How can I block access to a certain internet site using ufw? Let's say I want to block access to www.xxx.zzz (IP 1.2.3.4) to any program and user; using iptables I can do
sudo iptables -A OUTPUT -d 1.2.3.4 -j DROP how can I do that using ufw? if ufw can not do this, where should I put this rule to persist it over reboot, without interfering with ufw chains infrastructure?
I am using Squid as a proxy server red hat Linux.I want to block some specific web sites like facebook,..... under squid .Please guide me that how can i do it and under which header should i write the script ?
View 14 Replies View Relatedrunning Ubuntu 10.10 and mozilla and seamonkey... Tried to access a website: [URL] and got the error: The page cannot be displayed You have attempted to execute a CGI, ISAPI, or other executable program from a directory that does not allow programs to be executed. Please try the following: Contact the Web site administrator if you believe this directory should allow execute access. HTTP Error 403.1 - Forbidden: Execute access is denied. Internet Information Services (IIS)
View 1 Replies View RelatedIn one of our network we are using one firewall which works as gateway. All machines are able to access internet through this gateway. There is no filtering and any internet restriction. I would like to setup monitoring system which monitor and log bandwidth and sites access by client machine. Is there any tool which monitor internet access as well as sites which are access from client machines.
View 12 Replies View RelatedSlow access to web site using squid and Internet explorer.I am trying to troubleshoot an issue I am stuck on. We have a website that is loading .htm documents extremely slow when using Internet Explorer 8 behind Squid. When we bypass the proxy and go directly out to the internet all is fast and pages load fine.But when the proxy is on documents will take sometimes up to 6 minutes to load.This issue is only apparent using Internet explorer 8.I do not see the issue when using firefox with Squid.I have tried to use the no_cache directive thinking it may have been the cache but that didn't work either.I am attaching our access.log, store.log and squid.conf.
View 2 Replies View RelatedI am running Ubuntu 9.04 on a laptop (Wireless) and Vista (plugged into router) on a multimedia center. I can watch tv shows from 2 out of the 3 tv network sites that i like. CTV and Global tv stream ok on both systems. however CBC won't work unless the pc is directly plugged in without the router.
View 1 Replies View RelatedTrying to access 67.15.245.6 (its a forum site). I can't get to it from home for over a month now. I can't ping it, but I can ping obvious things like google. Tracert isn't working at all. Once it hits the lightspeed.frokca.sbcglobal.net hop it just dies like ATT isn't allowing traceroutes. I've been using Tor as a work around. About 3 months ago I basically had the same issue with openbittorrent.com's site.
I have a linux server and windows XP box. I can't ping the above IP nor tracepath/traceroute to the IP from my linux box.
I have ATT uverse.
EDIT: The site is hometheaterlounge.com (The IP won't do you much and its just the IP of the site host).
running apache2, i have already created a working sites. using virtual name hosting.but my problem is, i cant access my other sites except my server's localhost from other computer. i dont know what seems to be the problem, can you guys point me where to start looking?
View 2 Replies View RelatedHow I can benefit from a public external IP? Do I need a public IP to access my computer from a remote site?run a tftp server ?
View 1 Replies View RelatedUsing Ubuntu 10.10 I have a VPN account with VPNtunnel.se. I configured everything as described on their site. It uses OpenVPN It connects no problem. However; after it connects instead of having a nice secure connection I have no connection at all! I can't access any site, email, bittorrent all come to a screeching hault. The service works fine in Windows. I'm useless with linux networking.
View 7 Replies View RelatedWhen I'm trying to access my site using Firefox I get this error: "Unable to connect
Firefox can't establish a connection to the server at mysite.com.
-The site could be temporarily unavailable or too busy. Try again in a few moments.
-If you are unable to load any pages, check your computer's network connection.
-If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web."
Then I tried to access my site using Opera and Chrome but I get the same error, that the browsers couldn't connect to it.
The site to which I'm trying to connect is definitely up. (I ask a few people and they can access it and I looked at [url] and it says that my site it's up)
My question is how to block a subdomain of a site. To make it as clear as possible, I'll give an example. I am regularly entering this arbitrary site [URL] which redirects me to this page [URL] and this index.html takes an image from a subdomain which is a subfolder of itself, that is: [URL]. What I am asking is blocking the images to be taken, but not the main page itself, i.e. to block www.somesite.abc/images/ without blocking the overall www.somesite.abc.
My idea was to use the /etc/hosts file by redirecting to loopback address:
Code:
127.0.0.1 www.somesite.abc/images
But it looks as if it doesn't affect things at all. Should I use it another way? Modifying /etc/hosts.deny maybe useful?
Just wondering if it is possible to block web access on a certain ip address with iptables.
Iv seen guides for blocking web traffic on a whole network but i want to just block a single host from accessing the web.
In the office there is a local network with samba+openldap PDC. The local domain name is company.net. The company desided to create a corporate Website on a remote hosting and desided that the site's domain should be company.net which is same as local network's domain name. So now it is not possible to reach that corporate website from within the company's local network because, as I guess, bind9 which is installed on above menioned PDC looks for company.net on a local webserver. Is there a possibility to let people from this local network browse the remote site?
View 1 Replies View RelatedAm working as net admin in an institute.. I have Leased Line connection with Public IP? I configured Red Hat Enterprise Linux 5 as Internet Server. I successfully Configured squid and as well as Internet Gateway in my Internet Server.. All are working fine in my client PC environment.. I have one Series Problem in my all Windows Client Pc.. When I try to surf Microsoft and Any Anti-virus site through squid(port no 3128) is fine?but when I try to surf the same Microsoft or any anti virus site through Linux Internet gateway then I got ?Page can not be displayed error?? but all other sites are surfed well through Gateway.. I felt some spy ware is attacked in my All windows Client PC.. So only it ll block Microsoft or any anti virus site through Linux Internet gateway(default port 80
View 1 Replies View RelatedI'm trying to block a site for a certain time.How to Block(deny) perticuler website in certain times of the day , by using squid ? and it seemed promising.I added the lines to my squid.conf
acl office_time time MTWHF 3:00-21:00
acl bad url_regex "/etc/squid/block.acl
http_access deny bad !office_time
created a block.acl in the same directory and restarted it.
I already have Linux Enterprise 5 system installed with some server packages such as Webmin, Active Directory, Web Server which also act as Internet gateway. Now I want to add firewall functionality to block clients ip accessing internet.
View 14 Replies View Relatedin my network, users has total access to their PCs, so theres a problem to filter (URL, ports,etc.) their virtual machines installed (they can assign self any IP, e.g.)
Id thought about use the MAC prefix in VMware VMs (00:0c:29:*), but i can only found a way through DHCP, and this isn't a good solution (they can assign a static IP to workaround...)
It will be better using firewall (iptables), but I don't found the way to add rules based in MACs with wildcards.
I am having a web server (apache) and 3 sites are hosted in it, named as www.web1.com,www.web2.com and www.web3.com.
I need to restrict www.web2.com to Internet users and allow only to local network. At same time I need to allow www.web1.com and www.web3.com to both Internet and LAN users.
Is it possible to setup apache to normally block an IP from accessing a site until that IP is in a database/file?More or less, I need a login system that another script can add/remove the IPs and the site can be accessed by only those IPs.
View 1 Replies View RelatedI managed to configure my W890i phone to get access to internet through an ubuntu-based computer. It's very easy to use the phone to give internet access to the computer, but the opposite is quite more tricky. For that I've done the following
----On the phone---
-Set the USB network option to "through computer", so that the phone uses the computer's internet connection and not the opposite.
-Decide and set "Shared Network" parameters: user, pasword and workgroup.
-In "conectivity-> internet connection" set "allow local network" to "yes"
----On Ubuntu 10.04---
-Install samba, samba-client, smbfs, smbclient, firestarter and dhcp3-server
-Configure Samba (System-> Administration-> Shared folders): same workgroup as in the phone, add new user (the phone), passwd this new user. In my case the user was called "w890i" and the password given was the same.
-Once the phone is connected to the computer through USB (then select "phone mode"), a new connection appears in NetworkManager: usb0.The aim is to create a shared network that gives internet access to this device. Edit the IPv4 parameters of this new connection, set them to Manual and give an IP adress (192.168.0.1) and a subnet mask (255.255.255.0); the rest of the fields are left empty.Connect this network.
-Set firestarter to use dhcp3: sudo ln -sf /etc/init.d/dhcp3-server /etc/init.d/dhcpd
-Launch firestarter and follow the wizard. Set "allow internet shared connection", choose the device for the primary internet access, and then the device for the shared network (usb0). Then change the settings for firestarter: activate DHCP for local network, set IP to the one we gave before (192.168.0.1).
-Open dhcp3-server config file sudo gedit /etc/default/dhcp3-server And set INTERFACES="usb0"
-Set the policies of firestarter: in incoming connections, allow connections from the IP adress given to the phone (192.168.0.1). Then add rules for the ports that need to be open for this connection. I opened HTTP, HTTPS, SMB, SMTP, POP3, IMAP, IMAPS, DHCP for all the connections in the local network.
-Apply policies and start the firewall.
------------
After all this, the phone can access the internet through the computer. Two problems appeared:
1. I couldn't get access to https sites, like webmails. The phone gave a "communication error". But then I tried with Opera instead of the browser built in the phone's firmware, and I could finally get to https sites.
2. I couldn't retrieve mail, neither POP nor IMAP nor IMAPS. I thought it was a firmware problem again, and I tried out several mobile phone email clients written in java, but none of them worked.
So this is at the moment the problem. If I connect from the phone to the internet directly through 3G, the email clients work for all my accounts. I don't think it's a firewall problem, because the ports are opened for this connection
I connected my laptop running with Ubuntu 11 in the LAN but I couldn't access internet.But I could ping to the other computers connected in the LAN. I tried the same thing with windows 7 in the same laptop and I could access internet.
View 1 Replies View RelatedI've been on a quest to enable full routing through my openvpn tunnel between my office and the colo. Masquerading will work, however it will throw off anything key based and makes a lot of things just more difficult and vague in general. Is there an easy way to do this via iptables? I tried using quagga hoping it would magically solve my problems, however it does not seem to do my routing for me . I just did a basic static route within zebra...
View 3 Replies View RelatedI have three locations with a central office connected to two remote locations. At the central office I run on a cisco asa 5505 two site to site vpns. The remote end of the first site is a checkpoint firewall , and the remote end of the second site is racoon on debian. Both sites are up and working. However, where at the first site traffic goes both ways, at the second site it only works from the central office to the remote office.
For example, I can ssh from a host in the central office to a host in the first remote site (through checkpoint firewall,) then ssh back from that host at the remote office to any host in the central office. In contrast, after I ssh from a host in the central office to a host in the second remote office (through racoon), I cannot see the central office hosts (ping the ip address of a central office host, ssh, etc. all fail.) The vpn settings at the central office (the cisco asa 5505) are identical. So it seems to me that some routing magic is missing on the host running racoon at the second remote office. Where would such setting reside? racoon config files? iptables?
Have no idea what I am doing operating a server. Our programmer got a new job and I am the one who has to take it over. Everything was fine til yesterday. You see I made a control panel to easier update the site www(dot)discoverysound(dot)com
but yesterday when I went to update the site I got an error called fopen. I thought I fixed it (and boy did I ever) but now I cannot get to my site because it says Forbidden You don't have permission to access / on this server. Apache/2.0.47 (Unix) mod_ssl/2.0.47 OpenSSL/0.9.7a DAV/2 PHP/4.3.3RC4-dev Server at www(dot)discoverysound(dot)comPort 80.
I have a linux box (fedora) with two ethernet cards eth1 and eth2. On eth1 I successfully configured a PPPOE internet connection. Such that from the server I can browse the internet. On eth2 I wired it to a wireless router essentially to provide the wireless cloud. On eth2 I also configured dhcp, such that the Linux box is both PPPOE and DHCP server.However my clients on the LAN cannot access the Internet.
On passing the routing command I get
Destination Gateway Iface
196.44.x.y 0.0.0.0 ppp0
192.168.1.0 0.0.0.0 eth2 (my subnet)
0.0.0.0 0.0.0.0 ppp0.
The router (functioning as a wireless access point mainly) has a fixed IP address of 192.168.1.2 and eth2 has IP address 192.168.1.1. The dhcp file running on Linux has been set with option router (Gateway) 192.168.1.1. I cannot figure out how to correctly set the routing table such that my clients on wireless can access the internet cloud. I googled and googled but no solid solution. Any suggestions?
I would like to know the blocking methode In a Firewall or a Router.whether i will be done by Protocol wise, ho? or it will done through Host wise, How ?
View 2 Replies View RelatedI have installed proxy server on ubuntu.I have done every process which is needed to establish proxy server.internet is also working fine through proxy but the sites which needs to be blocked it is not blocking.it is opening.I have made entry of sites which i needed to be blocked in block_dstdomain file in proxy
View 3 Replies View RelatedCould you pleaseme out.I have installed Virtual BOX on windows 7.Ubuntu i have installed on virtual box.Now i want to access internet from the Ubutu VM.
View 5 Replies View RelatedI'm trying Ubuntu 10.04 but I can't figure out how to connect to the Internet. I've run lspci -k & sudo lshw -C. This is the result code...
View 3 Replies View Related
