Networking :: Redirecting Ssl Requests With Squid?
Feb 24, 2010
say i have an apache server configured for ssl/non ssl virtual hosts and a proxy configured as follows (see squid.conf)the ssl on each name based virtual host is configured on its own port (only 7 of the domains need this the rest are just media and other insignificant bits of data but domains 1-7 contain forms that require specific personal information that may be technically illegal to transmit without encryption)if any additional information is needed just let me know
domain1 is port 443
domain2 is port 444
domain3 is port 445
i've got a software that uses a specific tcp port e.g 11111. i want to redirect all the traffic from 11111 to squid port 3128. i'm using the following commands to redirecting:
my ubuntu server has two interfaces. eth0 is for local network (dhcp assigns ips) and eth1 is for internet. my ubuntu server acts as a gateway and as an authentication server for users.
at squid also i have the following configuration regarding my port:
acl myport port 11111 http_access allow CONNECT myport. my squid installation is not transparent as users need to authenticate in order to access the web.
my application is a windows application and of course is not working. i examined the packets with wireshark and i noticed that when the program tries to access the internet, squid replies with err_invalid_request (the packet contains that data). the program is trying to send some plain text via port 11111 and as far as i can image, somehow squid declines the data. i cant get rid off squid as i want to pass the traffic from squid. what is the problem?
Squid document says that Squid accepts only HTTP requests but speaks FTP on the server side when FTP object are requested.
We call Squid HTTP and FTP caching proxy server. Does it also caches FTP contents? Is it possible to configure FTP clients to use Squid cache? When we make an FTP request to an FTP site via Squid will it be bypassed?
I have to interfaces eth0(10.0.0.7) and wlan1(10.0.0.8) in my box. An application is listening (say, udp socket) at 10.0.0.7:5888.
Now if someone sends packet at 10.0.0.8:5888, I want to forward them to 10.0.0.7:5888.
I have tried this - iptables -t nat -A PREROUTING -p udp --dport 5888 -d 10.0.0.8 -j DNAT --to-destination 10.0.0.7
But Packets(with destination addr 10.0.0.8) are not received by the application (But they are received by the box, I have checked using wireshark). I have also enabled ip_forwarding.
I've been trying to redirect all outgoing packets (destined for a specified ip address) from my slack box back to itself. I thought this could be done with iptables, but if I fire up wireshark I can clearly see that the packets are getting out to the real server and I'm getting responses from it.
So here's what I tried:
All looks good and fine, and then I even try to visit 194.28.157.42 with firefox (by the way I am running a webserver, that is set to show a page when you visit 127.0.0.1) and I get an error page that reads: 502 Bad Gateway.
I ignored this message to see what the program I'm trying to interrupt does, and when I start wireshark and then start the program that is using that website, I can clearly see that the packets make it to the real 194.28.157.42 and get back responses.
I got it set up in the NetworkManager applet (imported the client.ovpn), but when I connect it sends ALL my traffic through the VPN. I would prefer all accesses to the internet go over my normal default gateway, rather then all the way through to the VPN's default gateway.When I connect through the command line:
Code: openvpn --config client.ovpn I don't have this problem, and accesses to the internet still go over my default gateway on
I had been running my SMTP server with WINE, as the SMTP server software is a Windows-based program (MERCURY), but I cracked the shits with WINE and removed it. Now I am running my SMTP server in a Windows virtual machine.This virtual machine has a different IP address from my host machine, so what I need is for my computer (the host) to redirect incoming traffic on port 25 to the virtual machine at 192.168.56.101 on port 2525.Can someone please help me with it? I think its done with iptables.
I am new to iptables. We have two Squid proxy servers running in "non-transparent mode" (172.16.0.1 and 172.16.0.2). Currently users have to configure the proxy server they want to use by configuring them in their browsers. Recently I saw an example for redirecting web traffic to a single transparent proxy server.
Can anyone modify this rule to accommodate my current setup of two proxy servers running in non-transparent mode. i.e Redirect web traffic to the 172.16.0.1-172.16.0.2 ip range.
I have a firewall ( a pc with debian 5) with 2 internet connections. each connected to a ethernet card (the firewall has 2 ethernet pci cards so it has one connection per card)how can i balance the internet requests from my LAN using this 2 connections?
I have a server (Fedora 12) setup at a client's datacenter and the network is setup to allow me ssh access into the server, but prevents me from opening any connections from the server. However, I need to make http and https request from the server. What I'd like to do is forward all http/https traffic through another machine outside the network.
I've been looking at the documentation for ssh and the various options there and have gotten so far as to enable initiating an ssh connection from the client network back to my machine, but am not sure where to take it from there.
Here are some of the commands I've used so far:
Code:
I'm attempting to bind port 80 to be forwarded through the local machine. I assume I use "ssh -R" to create a dynamic tunnel to forward requests but I must be missing something.
I'm trying to work out a way to inspect/modify dns requests as an advertising filter. Iptables is a good place to do this, but I'm having some problems disassembling the packet. On my dev box, when a DNS reply is returned from a request made on the dev box. I use this rule to route the reply packet through a queue:
Will the rule catch the inbound udp packet with the dns reply in it? I get something in the queue, but it's unintelligible when attempting to disassemble the packet. I don't want to move onto looking at my program until I get some feedback on the rule.
Here's a primitive diagram of what I'm working towards: host ->DNS request->iptables(no outbound rules)-> DNS Server ->DNS Answer ->iptables(queue udp 53 packets) ->inspect packet program-> Allow/Deny -> host processes allowed packets
I have a crawler on my VPS VMWare Server (also tried it on my dedicated server). After many requests about 200.000/6h my network is gone. I use lynx to get any website outside of local network and any site is not responding - also tried to obtain IP address instead of host name - no results. I can get every local site. For example when I am on 190.24.2.1 I can obtain a page which is placed on 190.24.2.5 but obtaining 191.54.23.34 is not possible.I tried many things such as changing TCP timeouts to less, restarting virtual machine and no results. After few hours - 4-5 hours I get network working. It is not working as fast as it should but it is ok.
I am wondering where is the problem. Have I got to configure linux? Am I missing something? Maybe some router stack is blocking my ip? (Other crawlers put on same VPS are working properly, but after 6 hours they also crashes)I also notices that I can get like 30.000 web sites per hour (some with errors, some with no response, some with timeout surely) but this number decreases hour by hour and finally reaches zero.Can you help me and suggest where may ba a problem?My system: Ubuntu 10.04 LTS Server, 1GHz, 512 MB RAM, 5 MB/s.
I'm running wordpress and have gone to the painstaking effort of setting up the ftp server on my 5.3 machine so it can do its own updates and download plugins. However, I've found that if I try to download anything, I get a "unable to resolve host..." error from the script. If I watch Iptraf while making the request, I see all the port 53 requests going to 127.0.0.1. Pings are too.
However, if I ssh in, I can ping and wget and whatever I want all day long and all the DNS requests to go the router (Clarkconnect 3.2 gateway machine). The web browser in the terminal works fine too. What is it about the php scripts that is causing them to misdirect pings and dns requests? I've never seen anything like it and can't find anything on the web about it either.
I have a FC10 installation with GNOME and NetworkManager and a wireless card. Everything works ok. However, when I try and setup gdm to do autologon I get the NetworkManager applet asking for the password for the gnome-keyring to get the wireless details. Since I want to use this machine as a sever this is unacceptable as I won't be around to type in the password. I tried the solution at [URL] but this does not work. I still get the password being requested and the keyring password is the same as the logon password. Can anyone say if there is a workaround that works to get the NetworkManager to be able to read the gnome keyring without having to prompt me for it.
I'm trying to make my wireless router always give me the same ip address every boot (192.168.1.100). I do not have a static ip address from my isp.
Everything I've tried from online help has made my internet break and I'm not even sure what exactly I should be searching for on google.
Ultimately, I'm trying to get my wireless router to forward ftp requests to my computer which shares the network with an xp machine. I think this is the way to go about it.
I recently set up a new web/file server with 9.10 server x64 with 2 NICs and I am trying to configure eth0 to respond to my LAN for internal samba filesharing and eth1 to handle website/ftp requests on my static IP, but whenever eth0 is up the server is not accessible at 173.XX.165.65 for web or ftp but both work fine at 10.1.10.100. When eth0 is down, public IP works fine. I have set /etc/network/interfaces like this:
Code: # The primary network interface auto eth0 iface eth0 inet static address 10.1.10.100
I'm having an issue with a Samba server running on an Ubuntu "server". Technically, it's not a server, it's just an old desktop with Ubuntu 10.04 running it..and I have a few server processes running (ProFTP, Samba, etc.)The Ubuntu server is where I store all of my important files that get backed up to a separate hard drive. I shared folders via Samba, and I use two computers to access the shares. I access the shares with an .sh file I created that uses the mount cifs command to mount to those shares.
It has been working flawlessly for a long long time, up until recently. For the past few days to a week, I will try to mount the shares with no result. In the terminal, the commands just freeze, as if the command is trying to execute, but having network issues.The only way I can get it to work is if I reboot the Ubuntu server, then it maps flawlessly. But a day later, it's back to hanging up when trying to mount.
I've managed to confirm that I can reach my home network via ssh from a remote location through my SMC Barricade when it is directly connected to the desktop machine but when the second router is put back into the chain ssh requests time out. The second router is a Linksys WRT 54GL running the Tomato firmware. The chain looks like this: ISP's router (bridged) --> Barricade -->WRT54GL-->desktop
The Barricade has port 22 forwarded to the Linksys' WAN address and it in turn forwards to the desktop address. It appears that it is a setting on the Linksys firmware that is preventing the remote connection. I've looked through the various settings many times but cannot see anything that would cause the problem.
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address. When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo iface lo inet loopback auto vlan100 iface vlan100 inet static
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
Back in April I set up a Ubuntu DHCP server and a multiple VLAN network [URL] to migrate our various servers, workstations, etc off the 192.168.1.1 /24 network that everything was on because we where running out of address space. I built out the new network and everything worked great except our AD server would never get an IP address from the DHCP server (static reservation) and even if I set the IP statically on the AD server it couldn't ping the gateway and noone could log in. After several attempts to resolve this, including bringing in outside help, we where never able to figure out what the problem was.
Now 6 months later I have time to revisit the issue without effecting the live network. I used Acronis and imaged the AD server last Friday, cloned it on to another box with the same hardware, and put it up on the new network that's been sitting unused for the last 6 months. Today when I statically set the IP on the AD server (which is what I want) it connects and I can ping it's gateway 192.168.1.1 and all the way across vlans to a test sales agent workstation at 192.168.8.xxx on vlan 800 but only if I statically assign the agents station an IP address.
When I try to get an IP address via DHCP it fails as destination unreachable. Nothing has changed in the last 6 months on the DHCP server but now it for some reason can't ping its default gateway 192.168.1.1. All of the config files are the same as they where left from the post linked above aside from the vlan id's used where changed from 1's to 100's (i.e. vlan 3 is now vlan 300) /etc/network/interfaces
Code:
auto lo iface lo inet loopback auto vlan100
[code]....
why it can't reach the gateway, when I do a tcpdump I can see the DHCP requests come in on eth0 but the server never responds and I'm pretty sure its because it isn't "seeing" them since it thinks there isn't a network connection but I don't know how to trouble shoot to find out where the problem lies.
I'm trying to do a SSH connection between my home and work PC both machines are running ubuntu 10.04. I have read all the comunity documentation at [URL] from Work PC. I went on to the web site what is my ip address and noted down the number, From Home i opened a terminal and typed: pnig (ip address). to which their was no reply, now i'm assuming i need to configure the works router to except connection requests, is this Correct?
Also what information do i need from my works network and how do i get it? I understand that I need the routers expernal ip address, but how do i referiance a specified computer after that address? What program do i use in ubunu and how is that information applied to it?
I am using squid to controlling access to the internet all is working fine expect one of the user who is using outside organization portal to connect internet. But whenever he tries to enter in the portal by typing (EXAMPLE)url. Permission denied error from squid occur.
How can i allow this portal in squid. So squid will allow this to access.
My squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
I would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
I have a VPS. I intend to use it as a squid server. I need to know how to configure Squid so it works as a simple proxy server. Don't need authenication etc.
in my office i have to block all messenger like yahoo messenger, windows live messenger, i have to block websites like www.yahoo.com, some more web sites. i need guidance through which i can accomplish this task through ip tables or through squid server. i can use squid but i had heard that squid blocks pop and smtp also. squid creates some problem in receiving and sending email. i am using red hat linux 4 box and installed squid having two ethernet card 1 is connected to adsl line and 2 is connected to switch. all clients will have proxy address of this linux box. guys need ur help ASAP.
http_access allow our_networks we have divided according to floors ,like 1st floor ip range is 10.1.60.0 2nd floor 10.1.70.0 ,third 10.1.80.0 and so on. All IP ping each others successfully.