Ubuntu :: IPtable Rule To Force All Browsers To Use Proxy?

Oct 30, 2010

I have installed squid as my proxy server in ubuntu 10.04 standalone system..Why i have installed squid in standalone sytem is, my friends used to access my system to browse sites and download files..So i have installed squid to block porn sites and downloads..But they simply bypass the proxy by disabling it..I know there is some way to force all browsers to go through proxy using iptables..But how to acheive it..? Is the below command suits my need..?If not what modification should i do..?

Code:

sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128

View 6 Replies


ADVERTISEMENT

Red Hat / Fedora :: Not Able To Add Iptable Rule?

Dec 22, 2010

In my new Centos i am not able to add iptable rule. iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128bash: iptables: command not foundI am getting this error. I use this rule to forward ports to squid.

View 5 Replies View Related

Ubuntu Security :: How To Create An Iptable Rule

Sep 1, 2011

I need help creating an iptable rule. The iptables are installed on my router. My router also connects to a "hide my a**" vpn account
at 79.142.65.5:443 The goal is to somehow force the traffic to go through the vpn, because what sometimes happens is, the vpn connection drops (for what ever reason) and my real ip becomes exposed. Basically, I want to block "myself" from accessing the Internet when not connected to the vpn because of privacy concerns.

Below is my iptables. It has the 3 default chains and it also has many custom user chains. I need to know what kind of a rule to add, What interface to apply it to (lo,tun0,br-lan,eth1) and the correct chain to insert into.For example, you could tell me something like:

Quote:

FORWARD chain, change rule 1 to
iptables -R FORWARD 1 -j zone_wan_MSSFIX -p tcp --destination-port 443 -i eth1

Obviously, That was just a guess, I need someone that knows iptables to help me.

Code:

Chain INPUT (Policy: ACCEPT)
Rule # Traffic Target Prot In Out Source Destination Options
Rule 1 72.95 KB DROP all * * 0.0.0.0/0 0.0.0.0/0 state INVALID
Rule 2 1.11 GB ACCEPT all * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

[code].....

View 3 Replies View Related

Networking :: How Many Rule Iptable Can Manage

May 12, 2010

i'd like to know how many rule can manage iptable. I'm asking that because i'd to drop all traffric from my localnet to porn site. I've a database of porn site witch contain about 900 000 domains. I know there are solutions like squidguard. But for my linux box i'd to use iptable to prevent users access to porn site and other blacklist site.

View 1 Replies View Related

Networking :: Adding An Additional Iptable Rule?

Mar 4, 2011

This is what I have currently running.

Code:

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

[code]...

How do I add this to the ruleset, without doing the whole thing over again?

Code:

iptables -A OUTPUT -d 10.3.0.0/16 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

View 1 Replies View Related

General :: Iptable Rule To Open Samba Port?

Jun 15, 2010

I have samba running on 192.168.100.209 and I am trying to open samba ports only for hosts in 192.168.100.0/24 network.. I have added following rules to iptables. But still I am not able to connect from machines from 192.168.100.0/24 network

Code:

iptables -A INPUT -s 192.168.100.0/24 -p tcp --dport 139 -j ACCEPT
iptables -A INPUT -s 192.168.100.0/24 -p tcp --dport 445 -j ACCEPT

What's wrong with the above rules ?

View 3 Replies View Related

Networking :: Iptable Rule For Blocking Direct Internet Access

Jun 13, 2010

i have the following system in my lan.

firewall(iptables)
etho(private) - 192.168.2.1
eth1(public) -189.117.57.2

squid server at 192.168.2.10

my request is that i have to make all out bound internet connection should go from proxy server , not directly to firewall. Please specify a iptable rule for blocking direct internet access. my clients ip ranges from 192.168.2.20 to 192.168.2.47

View 5 Replies View Related

Server :: Command For Iptable Rule To Add In Chain RH-Firewall-1 To Block Ftp Port?

Mar 10, 2011

tell me the command for iptable rule to add in Chain RH-Firewall-1 to block ftp port & the ftp server was configured in public ip address,i searched in google but i did'nt get the exact command for iptables rule in Chain RH-Firewall-1.

View 3 Replies View Related

General :: Force Wget Proxy To Non Environment Proxy?

Aug 17, 2010

is there a way to force wget to use a specific squid proxy when making connections ? - I use a squid proxy normally, but I need this specific request to go via a different one. I dont have to use wget, I just need a way to test squid's blocking rules by requesting various pages through it, this proxy is not my normally proxy on the network and so I cant rely on wget taking the environment variable.

Also, this is as part of a script, so anything that avoids editing wget config files would be best. - Perhaps curl can do this ? - currently im using the exit code of wget to determine if the connection was made.

View 1 Replies View Related

Networking :: Iptable Rule Don't Work - Error "18446744073709551615"

Apr 11, 2010

I have problems with iptables :

[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --set
[root@server7 ~]# iptables -I INPUT -p tcp --syn -m recent --update --seconds 10 --hitcount 30 -j DROP
iptables: Unknown error 18446744073709551615
[root@server7 ~]#

I need stopping a SYN ddos attack... but iptable rule don't work...

View 9 Replies View Related

Networking :: Iptable Mark Packet And Use This Mark In Other Rule?

Apr 21, 2010

I'll like to mark all packet coming from and going to an ip adresse. And I'd like to match that mark packet in an other rule. Ex :

Rule 1 : Mark all packet coming from 192.168.2.0/25 with number 1

Rule 2 : Drop all packets which has been mark with number 1

View 3 Replies View Related

OpenSUSE Network :: Configure Proxy Settings For Browsers?

Aug 28, 2010

If I configure my OpenSuSE 11.2 system to use a proxy server in the YaST Proxy module, do I still need to configure my browser (i.e Firefox) to use these proxy settings, or is it done automatically under the covers?

View 1 Replies View Related

Slackware :: Force Packet From GuestOS Go To HostOS Proxy Port?

Apr 14, 2010

I am using VirtualBox as virtualization machine. My topology is:Quote:Internet=====(eth0)HostOS=SLackware(eth1,br0)=====(eth0)GuestOS=slackwareCondition each OS:

HostOS:
eth0 = 192.168.7.80/24
Gateway = 192.168.7.1

[code].....

View 5 Replies View Related

Ubuntu Security :: Set A Rule In Iptables, Does That Rule Also Apply To Ipv6, Or Just Ipv4?

Jul 16, 2010

Question (and Google results aren't making this clear): Ubuntu has both iptables & ip6tables installed. 1. If I set a rule in iptables, does that rule also apply to ipv6, or just ipv4?

2. If "no" to above, then it would be prudent to *also* set ip6tables rules as well if I want to maintain an active firewall, correct?

3. Does ip6tables rules have the same syntax and behavior (more or less) to iptables rules - i.e. can I just copy my iptables rules & change "iptables" to "ip6tables"?

4. Any gotchas or issues that I should be aware of?

View 9 Replies View Related

Networking :: Squid Proxy Server On Ubuntu And WPAD - Proxy Auto Detection?

Dec 9, 2010

Currently my DHCP Server is working now what i want to have is auto detection of squid proxy in any browser but I still got an error in my dhcp server when I restart it.

My Config:

# DHCP configuration generated by Firestarter
ddns-update-style interim;
ignore client-updates;

[code]....

View 2 Replies View Related

Fedora :: TOR Onion Routing - Set Proxy For HTTP And HTTPS In Firefox But Say's 'unknown Proxy'

Jul 7, 2010

I've been trying to make myself anonymous, but I cant find 'Tor' anywhere, tried 'yum & kpackagekit' neither have it. I did find 'Privoxy', installed it, set proxy for HTTP and HTTPS in Firefox, but it says 'unknown proxy' when I try to use it! I've been to the Privoxy web site and read through the 'User manual', but most of it is 'geek' to me!

View 8 Replies View Related

Ubuntu :: Remove All Iptable Rules And Chains?

Aug 6, 2010

How would you remove all iptable rules and chains?

View 2 Replies View Related

Ubuntu Security :: Insecure Iptable Rules?

Sep 12, 2010

I've configured iptables to act as a stateful firewall, but instead of simply rejecting packets I'd like to waste a potenial hackers time by droping any packet that would otherwise be returned. Are my rules sufficient or have I somehow opened myself up to an attacker by trying to write these rules myself?

View 3 Replies View Related

Server :: Set Up Squid3 Proxy As A Transparent Proxy & Iptables Config

Feb 23, 2011

I am trying to set up my squid3 proxy as a transparent proxy - right now, I have to manually configure browsers to access via proxy. I understand that I have to put some rules into Iptables and also some further directives in the squid.conf.

I have a couple of specific questions. The proxy server is running on a Ubuntu 10.04 workstation and this machine also acts as a dhcp server for the network. I have just one subnet , namely 192.168.0.1-254 There is only 1 network card. Is it much easier to put in a second network card or is it just as easy to configure the existing lan card as a dual IP?

Is it necessary to configure these 2 IP's ( whether they are via 2 lan cards or dual IP on single card ) to be on different subnets. i.e ETH0 192.168.0.1 and ETH1 192.168.1.1 or is ok to have something like ETH0 192.168.0.1 and ETH1 192.168.0.254 ( where ETH0 is the one facing the LAN and ETH1 points to the modem router / switch i.e The Internet ) Where specifically do I save the Iptables rule configuration file and what must I call it ?

View 4 Replies View Related

General :: Iptable Rules - SYN ?

Feb 9, 2011

Explain the following iptable rules for me?

I understand 1 and 2, 1 creates the new syn_flood chain and 2 redirects all SYN requests to the new syn_flood chain.

I'm having trouble understanding 3 and 4. can someone explain to me in laymen terms the --limit 1/s and --limit-burst 3?

View 2 Replies View Related

Ubuntu Security :: Iptable REDIRECT From Local Machine?

Nov 8, 2010

I have a server that is on a high port number, and people want it on port 80. For root exploit issues people say the server can not run as root. So to solve things I want to redirect port 80 to a high port number, say 12345 on the machine. This has been discussed all over the web, so I find I need to do this:

/sbin/iptables -t nat -A PREROUTING -p tcp -d 123.45.67.89 --dport 80 -j REDIRECT --to-ports 12345
/sbin/iptables-save > /etc/sysconfig/iptables

And I do this, an voila things work for the whole world. All machines in the world can see the server on port 80 on the machine.Except, on the machine itself. On the machine 123.45.67.89, I try to get to the server on 123.45.67.89:80, I get a can't connect error. On the machine if I try 123.45.67.89:12345 I can connect.What am I doing wrong here? I don't want localhost network really, I want the ip address and port, but I want the forwarding to work on the local machine. But it doesn't...

View 8 Replies View Related

Ubuntu Security :: Setting IPTable Rules For FTP Server?

Jun 22, 2011

I recently set up a ftp server in my house running a dyndns service so I can get to it from the outside. I called my isp to get some help in setting up the router to forward port 21 from the outside to that box, and in short we had some problems. Long story short, they ended up bypassing the router itself, and now the line running to the box is its own fixed external ip. Naturally I want a pretty darn good iptables setup for this. The box runs proftpd and so far my iptables only accepts local loopback and port-21. (I left port 80 closed as its only purpose is to be a standalone ftp server) But I know there must be a safer rule for port 21, as right now its just wide open. Anyone have any ideas on how to make this a bit safer? Also would that command be fine for any of the linux machines im connecting to it from the outside too?

View 3 Replies View Related

General :: Convert HTTP Proxy To SOCKS Proxy?

Feb 27, 2010

I've been doing some security testing in a lab environment that does not have direct internet access. It's actually a little complicated: From home to connect to my lab machine, I

1. SSH to machineA.
2. SSH from machineA to machineB

where machineB is my actual lab machine. neither machineA or machineB allow anything other than SSH, and machineB is only accessible from machineA. However, I really need to run yum on machineB. I have managed to get internet access via Firefox on machineB by creating a series of SOCKS proxy via SSH.

1. machineB: ssh -L 12345:localhost:12345 user@machineA
2. machineA: ssh -D 12345 user@machineC
3. machineB: configure firefox to use socks proxy, localhost, 12345

where machineC has internet without limits placed. This is the only way I have managed to get internet working. I tried using ssh -L all the way from machineB->machineA->machineC but it didn't work (even when setting Firefox to use http proxy). I tried using ssh -D all the way, but again that doesn't work either.

I do have access via Firefox using socks proxy. However, yum update fails to retrieve mirror list, and from what I have found I don't believe yum supports socks proxy directly. Instead, it uses http_proxy / ftp_proxy. how to get yum to go out over the SOCKS proxy I created (same one using in Firefox)? It seems like since Firefox can access the internet and everything without issues, i should be able to get yum to tunnel through the same connection to access everything.... I tried

[URL]

View 1 Replies View Related

OpenSUSE Network :: IPTable Redirects On The Fly Via CLI?

Sep 15, 2010

I'm looking for a programmatic way to run the equivalent of the below statement using SuSEfirewall2 and make it persistent:

iptables -t nat -A PREROUTING -s 192.168.1.4/32 -p udp --dport 514 -j REDIRECT --to-ports 51414

Yes I know I can add it to FW_REDIRECT in the config, but I really need to handle this on the CLI at run time (which the above statement does do), however... is there an iptables-save equivalent in SuSEfirewall2?

View 3 Replies View Related

General :: How To Open Port At Iptable

Oct 11, 2010

How to open port at iptable?

My box is centos 5.4.

I wanto to open UDP 177 and TCP 6000~60010.

I can connect my box through putty now.

View 4 Replies View Related

Security :: Iptable Rules For Dns And Snmp

Jan 27, 2011

I have a caching dns and SNMP ( MRTG ) both on the same server how can I permit dns and snmp traffic in INPUT chain?? I have tried the following:

iptables -A INPUT -p udp --sport 1024:65535 --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 --dport 1024:65535 -j ACCEPT
iptables -A INPUT -p udp --sport 1024:65535 --dport 161:162 -j ACCEPT
iptables -A INPUT -p udp --sport 161:162 --dport 1024:65535 -j ACCEPT

View 1 Replies View Related

Security :: Iptable To Block A Sub-domain

Feb 23, 2011

Is it possible to block a subdomain or a one lower level directory URL access from other hosts or network ? I have a site running on my server and i want to block the particular directory under the domain, with the exception of loopback access? I mean the directory must be accessible from loopback/localhost.

[url] on port 10016(expect loopback)
[url] on port 10016 (expect loopback)

Code:

View 1 Replies View Related

Ubuntu Servers :: Rsyslog & Log All Iptable Logs To Mysql Instead Just A Logfile

Apr 5, 2011

I try to log all my iptable logs to mysql instead just a logfile. The setup is as followed:

[Code].....

[red]Problem[/red] rsyslog logs everything correct, except it does not log to db, it logs to /var/log/messages. As I am brand new to the whole Linux experience, I don't get it. My /etc/rsyslog.conf is setup with $ModLoad onmysql.

View 1 Replies View Related

Fedora Security :: FC15 And Iptable Rules ?

Jul 16, 2011

I don't know if FC15 has the iptable rules like the ones shown below by default or not but I wanted a second opinion about the safety they provide. Why is icmp accepted (INPUT rule 1) from/to all ip? and is it better to remove this rule? When the protocol is all (INPUT rule 2), does it mean from ip layer and above?? and is it required/safe to have this rule? The 3rd rule is to allow tcp-port 22 connections (ssh) to/from all ip. I think this is correctly set and required. The 4th rule in INPUT table rejects pings with the icmp-host-prohibited message; which I don't think is the best solution. Instead it can be set to silently drop icmp packets. Then, the FORWARD table uses reject instead of silent drop for forwarding icmp ping packets.

Code:

what do you think about the new rules and their order?

View 5 Replies View Related

Networking :: Add Ports In Iptable /firewall Using Command?

Feb 18, 2011

I want to know how to add (ports to open)in firewall using command or scriptor any ather method

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved