Networking :: Block IM With Iptables Or Squid?

Dec 24, 2008

in my office i have to block all messenger like yahoo messenger, windows live messenger, i have to block websites like, some more web sites. i need guidance through which i can accomplish this task through ip tables or through squid server. i can use squid but i had heard that squid blocks pop and smtp also. squid creates some problem in receiving and sending email. i am using red hat linux 4 box and installed squid having two ethernet card 1 is connected to adsl line and 2 is connected to switch. all clients will have proxy address of this linux box. guys need ur help ASAP.

View 2 Replies


Server :: How To Block HotSpotShield In Squid / Iptables

Nov 9, 2010

Does anybody know how to block HotSpotShield in squid or iptables?

View 2 Replies View Related

Networking :: How To Block Any Web Site In Squid

Jan 2, 2011

I am using Squid as a proxy server red hat Linux.I want to block some specific web sites like facebook,..... under squid .Please guide me that how can i do it and under which header should i write the script ?

View 14 Replies View Related

Networking :: Block Web Access With Iptables ?

Apr 25, 2010

Just wondering if it is possible to block web access on a certain ip address with iptables.

Iv seen guides for blocking web traffic on a whole network but i want to just block a single host from accessing the web.

View 14 Replies View Related

Networking :: Block The Urls With Iptables?

Feb 22, 2010

I have a server with slackware 12 and i try to block 2 web sites but without success. I write in iptables rules /etc/iptables.conf

iptables -A INPUT -s -j DROP
iptables -A OUTPUT -d -j DROP

but no effect. What rule i must write to block url`s?

View 4 Replies View Related

Networking :: Using Iptables To Block IP Addresses Automatically?

Dec 7, 2009

I want to use iptables to automatically block all IP addresses who send UDP packets with length 11 more than 3 times per 10 seconds.

View 1 Replies View Related

CentOS 5 Networking :: Iptables DOS Temporarily Block IP?

May 5, 2011

I have the requirement that if our website receives 20 or more requests within 60 seconds, to block the offending IP address for 5 minutes, then allow them access again. My only certain mechanism to do this is iptables. I wrote the following series of commands:

iptables -N RATE_CHECK
iptables -N DOSAttack
iptables -N RemoveBlock


I am limited in my testing, but the little I have been able to test seems to be having no effect. will the above commands have the desired effect.

View 4 Replies View Related

Networking :: Https Blocked By Squid / Iptables

Nov 29, 2010

I connect to the internet at work through an authenticating proxy, and to avoid having to enter the proxy info into every app I use (e.g. firefox, wget, kde, etc) I have set up squid as a local transparent proxy which authenticates and routes all traffic to the work proxy. It has been working fine, but lately I haven't been able to connect to any https sites. I don't think I have changed the configuration, so perhaps it is the result of an upgrade, or something badly configured on my system from the start. I have tried connecting to https sites without squid and iptables and it works fine. My system is Arch linux, and my squid.conf file is: Code:

acl all src all
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl SSL_ports port 443
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl Safe_ports port 443# https

View 2 Replies View Related

Networking :: Iptables - Set Up Ip Table And A Transparent Squid Proxy

Nov 10, 2010

I need to set up an ip table and a transparent squid proxy as followed: I have 3 machine: Machine 1 works as a squid proxy. It has 2 interface eth1 and eth2.

eth1: (Connect to eth1 of machine 2)
eth2: (Connect to eth1 of machine 3)

machine 2 works as a webserver
machine 3 works as a web client.

my responsibility is to send all tcp traffic from machine 3 at port 80 to my squid proxy. In order to fulfill the tasks, I have edited the squid.conf as followed: Code: http_access allow localnet http_access allow localhost and in machine 1, I tried 2 ip tables command: Code: iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j DNAT --to iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 80 I don't know if it is right or wrong.

View 7 Replies View Related

Fedora Networking :: Block App Using Iptables / Rope Scriptable Method?

Oct 27, 2010

I Need to know how to block this applications using iptables or ROPE scriptable Method..?..

1.Web navigation
2.Electronic mail
3.FTP transfers
4.Video traffic (multicast video stream and unicast video stream)
5.VoIP service
6.Instant Message (MSN and yahoo messenger�etc)
7.Management service (TR-069 and SNMP)

View 6 Replies View Related

Ubuntu Networking :: Iptables: Block Incoming And Allow Outgoing Traffic

Jan 6, 2011

I need to configure iptables to block incoming traffic (except specific ports), but allows all outgoing traffic.

I am able to block incoming traffic, but doing so also prevents outgoing traffic (tested by telnet [URL] 80)

The following was used:

iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP

Also, even allowing NOT SYN requests still prevents outgoing traffic.

iptables -I INPUT 1 -p tcp ! --syn -j ACCEPT

Another point:

# modinfo ipt_state
modinfo: could not open /lib/modules/2.6.18-028stab070.14/modules.dep

How to install ipt_state module on ubuntu?

View 2 Replies View Related

Networking :: Block This Applications Using Iptables - ROPE Scriptable Method?

Oct 27, 2010

I Need to know how to block this applications using iptables or ROPE scriptable Method..?..

1.Web navigation
2.Electronic mail
3.FTP transfers
4.Video traffic (multicast video stream and unicast video stream)
5.VoIP service
6.Instant Message (MSN and yahoo messenger�etc)
7.Management service (TR-069 and SNMP)

View 1 Replies View Related

Networking :: Logging Skype Data Usage In Squid / Iptables

Feb 3, 2010

I've set up a transparrent squid box with two nics. Eth1 = Internet eth0= LAN +Dchp my question is, can I log the data usage of a skype call. My proxy server already records all http an https requests but doesn't record some programs like skype. I know that it is not http traffic, but can I tell my system to record data use by an ip address over a nic with the help of iptables for example?

View 1 Replies View Related

Networking :: Squid And IPTABLES - Transparent Proxy Doesn't Work

Jan 12, 2011

I setup squid with transparent proxy and its working, however, when I reboot the server, the proxy server doesnt work unless I run the following.

Code: # squid server IP
# Interface connected to Internet
# Interface connected to LAN
# Squid port

View 6 Replies View Related

Networking :: SQUID Intercept IPtables - Whitelisting Ports And Sites

Jul 6, 2011

I'm having some issues settings up a transparent proxy server, which should allow only regular web browsing (port 80), any other port (including HTTPS (443)) has to be blocked, as well as any other port. Right now, I'm using Debian 6 and Squid3. The server only has one NIC. The topology is like this:
Clients <-> Proxy Server + DHCP Server <-> Internet

With this setup, the network does have internet access and the websites I whitelisted are the only ones accesible via browser, however port block is not working, every port is open, hence why trying to access blacklisted websites through HTTPS is possible. Seems to me Squid3 is doing it's job fine, however IPTABLES for some reason seems to be redirecting all the trafic to port 3128 (Squid3 port). I could be wrong, but I've been unable to do anything related to ports with squid3 (either whitelisting or blacklisting).

For Iptables I used:
iptables -A PREROUTING -t nat -i eth0 -p tcp -j REDIRECT --dport 80 --to-port 3128
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 443 -j DROP

Squid3 config:
acl manager proto cache_object
acl localhost src ::1
acl to_localhost dst ::1
acl Safe_ports port 80 # http
acl whitelist dstdomain "/etc/squid3/whitelist"
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny !whitelist
http_access allow localhost
http_access allow all
http_port 3128 intercept
hierarchy_stoplist cgi-bin

View 2 Replies View Related

Networking :: Iptables + Squid + Dansguardian - Boxes Will Act As A INTERNET Firewall + Filtering?

Jan 14, 2011

is this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of

2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of connected to the ETH1 of the 1st PC with ip address of and 2nd ETH1=connected to LAN (

does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN network. And also to confuse them that they have to pass through - 2.

View 3 Replies View Related

Networking :: Squid With Iptables - Make Clients To Browse Internet Only From Proxy Server?

Jun 14, 2010

i have the following ip assignments

fedora (iptables)
eth0 -private :
eth1 -public :
squid proxy
my clients range

how can i make my clients to browse internet only from proxy server my network is NAT 'ed. Please specify a iptable rule to allow internet access for my clients to browse ONLY if they come through proxy server.

View 1 Replies View Related

General :: Block Mac Address On Squid?

May 25, 2010

how to block PC in Squid using Mac Address. I tried as in /etc/squid/squid. conf

acl block arp 00:13:45:d3: 24:e4
https_access deny block

but it give me error as like: - (This is the output of # squid -k parse) aclParseAclLine: Invalid ACL type 'arp' FATAL: Bungled squid.conf line 1234: acl block arp 00:13:45:d3: 24:e4 squid Cache (Version 2.5.STABLE6) : Terminated abnormally

View 4 Replies View Related

Software :: Any Way To Block Gtalk In Squid

Mar 27, 2009

I want to block gtalk in squid, I have tried blocking ports but it didn't help.

View 2 Replies View Related

Security :: Iptables To Block Ip From Ftp?

Mar 6, 2010

Is this how I would do that?

iptables -A INPUT -p tcp --destination-port 21 -d ! -j DROP

This should block all incoming connections on port 21 from, correct? Thus preventing that IP from logging into my FTP.

View 1 Replies View Related

Debian Configuration :: Can't Get Squid To Block Webpages?

Mar 23, 2010

I am having problems while testing out squid proxy server. I just can't get it block anything. So, I'm running Debian lenny on my Virtualbox and Squid on it. I'm having windows 7 on virtualbox too and they can ping each other and the webserver on debian (apache2) is working fine. The problem is i can't get squid to block webpages. I have the correct settings on windows proxy settings, but i'm not so sure about squid. I want to block lets say www . xxx. com for example. So I add to the main configuration file:


View 3 Replies View Related

General :: Block A Specific Content Using Squid?

Aug 24, 2010

In Iran there is a famous "access denied page" that redirects you to a strange page with a lot of HTML errors and lol, telling you RTFM about ridiculous Internet laws.I want to filter the contents of the page, because the page IP, URL, ... are all unknown.I don't know much about squid configuration scripts.I can read but cannot write

View 1 Replies View Related

Security :: Gmail Chat Block By Squid?

Jan 17, 2010

how to disable the gmail chat? My means to say that when we login to gmail , after that the chat will open, I want to disable that chat. am using Redhat 9 and squid stable 2.5 version. I have tried the things mentioned below, but chat is still working.


View 1 Replies View Related

Security :: Squid - Block Different Users Different Sites?

Feb 6, 2010

Example I have 3 user list and 3 file with block site names

acl group1 src
acl group2 src
acl group3 src


I've moved your post here to its own thread. Please don't resurrect dead threads. --win32sux

View 1 Replies View Related

Server :: Block Cyrillic String In Squid?

Feb 22, 2010

Is it possible to block cyrillic string in squid? If use url_regex - sex it's OK, but when try секс(CYRILLIC alphabet) not working.

View 5 Replies View Related

Fedora Security :: Iptables - Block Everything From Getting In My Pc

Mar 17, 2009

What i wanted to do was block everything from getting in my pc but still be able to surf the web and still use instant messenger.

View 2 Replies View Related

Ubuntu :: How To Block All Outgoing With IPTables

May 10, 2010

I want to block all outgoing traffic with iptables and only allow a few specific websites. I would like to get the code to do so and also to revert the changes in case I want to unblock them.

View 1 Replies View Related

General :: Block And Allow IP Using Iptables In RedHat 4.0?

Aug 3, 2009

I have blocked below IP by using iptables command in RedHat Linux 4.0.


iptables -A INPUT -s -j DROP

It's now totally blocked and can't get access into web or internal network. how I can un-block that IP, so that it can again starts it's normal operation.

View 2 Replies View Related

Ubuntu Servers :: How To Block Torrents By Using Squid Or Firewall

Jan 5, 2010

I've been all around the net and can't find a "simple" answer how to block our LAN users from downloading torrents. Is it really that difficult?

Here's our setup:

1. The Server's Configs:

2. sudo gedit /etc/squid/squid.conf

3. sudo gedit /etc/rc.local (to start Firewall rules on bootup)

4. Server NOT a DHCP Server

5. No other iptables rules are configured, just the above ones.

Before in a 1 NIC setup, I blocked Workstations MAC addresses in the Router + Squid Proxy Server (Not Transparent), it worked, but some Online Java Apps didn't work and users can't send/receive email so I abandoned the method.

Now, I installed transparent Squid Proxy with 2 NIC cards, it works, but workstations can still download torrents! I know Squid doesn't block ports, right? So the answer must lie in Iptables Firewall? I basically use Squid just to deny access to Facebook, Friendster, or other "unproductive sites".


How to block torrent downloading by using a Firewall? Or is there another "simple" way?

I've heard that it's better just to allow regular ports (80, 22, 465, etc...) then block all the rest, this way, you can prevent unnecessary ports.

I'm not an Iptables/Firewall expert so can you pls. explain it a bit more detailed if that's the case.

I'm also aware of just telling our users NOT to download torrents, but I just want to prohibit it entirely.

I know I will be the most "uncool" employee in our office.

View 9 Replies View Related

Red Hat / Fedora :: Want To Block Yahoo Web Chat Through Dansgurarian(squid)?

Jun 1, 2010

i had googled a lot n come to know that i need to block dnslookups for these urls and and these should return i havent have DNS configured so tried by making an entry in etc hosts filebut unforunately it didnt worked

View 1 Replies View Related

Copyrights 2005-15, All rights reserved