We host a web server in which we are hoping to implement some form of traffic redirection based on source IP address, and I am wondering whether the squid proxy built on iptables would be capable of managing this task? Essentially we are trying to redirect traffic from specific set of source IP ranges to a "Your IP has been restricted" type of page at a different IP/FQDN.
View 2 RepliesI'm currently using a homemade Python script to parse script kiddie IP addresses from logfiles.To this point, I've simply been DROPping any requests from these IPs using iptables.I thought it might be fun to redirect their traffic back to them, but as I am not an expert at iptables, I was wondering if I should use FORWARD or PREROUTING.
View 7 Replies View Relatedhow to redirect network traffic to a new IP address using IPtables. I am using Baffalo router and the rtos used is DD-WRT. Basically, I want it so that any connection going through my router to a specific IP (say, 192.168.11.5) will be redirected to another IP (say, 192.168.11.7) so any outgoing connections made by a program that is attempting to connect to192.168.11.5 will instead connect to 192.168.11.7.
View 2 Replies View RelatedI have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.
On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.
I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.
The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.
These are my Squid rules:
acl allowed_sites url_regex "/etc/squid/Allowed_Sites.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow Bypass_Users
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24
http_access allow allowed_sites
http_access allow our_networks
http_access deny all
icp_access deny all
htcp_access deny all
http_port 192.168.1.254:3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname FC11.proxybox
icp_port 3130
coredump_dir /var/spool/squid
1. It is definitely my system and not the router. I had been accepting these connections just fine on my Fedora 6 system, but upgraded to FC11 and haven't been able to get these inbound connections working. I still have the drive with the FC6 system and whenever I put the old drive in the system, the connections work fine. So, the hardware, wiring, etc is identical between the FC6 and FC11 systems.
2. The system's firewall is disabled. iptables, and ip6tables are turned off both at startup (e.g., chkconfig iptables off) and using "service iptables stop". (Note--my router also works as a firewall)
3. sshd and httpd are both on and listening on all interfaces. "nmap -P0 -p 22,80 127.0.0.1" shows both ports open, as does 192.168.1.80. But when I use the same command looping through the external IP, the ports are filtered:
Host is up.
PORT STATE SERVICE
22/tcp filtered ssh
80/tcp filtered http
4. hosts.deny is empty.
5. The messages and secure logs do not show anything in response to the nmap scans.
Again, I'd have sworn this was my router, except that it cleanly allows the traffic when I swap the drives in my system.
I have a question, on my firewall at work I am seeing a constant flow of denies from many different source IP addresses, of tcp/udp destination port 53372 & 53375.What in the world is that, and why these two ports over and over
View 1 Replies View RelatedI'm simply trying to make a little restriction on www packets under two rules:
1. Allow inbound/outbound www packets (works!)
2. DROP inbound traffic to port 80 from source ports less than 1024. (DOES NOT WORK!)
Now, technically, when i use hping to test my rules, hping3 192.168.100.100 -S -p80 -s 1023 I should NOT receive any packets. However, i still receive packets, which means my rule that says less than 1024 does not work. (see below)
And this is my iptables rules in shell-script so far:
#!/bin/sh
DEFAULT_NIC=eth0
SERVER_IP="192.168.100.100"
ALLOWED_WWW_PORT=80
IPT="/sbin/iptables"
[Code].....
I'm trying to adjust the firewall to only inbound syn connections.
To Allow all home subnets access to port 53 both tcp/udp but deny the rest.
I have "Server A" with real internet ip 1.2.3.4 (eth0) and lan ip 192.168.1.1 (eth1) There's also "Server B" with lan ip 192.168.1.2 (eth0), I'm running an Apache Web server on "Server B", so I want to redirect all traffic from IP 1.2.3.4 port 80 (Server A) to 192.168.1.2 port 80 (Server B), using the following rule:
[Code]....
iptables -t nat -A PREROUTING -p tcp -d 1.2.3.4 --dport 80 -j DNAT --to 192.168.1.2:80 This actually works pretty good, from internet I can browse ttp://1.2.3.4 But the problem is that if I check the Apache logs, all incoming connections seems to come from 192.168.1.1 instead of showing the real source ip addresses (internet ip's) so this is screwing up all my web stats, I've been looking for hours and hours on how to make a transparent redirect, but can't find any info, I know there must be a way because my old WRT54G router which uses iptables could do it.
I was wondering what the best way of redirecting all traffic, not just http traffic, from my hosted web server on hostmonster (with a domain name) to my home server.... I wondered if it would be possible to do it with a simple script running on the hosted web server?? Also is there a way of getting round having all the ports open on the hosted web server that I want to use on my home server??
View 2 Replies View RelatedI was trying to find some free VPN service for access restricted pages. I found some working programs for win XP, but nothing works under Linux (TOR was too slow and now it is blocked). I was using program PacketiX under win, and it has also Linux version without GUI, but i was not able to make it work, because I dont know, how can I make firefox to connect through the VPN service.
I downloaded the client here [URL]
I was able to make it work with this guide [URL]
But i dont know, how to adjust routing table so I can connect to the internet through the VPN service.
ifconfig
Code:
ath0 Link encap:Ethernet HWaddr 00:05:4e:4d:c5:5f
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:576 Metric:1
[Code].....
Currently I have a server which runs under centOS 5.6. It is dedicated to the VoIP application of my customer.I have a problem for which I have the solution but I didn't managed to achieve it.So, let me explain you the context.Here is the networking aspects of my environment
VoIP Provider_____Gateway_____________My server
ADSL Provider____(non pingable)
x.x.x.2 <====> A.A.A.1 <======> A.A.A.3
[code]....
I tried to setup a home server that will redirect the internet traffic through the server before it reach the client. Because i don't want to install anti virus on every machine, it will slow them down a lot. There are some anti virus for ubuntu. Most of my home machines are running windows, which is a pain with virus.
p/s: I'm running 1 ubuntu server 10.04 and the rest are windows 7 machines.
How do I redirect all the UDP traffic on port 27016 of my current dedicated server to a new IP port 27015 using IP tables?
View 1 Replies View Relatedis there any built-in option in squid to redirect a website URL to another URL?
View 2 Replies View RelatedI have recently just got another internet connection at home via cable as well as my exisiting DSL connection. I was wanting all my web browsing that I did via squid to be redirected down the cable connection. The box has a single nic at the moment and the default route sends it via the dsl connection for the mail server that is also running on the box.I was hoping that anything that hit squid would go down the cable connection that is plugged into a router and thus I can route to 172.16.2.251 and everything will go out via cable.
I was reading about iproute2 and marking the packets and is wondering whether this is the way to go?
i have installed squid 2.6 on my centos. i have writen a shell script to ping a network and write to a file. write '1' if network up and '0' if network down. After that,a perl script will read the file and do the redirection.Perl will redirect to a fix URL [URL] if the network down and do nothing when it up. i have put my perl script in squid.conf at url_rewrite_program /my_file_path.
below is my shell script for pinging:
Quote:
#!/bin/bash
while [ 1 ]
do
HOST=143.148.137.134
[code]....
My problem is client browser are not redirect to www.google.com even the network is down. It should go to the fix URL when the user click any URL in network down situation.it just appear cannot resolve host.
I need to redirect all http/https/ftp traffic through the remote proxy, but when I changes connection settings in browser or in System->Preferences->Network Proxy it doesn't work well: instead of getting page content browser asks for saving some short (8 bytes) file with the same content for all requested pages. It happens in Chrome/Opera/Firefox. This proxy requires authorization and works on computer with Windos XP. It worked well when I was using Windows 7 and Proxifier, now I have Ubuntu 9.10 with all available updates.
View 3 Replies View RelatedHave done a bit of Googling around this but got totally swamped so will try here. Basically we are running a CentOS server which hosts a number of virtual hosts under Apache. Recently I needed to set up a development environment for another site using Ubuntu and have this running and accessible on the LAN from a VMWare image. I'm using bridged networking so the VMWare machine has its own IP on the LAN subnet.
I've set up a DNS to point to the external IP of the physical host but can't figure out how to route traffic requested on this domain to the VMWare host. I've basically tried two approaches (configuring a proxy web server and reverse proxy in an httpd.conf file and mucking around with iptables forwarding rules but without success.
Ideally I'd like somesite.somewhere.com to point to the VMWare IP but I could live with a custom port on the end if thats whats required.
To throw further complication into the mix I need reliable communication between the VMWare machine and external mail relay servers in order to debug any issues with mail bouncebacks, embargos etc.
Any idea what's the easiest way to accomplish this?
I have set up an openvpn server on ubuntu via port tcp 443. The server use a public network and almost every ports are blocked (not 443) So when a client connect to the server, if it send traffic needing a blocked port, the connection cannot been etablished of course. So i d like to know if it is possible to redirect all incoming traffic on the server to an other unblocked port (like 443) to bypass firewall.
I dont think openvpn offer this possibility but maybe with linux it is possible..
I've been having a hard time googling and trying to get ALL network connection to be redirected to squid proxy. I couldn't find a proper configuration for ufw or iptables. The ideas are:
1. redirection rule should NOT depend on a specific network inteface, but should work with any connection type, ex.: ppp0 or eth0... 2. firewall rules can be for firehol, iptables, or ufw (the same as iptables, just tell me where to place them). Preferably ufw or gufw. 3. should not interfere on cups web interface and lighttpd server.
BTW: it's not a ubuntu server install
Hi,
In squid i have blocked some sites like facebook and ......I want to know is there any way when user type in his browser like www.facebook.com instead it show something like following it automatically redirect to www.google.com
Error
The requested URL could not be retrieved
The following error was encountered:
Access Denied.
Basically I want to redirect the http request so the user should not see the page not found error but www.google.com page may open automatically.
thanks
garden
I am using squid server. I want to redirect one perticular url request to other squid proxy server .
View 1 Replies View RelatedI use CentOS 5.4, Squid version 2.6 , squidGuard version 1.2. Squid works properly, squidGuard also works properli. I want to redirect all requirests from [URL] to [URL]. It seems that squidguard works:
Code:
[root@main ~]# echo "http://www.sex.com 127.0.0.1/ - - GET" | squidguard -c /etc/squid/squidguard.conf
http://www.infoborder.com 127.0.0.1/- - -
[root@main ~]#
But if I want to access site [URL] with a browser which is connected to squid, my browser get me the site [URL]
I'd like to set up an iptables configuration as follows:- Allow all traffic by default- For one user account (anonymous), block all traffic except:- All traffic on lo- All DNS requests, which should be redirected to 127.0.0.1Here's what I tried:
# Redirect
iptables -A OUTPUT -p udp -m owner --uid-owner anonymous -m udp --dport 53 -j REDIRECT --to-ports 53
[code]....
I have a virtual environment, RHEL6 minimal install. On that, I am trying to run Liferay6 on Tomcat6 for the purpose of writing prototype business portals. I used the Liferay+Tomcat bundle downloaded from the Liferay website.
For security reasons, the server can only be accessed through port 80, and Tomcat listens on 8080. (I know I can run it so that it listens on another port, but I'd like it on 8080)
Goal:
Use iptables to forward traffic destined for 80 to port 8080.
What I Did:
Configure nat to forward tcp packets from 80 to 8080:
Code:
List the nat iptable:
Code:
wget to 80 doesn't work:
Code:
What I Already Checked:
Tomcat did start normally. Logs show no errors, and specify that Coyote HTTP/1.1 is initialized on http-8080. I can provide this log if need be.
Tomcat is listening on port 8080:
Code:
Code:
I get the same negative result on the VM on the server as I get on a RHEL6 VM on my laptop.
The iptables method that I described above does in fact work with Liferay6 on Tomcat6 on Ubuntu 10.10.
I have looked at this thread. I appear to have tried everything that was mentioned there.
Actual Question: I would like to know how to effectively forward 80 to 8080 on RHEL6, so that I can access Liferay on Tomcat (listening on 8080) at 80.
We use a squid proxy server for all http traffic. Is there any way to configure squid so that all traffic which squid and workstation communicates is SSL and encrypted ?
View 2 Replies View RelatedI'm trying to redirect the requests from port 80 to ports 8080 and 8081 through iptables because I've got two services which need accept requests from the same port(80):
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080-8081
The problem is that the second port (8081) never gets a request, just the first one.
i used the angry ip scan software and found alot of the public ip addresses on our network are accessable from outside when they are not suppose to, For eg printers/ pcs etc. to make a start on locking down the network i was wondering if anybody knew th iptables command to add a rule which blocked all incoming traffic to specific ip adresses on the network and to a range of ip addresses.
View 7 Replies View RelatedI want to know that squid in 5 min ago and 1 hour ago how much traffic transferred for monitoring purposes?? where can I get this info from running squid? of course I get I have to note that access.log is disabled for some reasons.
View 3 Replies View Related