Ubuntu Networking :: Cannot Secure Firewall Without Breaking Squid
Feb 23, 2011
Please review my webmin Linux firewall. This is a squid proxy / Firewall / Router. Everything works fine until I change that last line to reject or drop all. Then the traffic behind the firewall that is trying to reach the internet gets borked. I can only assume that something is killing the connections to squid. But everything looks right to me. Here is my prerouting. (please ignore the green box) The red box is the action to be taken following the given rule. But I don't think the problem is in prerouting.
View 1 Replies
ADVERTISEMENT
Feb 22, 2010
I'm looking to setup a web proxy using squid.I already have a hardware firewall NAT'ing device that all the connections go through.I'm planning to install the squid web proxy on a VM (single nic) and place it behind the hardware firewall as below:internet -- modem -- Firewall --switch--squid proxy (192.168.10.100)--client workstation ((192.168.10.200)(client workstation is connected to the same switch as the squid proxy)And on the client workstation's Internet Explorer: Tools->Options->Connection-Lan Settings and check the box for "Use a proxy server for your LAN then type the address of the squid proxy (192.168.10.100) and set the port to 3128. Check the box for Bypass proxy server for local addresses.
View 1 Replies
View Related
Mar 3, 2011
i have configured the squid for my lan. My lan has three redhat 5.3 web servers. Now by using proxy server, i wish to give access to external clients for my web server and restrict to local client, accessing wan through port 80
View 2 Replies
View Related
Jan 14, 2011
is this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
View 3 Replies
View Related
May 17, 2011
I would like to use my Ubuntu server machine as a proxy so I can browse a little more securely/privately while I am traveling. I connect to a lot of open Wi-FI networks.I have Squid setup on an old laptop running Ubuntu Server 10.10 at home, and the main machine I will be using to connect to the proxy is a computer running Windows Vista.I am able to connect and use the Ubuntu Server machine as a proxy while traveling with the squid config file modified with http access set to 'allow all'.
Obviously this isn't the ideal setting.After lots of reading and Googling I can't figure out how to allow only my Vista laptop to use the proxy.I'm a little lost with the ACL settings required.
View 7 Replies
View Related
Apr 20, 2011
There are routers with firewalls which you cannot configure - you just use those routers and get some protection from Internet attacks. Is it possible to configure iptables on GNU/Linux machine so that you'll get better protection than the protection you get from those kind of routers?
View 4 Replies
View Related
Jan 13, 2016
I need to setup a squid 3 proxy with https bumping. Unfortunately I'm not very familiar with squid and https in general.
I already perfomed the following steps:
1.) compile from source
Code: Select all./configure --with-openssl --enable-ssl-crtd
make
make install
2.) configuration (http)
I used this guide: [URL]
3.) configuration (https)
[URL]
The server is now working for http and https, but is the server secure, too? Is the default config already secure or do I need to configure additional security features? (e.g. things like cert validation, cert pinning, [dont know what's importend], ...)
View 0 Replies
View Related
Feb 19, 2011
I am having trouble with yahoo audio/video voice calls. I am behind squid firewall on WAN. I have asked my IT Admin to open the audio/video ports. He have open the ports but still the audio/video buttons are disabled on chat window.
View 7 Replies
View Related
Jan 5, 2010
I've been all around the net and can't find a "simple" answer how to block our LAN users from downloading torrents. Is it really that difficult?
Here's our setup:
1. The Server's Configs:
2. sudo gedit /etc/squid/squid.conf
3. sudo gedit /etc/rc.local (to start Firewall rules on bootup)
4. Server NOT a DHCP Server
5. No other iptables rules are configured, just the above ones.
Before in a 1 NIC setup, I blocked Workstations MAC addresses in the Router + Squid Proxy Server (Not Transparent), it worked, but some Online Java Apps didn't work and users can't send/receive email so I abandoned the method.
Now, I installed transparent Squid Proxy with 2 NIC cards, it works, but workstations can still download torrents! I know Squid doesn't block ports, right? So the answer must lie in Iptables Firewall? I basically use Squid just to deny access to Facebook, Friendster, or other "unproductive sites".
Quote:
How to block torrent downloading by using a Firewall? Or is there another "simple" way?
I've heard that it's better just to allow regular ports (80, 22, 465, etc...) then block all the rest, this way, you can prevent unnecessary ports.
I'm not an Iptables/Firewall expert so can you pls. explain it a bit more detailed if that's the case.
I'm also aware of just telling our users NOT to download torrents, but I just want to prohibit it entirely.
I know I will be the most "uncool" employee in our office.
View 9 Replies
View Related
Feb 23, 2010
I am looking to redesign my network which I'll get into bellow but basically i am looking to setup an transparent/bridged firewall with squid and dansguardian. However, I want to require LDAP authentication to access internet. You'll understand why from diagram below.
My question is, since bridged firewalls operate at layer 2 and have no/require no IP address, can you access higher layered apps with them? Example would be to have the proxy authenticate to LDAP system to check for valid user and valid net permissions, server has to somehow send a reply back, so without an IP, this can't happen right.
Below are two designs I am looking into implementing. Everything Internally will be Authenticated against LDAP with a small possibility of some public servers using LDAP too, but in my way of thinking anything using LDAP would should be behind the router on private link. FYI, the PROXY and the Linux Router would be two physically separate systems. So I guess my second question would be, can systems outside private network access limited internal services securely and be restricted at the same time?
Code:
Option 1:
(TRANSPARENT)
------------ -------------
| CBL MODM | ---------> | PROXY/FW |
------------ -------------
[code]....
View 4 Replies
View Related
Dec 3, 2010
.i need to configure squid in my company how to install and configure squid in my SUSE server...
View 2 Replies
View Related
May 18, 2010
I am learning to setup firewall in my home for that i have selected four system(sys1,sys2....sys4) for testing .I have configured sys2 to act as a firewall with two NIC. sys3 and sys4 are inside the firewall . sys1 is not connected to firewall for testing purpose.
the IP assignments are follows :
sys1 : ( fedora, not connected to firewall i am thinking, But i am not sure )
IP : 192.168.2.1 ,
gateway : blank
dns1 : blank
dns2 : blank
sys2 firewall ,IPTABLES )
code....
what happened is that sys1(not connected to firewall) can ssh to sys4(connected,inside firewall),since the rules are written not to ssh form sys1 to sys4..
then I came to know whatever the request I give, It directly goes as sys1 --> sys4. Not as sys1-----> sys2(firewall)---> sys4 .and the firewall is not filtering and processing anything for both inbound and outbound (i think it's my mistake some where). the requests are directly going inside without firewall.
View 3 Replies
View Related
Dec 1, 2010
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
View 1 Replies
View Related
Apr 20, 2011
I am running Maverick (desktop edition - don't like the netbook remix) on my Acer Aspire One AO532h. I can deal with not being able to print, but not being able to get on my secure wireless network is getting to be a bother.I have AT&T DSL and am using an AT&T 2701HG-B 2Wire Wireless Gateway DSL Router Modem. If I had known that this particular 2Wire router-modem was so crappy, I'd have bought my own and tried wrestling around with that.I recently secured my wireless network and had to change the encryption from WEP to WPA so my iPad could get on it. Both my Mac desktops, the iPad, and an old Windows laptop are working fine, but not my Acer (or my XBox, for that matter). I've searched and searched for a solution and called AT&T (no Linux support :), all to no avail.
When I try to connect to my network, it goes and goes and either says that it can't connect, or shows that I'm connected, but with no signal/net capability.
View 4 Replies
View Related
Jan 9, 2010
The problem is: after i typed: cat </dev/urandom (i think it inserted a controll character where i cant find it)at my bash prompt (sh and python are fine) and only once per prompt before the line should break it just starts at the beginning of the same line and overwrites itsself (only on the screen its interpreted as typed) .This really bugs me because i love working with bash and i don't want to reinstall the system.I tryed reinstalling bash and readline without success.is there any config files i could check? my PS1=e[44m[e]0;u@h: wa]${debian_chroot:+($debian_chroot)}u@h:w$ e[0m
View 3 Replies
View Related
Jun 6, 2010
however, until this morning I had only been using my wired connection with no problems but when I tried to connect to my home's WPA secured wireless network, it just would not connect. The network manager sees the network and when I click on it, a window pops up asking for authentication. I enter the passphrase, but still it will not connect. I'm using a Lenovo X61 LAPTOP (not tablet).
View 5 Replies
View Related
Aug 26, 2010
I used to be able to connect to my uni secure access vpn by navigating to the appropriate page, logging in and clicking "start" by "Network Connect" etc. etc.
After an update to firefox it had been failing, giving me a "session timeout" MsgBox. I have tried clearing history etc and reinstalling firefox. I have also tried different browsers with no success.
So, I have since upgraded to 9.10 and now I get "Setup Failed, Sorry" in the bottom left of the screen (where "Done" is displayed once a page has loaded)...
I am now trying a different approach. I have downloaded ncui-6.5R2.i386.rpm and unpacked it fine. I have tried running it, without success and have also run the diagnostic - I will post results below:
When I try and run ./ncsvc I get the following:
Code:
ncsvc> Failed to setuid to root. Error 1: Operation not permitted
So I did a sudo ./ncsvc , which gives:
Code:
mkdir(/root/.juniper_networks) failed: Permission denied
I am pretty sure that my password above is correct - I re-tried it and got the same message... I can definitely do, e.g., sudo apt-get update fine.
I then ran all of the tests available in ncdiag (./ncdiag -A) which gave the following info which might be useful
Code:
NC Diagnostics for Linux.
Version 1.0.
Release Date/Time: Dec 9 2009 04:36:09
[Code].....
View 2 Replies
View Related
Nov 30, 2010
I am having a small issue with finding and installing an IRC server program for ubuntu 10.10. I would like to know if anybody has any input on what the most simplistic and secure irc server program out there is, and how I would install and configure that said program.
View 1 Replies
View Related
Jun 14, 2010
Why krunner keeps breaking? Sometimes it runs, sometimes it doesn't.
Here's the error message.
Code:
View 2 Replies
View Related
May 10, 2011
I started using 10.10 a few months ago and had very few problems aside from a few minor issues with Wine. I frequently used Skype under 10.10 and it ran perfectly with no issues whatsoever.
Recently I upgraded to Ubuntu 11.04 and well... basically things have just gone downhill from there.
Over the past few days Skype has been ridiculously unstable, I'll be talking to somebody using text chat and it will essentially freeze up. These freezes can occur within minutes of starting Skype and are very infuriating. I am still able to type and send messages but the "message not sent" icon will appear next to each of them and the timestamp on each message will be identical (the messages in question will not send even after a restart of Skype). This problem will persist until I force-quit the application, closing it normally will not work and often I have to restart my computer entirely before it will work again.
I have tried updating to the latest version of Skype to no avail (if anything I think it has made matters worse, but that may just be my imagination.)
I'm not particularly command savvy, just posting on the off chance that anybody has encountered the same problem or has found a relatively simple fix. I don't really want to have to re-install the entire OS just to roll back to 10.10.
View 9 Replies
View Related
May 24, 2011
Is there a way to uninstall all the bloat without breaking ubuntu? It seems like some things (banshee, the calendar, ubuntu one) are integrated with the notifcations and probably other areas too. I think last time I uninstalled them, the calendar was still there in the notifications but clicking a date did nothing, and I'm sure there were other leftover goodies that I didn't take time to find before re-fresh-installing ubuntu. I think ubuntu has a lot of potential as a linux distro, but I'm not interested in their promoted software (i.e. libreoffice)
Another question: when you install an application in windows and then uninstall it, there remain uninstalled changes to your system (leftover icons, links, shortcuts, folders, files, registry entries) like the uninstaller was drunk on the job. Is this fixed in ubuntu or are there remnants of everything you uninstall?Also comments welcome on what you consider both bloat and safe to uninstall.
View 9 Replies
View Related
Mar 24, 2011
I'm trying to set up a secure web tunnel at home I have an Ubuntu box (desktop), a Mac, and a Windows 7 box. I use all of them for different reasons. I want to be able to route traffic from my browser through my Ubuntu box. I have done this before with proxy servers abroad, but I want to do it using ssh and my box at home so I don't have to pay for a service i.e (Secure Tunnel)etc.
I followed the instructions at http://bit.ly/hAnp6u. However, using my Win7 box, after I set the browser part per the instructions, I get no connection from the browser.
View 1 Replies
View Related
Feb 26, 2010
I was wondering how safe is to use rdp to access my linux box. I am a little bit concerning about this issue because as I read on opensuse's web site rdp is "less" secure. The thing is that I do not know how much less is this "less"
View 6 Replies
View Related
Jan 4, 2010
I have a Dell Inspiron 8600 laptop on which I recently installed Ubuntu 9.10. Most things work, but the wireless will not connect to my home wireless network (a Linksys WRT54G). (Cannot see any other WIFI antennas from here, so I don't know if it works on other networks). Ubuntu says I have an Intel PRO/Wireless 2200BG, Kernel Driver ipw2200.
When I try to look for a wireless network, Ubuntu doesn't see any. (Every other computer in the house does, Macs and PCs). I tried Connect to Hidden Wireless Network > New > and filled in the name and the WEP password that the Linksys gave me.When I select Connect to Hidden Wireless Network and select the network that I entered all the information for, the Connect button is always grayed out.
View 5 Replies
View Related
Jan 13, 2010
My brother is trying to connect his laptop to his university's secure wireless network and is running into some problems.
He is receiving the following error messages with private info removed:
kern.log
=========
Code:
Jan 13 09:42:52 laptop kernel: [ 91.744131] wlan0: associate with AP
Jan 13 09:42:52 laptop kernel: [ 91.746454] wlan0: RX AssocResp from REMOVED (capab=0x421 status=12 aid=0)
[Code].....
Also, in my research it appears that people that have Wireless problems often install the linux-backports to see if this fixes the issue.
View 2 Replies
View Related
Jan 16, 2010
I recently ubgraded to ubuntu 9.10 from 9.04, but I had the same problem there. I can see the secure connections, but when I try to connect to them, it tries to connect, works at it for about a minute, and then asks for the password again. This just started a week ago or so. I am new with ubuntu, so while I know that there are terminal outputs I should probably post, I don't know which ones.
View 5 Replies
View Related
Feb 1, 2010
For a Secure Remote Desktop on Ubuntu 9.10 here is how I did it using OpenSSH, FreeNX and a router with DD-WRT v24. Pic of it in use at bottom of post, transferring a file and remote desktop at the same time.
For the purposes of this guide I will use a Desktop as the Server (Host) which is at home. The Client will be a Laptop that I can use to control the Desktop remotely. First you should already be familiar with the Terminal which is where you enter commands (anything in a "Code:" box).
In Ubuntu it is in Applications > Accessories > Terminal In Kubuntu it is usually on the lower left taskbar and is called Konsole I am using Ubuntu so you may have to make some adjustments to this guide if you are not using Ubuntu. Installing OpenSSH (for the rest of this guide I will refer to it as only SSH)
[Code]...
View 9 Replies
View Related
Nov 2, 2010
Does anyone have a way of connecting to a secure network via a bash script?
Code:
#! /bin/bash
sudo su
iwconfig wlan0 stop
iwconfig wlan0 essid NETWORK_NAME
iwconfig wlan0 key NETWORK_KEY
iwconfig wlan0 start
View 2 Replies
View Related
Nov 12, 2010
I have been using Ubuntu for quite a long time and I never got around fixing this particular wireless problem. I have tried Network Manager as well as Wicd. I am never able to connect to a secure network (WPA). When I use Network Manager, it just tries for a long time and gives up. As for WiCD, it again tries for a long time and finally says "Bad Password". Of course, the passkey is correct. When I connect to an unsecured network, it goes through just fine. I have a Dell Inspiron 1545 which uses a Broadcom 43xx Driver.
View 3 Replies
View Related
Dec 28, 2010
I'm having another slight issue. On a clean install of Ubuntu Studio (10.10), I have installed network manager (manually, using .deb packages, one at a time, including all the extra ones it required) and I can only connect to non-secured networks. If I try to connect to our home network (which has WEP security), it sits thinking about it for a while (with the wireless light flashing, indicating it is doing something), but after a while, it asks for the WEP password again. it works fine if I turn the security off
View 1 Replies
View Related
