Ubuntu Servers :: How To Block Torrents By Using Squid Or Firewall
Jan 5, 2010
I've been all around the net and can't find a "simple" answer how to block our LAN users from downloading torrents. Is it really that difficult?
Here's our setup:
1. The Server's Configs:
2. sudo gedit /etc/squid/squid.conf
3. sudo gedit /etc/rc.local (to start Firewall rules on bootup)
4. Server NOT a DHCP Server
5. No other iptables rules are configured, just the above ones.
Before in a 1 NIC setup, I blocked Workstations MAC addresses in the Router + Squid Proxy Server (Not Transparent), it worked, but some Online Java Apps didn't work and users can't send/receive email so I abandoned the method.
Now, I installed transparent Squid Proxy with 2 NIC cards, it works, but workstations can still download torrents! I know Squid doesn't block ports, right? So the answer must lie in Iptables Firewall? I basically use Squid just to deny access to Facebook, Friendster, or other "unproductive sites".
Quote:
How to block torrent downloading by using a Firewall? Or is there another "simple" way?
I've heard that it's better just to allow regular ports (80, 22, 465, etc...) then block all the rest, this way, you can prevent unnecessary ports.
I'm not an Iptables/Firewall expert so can you pls. explain it a bit more detailed if that's the case.
I'm also aware of just telling our users NOT to download torrents, but I just want to prohibit it entirely.
I know I will be the most "uncool" employee in our office.
View 9 Replies
ADVERTISEMENT
Apr 19, 2011
I want to set up Ubuntu Server as a firewall in which I want to direct my internet connection through where Ubuntu Server will block, filter, and monitor anything that come into either three of my computers using the same internet connection. Is this easy to do? sum up the steps that I will have to go through to establish this, and any relevant information, and where I might be able to find necessary information etc. I plan to use ubuntu-10.04.2-server-i386.
View 3 Replies
View Related
Oct 2, 2010
I have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
View 5 Replies
View Related
Feb 19, 2011
I am having trouble with yahoo audio/video voice calls. I am behind squid firewall on WAN. I have asked my IT Admin to open the audio/video ports. He have open the ports but still the audio/video buttons are disabled on chat window.
View 7 Replies
View Related
Feb 23, 2011
Please review my webmin Linux firewall. This is a squid proxy / Firewall / Router. Everything works fine until I change that last line to reject or drop all. Then the traffic behind the firewall that is trying to reach the internet gets borked. I can only assume that something is killing the connections to squid. But everything looks right to me. Here is my prerouting. (please ignore the green box) The red box is the action to be taken following the given rule. But I don't think the problem is in prerouting.
View 1 Replies
View Related
Jan 26, 2011
I have a weird problem here. I'm running ubuntu server 10.10 with Torrentflux. Today I added a torrent file that contained 3 dots in the filename, which was added to the queue, but nothing happend. After some searching on the web I discovered that TF has problems with torrents with 3 dots. After removing the dots, the torrent downloaded just fine.
For some reason now, I'm unable to remove the old torrent from the queue and it keeps showing as "new". Is there a file in which the queue is stored, so I can manualy remove the incorrect torrent-entry?
View 1 Replies
View Related
Dec 24, 2008
in my office i have to block all messenger like yahoo messenger, windows live messenger, i have to block websites like www.yahoo.com, some more web sites. i need guidance through which i can accomplish this task through ip tables or through squid server. i can use squid but i had heard that squid blocks pop and smtp also. squid creates some problem in receiving and sending email. i am using red hat linux 4 box and installed squid having two ethernet card 1 is connected to adsl line and 2 is connected to switch. all clients will have proxy address of this linux box. guys need ur help ASAP.
View 2 Replies
View Related
Jan 2, 2011
I am using Squid as a proxy server red hat Linux.I want to block some specific web sites like facebook,..... under squid .Please guide me that how can i do it and under which header should i write the script ?
View 14 Replies
View Related
May 25, 2010
how to block PC in Squid using Mac Address. I tried as in /etc/squid/squid. conf
acl block arp 00:13:45:d3: 24:e4
https_access deny block
but it give me error as like: - (This is the output of # squid -k parse) aclParseAclLine: Invalid ACL type 'arp' FATAL: Bungled squid.conf line 1234: acl block arp 00:13:45:d3: 24:e4 squid Cache (Version 2.5.STABLE6) : Terminated abnormally
View 4 Replies
View Related
Mar 27, 2009
I want to block gtalk in squid, I have tried blocking ports but it didn't help.
View 2 Replies
View Related
Mar 11, 2011
How I can refuse an outgoing connection on opensuse firewall by default outbound policy is permissive, and the p2p I explicitly deny an outgoing, according to protocol, remote port and local port.
But I can add rules as how to run opensuse firewall rules are permissive only for inbound traffic and so I can not specifically deny an outgoing connection.
Before using fwbuilder is very powerful and configurable but now I'm with suse for convenience but want to know if you can do what I want, if not I will have to use fwbuilder.
View 5 Replies
View Related
May 28, 2010
Link 1 = my network [url]
My network:
Subnet 1
Subnet 2
When someone creates a network loop (a cat 5 cable is plugged into two ports on a switch), the 2 subnet get flooded and become very slow.
How can I prevent subnet 1 from getting flood if someone create a loop on subnet 2.
- eth2 go offline automatically until the network loop is canceled.
View 2 Replies
View Related
May 2, 2010
I have a ubuntu computer set up as bridge between gateway and lan, with the lan connected to eth0 and gateway on eth1.
I'm trying to get it to basically block everything incoming except for the ports i specify, but also allow outgoing traffic. I've found, tried, modified som examples i found on the web, but still it wont block incoming traffic (ie, im still able to reach my webserver)
These are the rules, and i can't figure out why it wont block:
Code:
#!/bin/bash
iptables -F
iptables -X
iptables -I INPUT -i eth1 -j DROP
[Code].....
View 1 Replies
View Related
Feb 23, 2010
I am looking to redesign my network which I'll get into bellow but basically i am looking to setup an transparent/bridged firewall with squid and dansguardian. However, I want to require LDAP authentication to access internet. You'll understand why from diagram below.
My question is, since bridged firewalls operate at layer 2 and have no/require no IP address, can you access higher layered apps with them? Example would be to have the proxy authenticate to LDAP system to check for valid user and valid net permissions, server has to somehow send a reply back, so without an IP, this can't happen right.
Below are two designs I am looking into implementing. Everything Internally will be Authenticated against LDAP with a small possibility of some public servers using LDAP too, but in my way of thinking anything using LDAP would should be behind the router on private link. FYI, the PROXY and the Linux Router would be two physically separate systems. So I guess my second question would be, can systems outside private network access limited internal services securely and be restricted at the same time?
Code:
Option 1:
(TRANSPARENT)
------------ -------------
| CBL MODM | ---------> | PROXY/FW |
------------ -------------
[code]....
View 4 Replies
View Related
Mar 23, 2010
I am having problems while testing out squid proxy server. I just can't get it block anything. So, I'm running Debian lenny on my Virtualbox and Squid on it. I'm having windows 7 on virtualbox too and they can ping each other and the webserver on debian (apache2) is working fine. The problem is i can't get squid to block webpages. I have the correct settings on windows proxy settings, but i'm not so sure about squid. I want to block lets say www . xxx. com for example. So I add to the main configuration file:
[Code]...
View 3 Replies
View Related
Aug 24, 2010
In Iran there is a famous "access denied page" that redirects you to a strange page with a lot of HTML errors and lol, telling you RTFM about ridiculous Internet laws.I want to filter the contents of the page, because the page IP, URL, ... are all unknown.I don't know much about squid configuration scripts.I can read but cannot write
View 1 Replies
View Related
Jan 17, 2010
how to disable the gmail chat? My means to say that when we login to gmail , after that the chat will open, I want to disable that chat. am using Redhat 9 and squid stable 2.5 version. I have tried the things mentioned below, but chat is still working.
[Code]...
View 1 Replies
View Related
Feb 6, 2010
Example I have 3 user list and 3 file with block site names
acl group1 src 192.168.0.2 192.168.0.3 192.168.0.4/24
acl group2 src 192.168.0.5 192.168.0.6 192.168.0.7/24
acl group3 src 192.168.0.8 192.168.0.9 192.168.0.10/24
[Code]...
I've moved your post here to its own thread. Please don't resurrect dead threads. --win32sux
View 1 Replies
View Related
Nov 9, 2010
Does anybody know how to block HotSpotShield in squid or iptables?
View 2 Replies
View Related
Feb 22, 2010
Is it possible to block cyrillic string in squid? If use url_regex - sex it's OK, but when try секс(CYRILLIC alphabet) not working.
View 5 Replies
View Related
Dec 9, 2010
I manage a linux-based network, where some projects are currently under development. Our IT policy states that any email attachment shall be encrypted using GPG. Can I block other attachments using a firewall?
Note: Currently our mail server is not in campus. So I can only use a firewall for this security issue.
View 5 Replies
View Related
Jul 4, 2010
I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies
View Related
Dec 3, 2010
.i need to configure squid in my company how to install and configure squid in my SUSE server...
View 2 Replies
View Related
Feb 22, 2010
I'm looking to setup a web proxy using squid.I already have a hardware firewall NAT'ing device that all the connections go through.I'm planning to install the squid web proxy on a VM (single nic) and place it behind the hardware firewall as below:internet -- modem -- Firewall --switch--squid proxy (192.168.10.100)--client workstation ((192.168.10.200)(client workstation is connected to the same switch as the squid proxy)And on the client workstation's Internet Explorer: Tools->Options->Connection-Lan Settings and check the box for "Use a proxy server for your LAN then type the address of the squid proxy (192.168.10.100) and set the port to 3128. Check the box for Bypass proxy server for local addresses.
View 1 Replies
View Related
Jun 22, 2010
I'm trying to set up the following "server" system. (I say "server" because I'm really running ubuntu-desktop 10.04 LTS):
I have set up Samba and allowed guest access to my /media/Share/data using Windows 7. Everything works great, I can create folders, add files, etc. However I noticed that when I add files or folders via my mapped drive in Windows 7, it defaults to permissions that do not allow Deluge to access them. I realized that if I go back to the server and give it
Code:
sudo chmod 0777 /media/Share/data/(folder or file)
Deluge can now access the files. I don't want to have to modify permissions every time I add a new torrent to Deluge's watch folder which is /media/Share/data/Torrents.
How do I configure Samba (or linux, or windows) to give rwx permissions when I add a file or torrent via windows? And vice versa, if deluge downloads a file and moves it to completed downloads (which I haven't been able to get this far yet) will I be able to access it via Windows 7?
View 3 Replies
View Related
Jun 1, 2010
i had googled a lot n come to know that i need to block dnslookups for these urls httpcs.msg.yahoo.com and webcs.msg.yahoo.com and these should return 127.0.0.1. i havent have DNS configured so tried by making an entry in etc hosts filebut unforunately it didnt worked
View 1 Replies
View Related
May 12, 2010
I have recently configured squid proxy server in rhel5 so now I am able to blocking some websites ok, but still I have one problem how can I block gtalk by using squid proxy, one more thing I blocked gmail so now client xp systems are not logging into gmail but still they using gtalk to chatting the things to others. So ultimately I need to block gtalk also by using squid proxy.
View 2 Replies
View Related
Apr 5, 2010
I have a problem with sites or domain blocking by squid proxy server in rehl 5. I have trying lots of time but i'm not succed.pls help me how to block sites or domain in rhel 5.
View 3 Replies
View Related
Apr 8, 2010
My Problem is: I want to stop gmail access without blocking https. Yes in my squid proxy normal [URL].. is not accessible. But gmail recently started https service by which user can still get access to gmail. I DONT WANT TO STOP https CAUSE ITS BEING USING BY OTHER PROGRAMS.
View 1 Replies
View Related
Jan 7, 2010
i m using centos, i want to block the bit torrent and bit commet like softwares using Squid.
View 1 Replies
View Related
