I connect to the internet at work through an authenticating proxy, and to avoid having to enter the proxy info into every app I use (e.g. firefox, wget, kde, etc) I have set up squid as a local transparent proxy which authenticates and routes all traffic to the work proxy. It has been working fine, but lately I haven't been able to connect to any https sites. I don't think I have changed the configuration, so perhaps it is the result of an upgrade, or something badly configured on my system from the start. I have tried connecting to https sites without squid and iptables and it works fine. My system is Arch linux, and my squid.conf file is: Code:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl Safe_ports port 443# https
[Code]....
I have nessus application is running in the target machine and the url
is https://hostname:8834/ - which is not accessible
But when i login in the target machine via ssh and check that this application and the service is running fine So i think it is blocked by the iptables in the same machine, where the nessus is running
I have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.
On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.
I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.
The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.
I'm running a squid proxy in my ubuntu server, and I must have mess it up with the squid configuration. Users, cannot, access https pages. Can you tell me what to change in my squid.conf, so, to fix this?
Here is my squid.conf (witch is a friends conf, that i have change for my needs...)
in my office i have to block all messenger like yahoo messenger, windows live messenger, i have to block websites like www.yahoo.com, some more web sites. i need guidance through which i can accomplish this task through ip tables or through squid server. i can use squid but i had heard that squid blocks pop and smtp also. squid creates some problem in receiving and sending email. i am using red hat linux 4 box and installed squid having two ethernet card 1 is connected to adsl line and 2 is connected to switch. all clients will have proxy address of this linux box. guys need ur help ASAP.
I need to set up an ip table and a transparent squid proxy as followed: I have 3 machine: Machine 1 works as a squid proxy. It has 2 interface eth1 and eth2.
eth1: 192.168.99.2 (Connect to eth1 of machine 2) eth2: 192.168.98.2 (Connect to eth1 of machine 3)
machine 2 works as a webserver eth1: 192.168.99.4 machine 3 works as a web client. eth1: 192.168.98.4
my responsibility is to send all tcp traffic from machine 3 at port 80 to my squid proxy. In order to fulfill the tasks, I have edited the squid.conf as followed: Code: http_access allow localnet http_access allow localhost and in machine 1, I tried 2 ip tables command: Code: iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to 192.168.99.2:80 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 80 I don't know if it is right or wrong.
I've set up a transparrent squid box with two nics. Eth1 = Internet eth0= LAN +Dchp my question is, can I log the data usage of a skype call. My proxy server already records all http an https requests but doesn't record some programs like skype. I know that it is not http traffic, but can I tell my system to record data use by an ip address over a nic with the help of iptables for example?
I setup squid with transparent proxy and its working, however, when I reboot the server, the proxy server doesnt work unless I run the following.
Code: # squid server IP SQUID_SERVER="192.168.1.1" # Interface connected to Internet INTERNET="eth0" # Interface connected to LAN LAN_IN="eth1" # Squid port SQUID_PORT="3128" [Code]...
I'm having some issues settings up a transparent proxy server, which should allow only regular web browsing (port 80), any other port (including HTTPS (443)) has to be blocked, as well as any other port. Right now, I'm using Debian 6 and Squid3. The server only has one NIC. The topology is like this: Clients <-> Proxy Server + DHCP Server <-> Internet
With this setup, the network does have internet access and the websites I whitelisted are the only ones accesible via browser, however port block is not working, every port is open, hence why trying to access blacklisted websites through HTTPS is possible. Seems to me Squid3 is doing it's job fine, however IPTABLES for some reason seems to be redirecting all the trafic to port 3128 (Squid3 port). I could be wrong, but I've been unable to do anything related to ports with squid3 (either whitelisting or blacklisting).
For Iptables I used: Code: iptables -A PREROUTING -t nat -i eth0 -p tcp -j REDIRECT --dport 80 --to-port 3128 iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT iptables -A INPUT -i eth0 -m tcp -p tcp --dport 22 -j ACCEPT iptables -A INPUT -i eth0 -m tcp -p tcp --dport 3128 -j ACCEPT iptables -A INPUT -i eth0 -m tcp -p tcp --dport 443 -j DROP
I have a mail server on which I would like to block port 25 on my eth0 for everyone except our external spam filter. the problem is that I want our users to be able to connect via port 10025 which is forwarded to port 25, which then is blocked...
is this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
fedora (iptables) eth0 -private :192.168.1.1 eth1 -public : 186.117.50.6 squid proxy 192.168.1.10:3128 my clients range 192.168.2.0/24
how can i make my clients to browse internet only from proxy server my network is NAT 'ed. Please specify a iptable rule to allow internet access for my clients to browse ONLY if they come through proxy server.
My Problem is: I want to stop gmail access without blocking https. Yes in my squid proxy normal [URL].. is not accessible. But gmail recently started https service by which user can still get access to gmail. I DONT WANT TO STOP https CAUSE ITS BEING USING BY OTHER PROGRAMS.
I have tried to configure my iptables to allow only HTTPS connections to the internet. Unfortunately, I didn't get that to work. I configured it like this:
Quote:
iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -t filter -p tcp --dport 53 -j ACCEPT iptables -A OUTPUT -t filter -p udp --dport 53 -j ACCEPT
[Code]....
Of course I am only trying to access websites via HTTPS Still, I was wondering if HTTPS somehow under the hood requires the HTTP port to be open or if my rules are in some other way wrong.
I am trying to configure iptables for only HTTP and HTTPS traffic. I start by blocking all traffic, which works, via:
Code: iptables -F iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP
I then try to allow HTTP and HTTPS on eth0 with these commands, which does not work:
Code: iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
Code: iptables -A INPUT -i eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT After these commands I should be able to access the internet. Does anyone know why this is not working?
I have a fresh installation of CentOS 5 I'm using for a server, and I'm having issues with port configuration. I have iptables running, and it started with no /etc/sysconfig/iptables file. I added a few basic rules (port 53, port 10000 for webmin), saved the file, and restarted the service. I tried connecting to webmin, scanned ports, and traffic was blocked. I set iptables to allow all traffic and restarted the service, and it still showed basically every port as being blocked. It seems port 80 and port 22 work for some reason, even when I tell iptables to block all ports.
I'm not sure what's going on here. Iptables is reading the /etc/sysconfig/iptables file, and if I use lynx localhost:someport it responds as it should according to the file. However, if I try connecting by IP, it's like there's some other firewall or something running that does whatever it's configured to do.....
Strange issue here when trying to verify firewall on Server 8.04. No ftp service running at all on server, but both nmap and netcat report port 21 as being open, even though it isn't.I am 100% sure that port 21 is not actually accessible and iptables rules are fine. Trying to connect to the port fails, yet nmap and netcat seem to report a "false positive"?Have also checked on a number of other servers I'm running, and this "false positive" seems to apply to all of them.
i've got a software that uses a specific tcp port e.g 11111. i want to redirect all the traffic from 11111 to squid port 3128. i'm using the following commands to redirecting:
my ubuntu server has two interfaces. eth0 is for local network (dhcp assigns ips) and eth1 is for internet. my ubuntu server acts as a gateway and as an authentication server for users.
at squid also i have the following configuration regarding my port:
acl myport port 11111 http_access allow CONNECT myport. my squid installation is not transparent as users need to authenticate in order to access the web.
my application is a windows application and of course is not working. i examined the packets with wireshark and i noticed that when the program tries to access the internet, squid replies with err_invalid_request (the packet contains that data). the program is trying to send some plain text via port 11111 and as far as i can image, somehow squid declines the data. i cant get rid off squid as i want to pass the traffic from squid. what is the problem?
I am using squid on my fedora box as a proxy server.By default the iptables (Firewall) service is on.To allow web pages to my client machines i stop the iptable service.
#service iptables stop
By doing it client computers start browsing.kindly how can I add a rule so that without stoping firewall client compter work fine.my perver IP address is 10.1.80.10
I have configured my squid that have a limited access to websites but still some website were accessable vis https so I removed transparent from squid. Now what changes do I have to make in iptbles
We host a web server in which we are hoping to implement some form of traffic redirection based on source IP address, and I am wondering whether the squid proxy built on iptables would be capable of managing this task? Essentially we are trying to redirect traffic from specific set of source IP ranges to a "Your IP has been restricted" type of page at a different IP/FQDN.
I've set up Ubuntu 9.04 (desktop) at home in a lab environment (workgroup rather than domain) and have configured Squid. Everything works fine but, when I took it to the next level and made the proxy transparent, my problems began. I can still access sites (having pointed the XP Pro client to the squid box as the DG) and the sites are logged in /var/log/squid/access.log but I am unable to use Outlook to access my SMTP and POP3. I guess that the setup is blocking ports 25 and 110 and I'll need to configure iptables to forward packets destined for these ports directly to the "real" DG, rather than the Squid box. Here's the set up:
A single NIC (eth0) on 172.19.0.250 / 16 (static) ADSL router ("real" DG) on 172.19.0.1 I executed iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 My squid.conf:
Code: acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl localnet src 10.0.0.0/8# RFC1918 possible internal network acl localnet src 172.16.0.0/12# RFC1918 possible internal network acl mynet src 172.19.0.0/16 [Code]....
