news to everyone in [URL].The postfix will be tranfor to WinWebMail server,and the WinWebMail broadcost to all of [URL] but now other domain name. how to do that in Postfix server?
i have a Server, which has 2 nics installed. Each of those is connected to a router, which is connected to internet. On the server, i have apache, maillserver and im-server running. On the other hand, also squid, dansguardian and clam are running. so now: via eth0 i would like to have just the traffic, which is requested from outside (the big bad internet..) to my server (apache, mail, etc). via eth1 i would like to have all OUTGOING (also to the big bad internet) from the server, which is requested by a internal client. And of course all requests to my own server
both nics shall route their traffic to their own router. For better comprehension please consult the enclosed graph. Until now, i did not find a good solution, the default route is set to the traffic from eth0, if not, no external request will find back to a client do you have a idea how to handle this the easiest way?
I'm trying configure my server for routing between vlans, but I'm having troubles with my server after that vlans are set. I can create vlans and routing is OK, but when I trying remove a vlan, restart the network script or restart the server, the CLI freeze and then I can't do anything. Even Ctrl+C or Ctrl+Z isn't work. I can use other terminal or do other SSH connection (if the network interface used by ssh isn't crashed), but if I try use a ifconfig per example, crash again. The unique solution is restart the server. Nothing about this is found in the log.
Opensuse 11.4
Kernel: 2.6.37.6-0.5-desktop
We have a 10.0.0.x network with a working DNS Server (BIND) setup. Recently we purchased Watchguard firewall and configured three networks, so that our internal network can be divided into three networks and talk to each other through firewall routing. So I configured three ips 192.168.0.1,172.16.0.1 and 10.0.0.1 for local network card in the firewall router. I separated three networks and individually configured machines with static ip and given gateway as the above ips. Now, I need to configure DNS server for each zone in the same server which is in the network 10.0.0.x, is this possible?. If yes do I need to setup ip aliases for eth0 in the DNS server with different ips from each network?
View 1 Replies View RelatedFirst, I installed CentOS 5.5 and Quagga 0.99.17.
Then I configure to run OSPF v2 on R1 and R2 following below:
I added --> #echo "1" > /proc/sys/net/ipv4/ip_forward to forward packet on centos
I have a user setup to receive email, which I would like automatically to be sent into a program that I'm writing. Should I be looking into procmail, or is there a shorter way in /etc/mail (for sendmail) to route all of a specific user's email into a program? I don't care whether the emails are ever written into /var/mail. CentOS 5.3, kernel 2.6.18-128.1.6.el5, sendmail 8.13.8
View 5 Replies View RelatedI am having trouble for routing port 80 from a Billion adsl modem to a guest server in VirtualBox. There are quite few different changes from my last setup so I kind of confuse which one is wrong.
I used to use have the setup belowusing modem Linksys WAG354G use static ip 192.168.1.100 for my machine use static ip 192.168.1.102 for my guest VirtualBox server guest OS is serving http listening on port 80 i use bridge from my host OS for VirtualBox set my modem to direct all traffic on port 80 to 192.168.1.102 host OS was Fedora 11
now I useusing modem Billion 7404VNPX use same static address and configuration host OS is Fedora 13
main issue is I cannot reach the guest OS if I navigate to my modem ip address. (e.g. http://192.168.1.1) if I change the modem to direct all traffic to my host OS ip address (192.168.1.100) it works nicely.
I have tried to disable and enable the firewall without any luck.
I just installed (n this 11.2 system) vmware server (v 2.02), to have access to a few small systems. One of them is a 11.1 guest which I just upgraded to 11.3, successfully (almost).
I have a problem, though: from the host I can not ping/ssh the guest.
Guest to host works fine (including names).
Code:
The firewall is down on both sides. I don't see anything with iptraf in the guest. The IP addres of the guest is correct, unless I'm too tired to see.
Why?
Code:
I've just set up an LTSP server, with all its clients on a separate subnet to my main network - the main network is 192.168.1.x, and the LTSP clients are all 192.168.2.x. My LTSP server has 2 NICs, one on each network, and is merrily forwarding normal IP traffic from the clients to the rest of the network. I have a client/server application that has a server on one machine, and clients locate and attach to it using multicast protocols. The server is on the main network, and any other machines on the network can locate and talk to the server quite happily. The LTSP clients, however, cannot - I assume because the multicast communications aren't being forwarded by the LTSP server. How I can get this working?
View 2 Replies View RelatedI have setup a dhcp server on eth0, & i have static Internet connection on eth1.
now clients are getting ip automatically, they are able to trace root upto eth0 & eth1.
but i am not able to access Internet from client machines. i am using open suse11 as a server.
i am not able to do telnet & ftp also from client. i am able to access Internet from server.
so please help me to configure my server so that i can access Internet from client machines also.