Server :: Internet Access Only For Specific IP Addresses In LAN

Feb 20, 2010

I have configured squid server and it is working fine. I want that only specific ip addresses in my LAN should be able to access internet and for that I have given these entries in access control lists in squid.conf file:

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin ?
acl apache rep_header Server ^Apache
acl our_networks src 192.168.0.181/255.255.255.0 192.168.0.182/255.255.255.0

And in http access I have given this:
http_access allow our_networks
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all

In this I want that only 192.168.0.181 and .182 should be able to access internet but Now the problem is that all the IPs in the LAN like 192.168.0.20 are also able to access internet. What changes I need to do to allow access to specific IP addresses. I am not using any firewall or iptables entries and i am manually changing in the firefox at client side to access internet.

View 3 Replies


ADVERTISEMENT

Security :: Iptables - Limit Access To Port 8443 On Server To 2 Specific IP Addresses

Dec 23, 2010

I'm trying to limit access to port 8443 on our server to 2 specific IP addresses. For some reason, access is still being allowed even though I drop all packets that aren't from the named IP addresses. The default policy is ACCEPT on the INPUT chain and this is how we want to keep it for various reasons I wont get into here. Here's the output from iptables -vnL

[Code]...

Note the actual IP we are using is masked here with 123.123.123.123. Until I can get everything working properly, we're only allowing access from 1 IP instead of 2. We can add the other one once it all works right. I haven't worked with iptables very much. So I'm quite confused about why packets matching the DROP criteria are still being allowed.

View 10 Replies View Related

Server :: Bind Apache To Specific IP Addresses?

Nov 28, 2010

I have the following in my httpd.conf file

Code:
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive. Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#Listen 12.34.56.78:80 Listen 80

And when I try to start the server, I get the following

Code:
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80. I did have an Apache web server up and running about 6 or 7 years ago - but seem to have lost everything

View 4 Replies View Related

Fedora Networking :: Can't Access Internet With Web Addresses ?

Jul 7, 2010

I installed Fedora 13 on my laptop today after deleting a badly screwed up Windows XP partition. Everything installed smoothly even my Broadcom drivers but I can't seem to figure out how to get Firefox to access the web with a URL.

I can ping Google, and can get to it in Firefox if I use the IP address from the ping, but going to [url] in Firefox will give me an error message about not being able to find the server at the web address. I was also able to update from the terminal with yum update just fine. I've tried searching Google for some answers, and maybe I just can't phrase my query right, but I found nothing that I could use to try and fix my problem.

I've attached a HardInfo report which I hope could be useful if you need to know what my hardware is (an HP Pavilion zv5000 laptop).

View 9 Replies View Related

Networking :: Cannot Access Public Web And Mail Server From LAN Addresses

Aug 5, 2009

I have two nagging problems on one network which I do not have on another elsewhere, both using uptodate Debian servers. The server is on the private subnet behind a router/adsl modem. The symptoms of the one which does not work

1) Users cannot access their web site from lan. If they try, they get to the router web interface, same as if they entered http:10.0.0.138 which is the router's lan address.

2) Users cannot access smtp or pop3 service using the domain name, they can access it only using the servers LAN address.

I fear that I might have not set up the router properly because appart from that the two servers are almost identical but I do not know where I might have made an error.

View 14 Replies View Related

General :: PPPOE Server Access Internet Clients Fail To Access Internet

Aug 26, 2010

I have a linux box (fedora) with two ethernet cards eth1 and eth2. On eth1 I successfully configured a PPPOE internet connection. Such that from the server I can browse the internet. On eth2 I wired it to a wireless router essentially to provide the wireless cloud. On eth2 I also configured dhcp, such that the Linux box is both PPPOE and DHCP server.However my clients on the LAN cannot access the Internet.

On passing the routing command I get
Destination Gateway Iface
196.44.x.y 0.0.0.0 ppp0
192.168.1.0 0.0.0.0 eth2 (my subnet)
0.0.0.0 0.0.0.0 ppp0.

The router (functioning as a wireless access point mainly) has a fixed IP address of 192.168.1.2 and eth2 has IP address 192.168.1.1. The dhcp file running on Linux has been set with option router (Gateway) 192.168.1.1. I cannot figure out how to correctly set the routing table such that my clients on wireless can access the internet cloud. I googled and googled but no solid solution. Any suggestions?

View 3 Replies View Related

Programming :: Comparing Two IP Addresses - Specific / Restricted

Mar 25, 2011

I want to compare 2 IP addresses, so that I may compare which is more/less "specific" or "restricted" than the other. So is there any function/library that may help in doing this comparison in C (on Ubuntu 10.10)?

View 1 Replies View Related

Server :: Allow Access To Specific Files Only?

May 12, 2011

I want to restrict the type of files that can be accessed on my web server.For example only flash movies (SWF files) and one specific PHP file.I can think of a number of ways of doing this:1. Linux file permissions, but since the SWF files need to access various PHP files and those PHP files need access to other files themselves that may not work.2. Using mod_rewrite if that is possible, I don't know as I have never used it.

View 1 Replies View Related

Server :: Allow Specific IP To Access A Download On Squid?

Feb 28, 2010

i have been studying linux for 3 month ,so i have solved some problems related with server part.The problem i have is the squid access.Can I allow some IP's to download files on squid.I mean i already give access to download by reply_body tag,andwant to give permission only one specific IP for unlimit access to download.Is there any solution

View 3 Replies View Related

CentOS 5 Server :: Allow Only Specific LDAP Group Access?

Apr 26, 2010

I've several servers (windows+linux) that authenticate to an LDAP server. There is one machine that I would like to allow only certain groups from LDAP server to have access and I am not sure where to start.

If that cannot be done, is it possible to disable LDAP root user to access these machines?

View 4 Replies View Related

Networking :: NAT With Multiple Internet Addresses

Mar 8, 2010

My Linux gateway has multiple address to internet:
eth0 = 76.148.200.3
eth0:0 = 76.148.200.4
eth0:1 = 76.148.200.5
and it's own gateway which is 76.148.200.2 (probably not relevant) and I also have which is not internet, but local:
eth0:2 = 192.168.0.1 netmask 255.255.255.0

They all work fine and tested. Now I am sharing the internet through eth0 (76.148.200.3) to 192.168.0.1/24 and that's working fine. The script I use to do that is here...

Code:
#!/bin/sh
echo 1 >/proc/sys/net/ipv4/ip_forward
echo 1 >/proc/sys/net/ipv4/ip_dynaddr
iptables -t nat --flush
iptables -A FORWARD -i eth0 -d 192.168.0.1/24 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -s 192.168.0.1/24 -o eth0 -j ACCEPT
iptables -A FORWARD -j LOG
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Now all I want to change in the script is to share it through 76.148.200.4 (eth0:1) instead of what is already sharing through 76.148.200.3 (eth0). I am sure this is easy but can't work it out and iptables doesn't accept 'aliases'. How I can do this by modifying this script?

View 5 Replies View Related

Ubuntu Servers :: Can't Access A Few Addresses?

May 28, 2010

I am having an issue on my server where I can't access certain ip's erratically. These addresses could previously connect to us.I think it may be related to getting rootkitted. I know the risks in not reinstalling but we are not able to install yet at this point. I cleaned out shv4 and shv5 from the os and setup tripwire. The client can't ping the server and likewise back.From my personal computer they both respond to pings.The server is running denyhosts but that is about it in-terms of security.I can't find anyhting anywhere... No ipchains present, nothing in host.deny, subnet is 255.255.255.0.I'm really at a loss so I'm looking for some direction

I know someone is going to tell me that I have to assume all my files are compromised and i should reinstall; I did md5 checks on alot of files and there is no data on here that shouldnt get out and I check for stuff running that shouldn't be daily.The server is 10.04 server. Latest updates.Here is a list of installed packages

Code:
adduserinstall
anacroninstall

[code]...

View 4 Replies View Related

Server :: Sendmail: Block Specific Sender To Specific Recipient?

Oct 1, 2009

I'm trying to configure our mail server to block email from a specific sender reaching a specific recipient. In other words, if one of our employees is getting harassed by a 'stalker', how would one go about blocking, at the MTA (Sendmail) level, a specific sender email address from reaching a particular users inbox? We do not want to capture the email - simply block it before it consumes server resources.The Sendmail server (MTA) is a front end to our Exchange server so no user accounts exist on the Linux server. We simply use it as a SPAM and Virus scanner then forward clean email to the Exchange server.

View 6 Replies View Related

Server :: Local Dns Server With No Internet Access

Oct 1, 2009

In my computer networking class I have the option of doing a project where I set up a dns server for our classroom network. The problem is that this network is totally separate from the school network and we aren't allowed to connect it to the internet. I want all the machines to ping each other by name instead of ip using dns instead of host files on all 20 computers. I read on a site somewhere that you cannot do this because the dns queries will always go to the root servers. Is this correct? Is there some way I can do this using dns? The machine in question is using Ubuntu 9.04.

View 1 Replies View Related

Ubuntu :: Access Server From Internet?

Nov 2, 2010

Ok i want to access my server from internet, ok I have checked with my mobile internet provider (3) they say they dont block any ports, is it just a case of letting the firewall let external access to pc? ( no router just mobile dongle)And do i just ssh into external ip on ssh port

View 2 Replies View Related

Server :: How To Get Remote / Internet And LAN Access

Jul 15, 2010

Is there a safe way for me to configure my server for access from any internet connection as well as from my home/office LAN? I'd like to be able to access file shares, webmin, the router console behind my Gateway for maintenance purposes. Access to Server Desktop itself would be a bonus.

View 12 Replies View Related

CentOS 5 :: Can't Seem To Access The Internet From 5.4 Server

May 20, 2011

I am using a CentOS 5.4 server for Snort (it's actually using the easyIDS config). I'm trying to modify some things, and I've noticed that I can't seem to download any files. WGET, FTP, etc... all just time out. It's not a network firewall issue, as I've been monitoring the logs and see no blocked traffic, and other machines on the subnet can get outside with no problems. I checked the Cent firewall using the setup command, and it says it is disabled as well. I'm very new to linux, so I'm wondering how I can troubleshoot this? The wget and ftp errors just say the connection timed out, but I'm not sure why.

View 2 Replies View Related

Networking :: Dropping Internet Connection / Strange IP Addresses?

Oct 17, 2010

I usually start up my Internet service by typing ./rc.inet1. While its connecting I usually see my routers ip address then I connect and I start browsing and everything is fine. A few times I noticed that instead of seeing the routers address it showed some other address and I could not get online. I try ./rc.inet1 stop and renew but still cannot connect, I reboot and I then see the router and I can connect. I am using slackware13, and opera10 browser.

View 6 Replies View Related

Ubuntu Networking :: Get Internet Access To Server?

Jun 19, 2011

I have a server that was set up by a friend so I have a location to save all my documents for work in a RAID array.

It is on a static IP address, I can ping the hub and other computers on the network absolutely fine.

I can't connect to the internet, the router in question is a Netgear CG3101D. Logging into the router I can see that the server is a trusted device and in all the parameters are the same as other computer running Ubuntu Studio.

Does anyone have any tips of how I can find out how to find what is wrong?

It is Ubuntu 10.04.2 LTS (Lucid).

View 3 Replies View Related

Ubuntu :: Can't Access Internet On Server Setup

Jul 8, 2011

First off - I'm running 11.04 as a VPS on an OpenVZ.

I've set up a very basic environment of LAMP + mail server. Installing apache, php, mysql and proftpd all went fine, but whenever I install iRedMail (which is postfix + dovecot + clamav and few more packages) I lose the internet connection.

Although the server is easily reachable by ssh and http, I can't connect anywhere from the server. At first I thought it only had issues with resolving domain names, but now I see it doesn't even ping IPs as well.

Code:
# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1

[Code]....

View 1 Replies View Related

Networking :: Access Server And Internet Through WiFi

Jan 15, 2011

I have install centos 5 in my dell laptop, now i want to configure and run wifi to access internet through wireless.

View 5 Replies View Related

Networking :: Ubuntu Server Can't Access Internet ?

Jan 2, 2011

I'm setting up an old box as a dedicated file-sharing server on the LAN as well as an internet web server for my personal web site but I have no network connection. My computer is connected to a router which is connected to my DSL modem. The router has the Ubuntu box's MAC address as well as a Win7 box, which connects to the internet fine.

Here is what I've tried:

1. Check routing table

Code:

2. Try to add a default gateway to the internet on eth2, this happens:

Code:

3. I edited resolv.conf, which was empty, adding:

4. I edited /etc/network/interfaces as follows:

Code:

Then I type the following:

Code:

And it keeps doing this endlessly because it's not finding the DHCP server, presumably...? This didn't solve the problem and so I attempted another configuration:

Code:

Still, not internet connection and no ability to apt-get anything (says packages not found)

So, this didn't work either. What I've tried should work, especially the route command. Now why won't it work?

View 13 Replies View Related

Server :: Giving SSH Access To Machines On LAN From Internet?

Mar 7, 2011

I am having a server in a corporate data centre. There are some virtual machines running on it.The main server is accessible from internet via SSH. There are some people who within the lan access the virtual machines whose IPs on LAN are

Quote:
192.168.1.1
192.168.1.2
192.168.1.3
192.168.1.4

from internet only one host is allowed SSH. This machine has public IP and is also connected to LAN on the IP 192.168.1.50. Tunnel is not allowed on our network.So now I am came across a solution as explained on this link. I am not clear with on which machine .ssh/config file I add following

Code:
Host securehost.example.com ProxyCommand ssh user1@insidemachine.com nc %h %p Should above be done on gateway where public IP and ssh is allowed or client on internet who has to login. Do I need to create separate accounts on the gateway also so that the users who can SSH to gateway then are forwarded to inside machines? Or one account on gateway is sufficient for different people logging in via internet to my gateway and then forwarded to internal machine?

Then do I need to create an account user1 on the gateway also?

1) What is the correct syntax for ProxyCommand on gateway's .ssh/config should I use

Code:
ProxyCommand ssh user1@inside.machine nc %h %p
or I should use
Code:
ProxyCommand ssh user1@gateway.com in nc %h %p

2) Should I create new user accounts on gateway also which exist on internal machine?

View 4 Replies View Related

Server :: Internet Access Via Squid Proxy

Apr 28, 2010

Centos 5.4 distro using on remote machine. I have remote site where internet access given via squid proxy. So when we enter in browser it start working internet fine. But on command line (bash shell prompt terminal) like wget, ping, nslookup, traceroute etc., these commands does not work.

View 6 Replies View Related

Server :: Squid Internet Access Getting Slower?

Jul 24, 2010

I've a SQUID proxy server installed in SUSE 9.0 ES server. I've created cache dirs on seperate partitions for better caching. Its working fine. But since last 15-20 days, i've experienced very slow net access to clients. I've gone through the /var/log/messeges file, it generates a two line error messeges

client read request fd602 invalid request
parse http request: unsupported method;HET

This messege increases as the number of clients increates (for internet access). The apperance of error messege lowering down as soon as the number of clients reduces.

As the count of clients increases error messeges increases, internet access getting slower and slower.

View 1 Replies View Related

Server :: User Access Control To Internet

Sep 29, 2010

Am using Suse 10.2 for internet and e-mail server. currently all my users have access to the internet if they know how to setup their web browsers. how do i deny some users internet access so that a user can only access his/her e-mail but not internet.

View 1 Replies View Related

Ubuntu :: No Internet Access After Installing GUI On Server

Dec 14, 2010

I was having a hard time configuring ubuntu server with command line so this is the steps I did to install the GUI;

Code:

then

Code:

then

Code:

The GUI started up fine and I logged in as root, then I tried Update Manager and received this error message:

Requires installation of untrusted packages

I tried this in terminal window

Code:

and got

W: Failed to fetch [url]........(-5 - No address associated with hostname

So I did System Testing and got the result that my network was fine but my internet failed!

I could do command line update no problem before installing GUI. I can see it on the network on another computer though.

Trying to setup without the GUI is starting to look easier than with.

View 10 Replies View Related

CentOS 5 Server :: Allow Apache To Access The Internet?

Apr 21, 2009

We have Apache installed on CentOS 5.3 in our laboratory. Indeed the server is running fine for almost two years since it is actually the first CentOS 5 that was released just regularly updated. Now, most of our applications are custom made PHP applications and until now we somehow managed to avoid using PHP to fetch files that are on the internet itself. But now we are desperate because we need to allow PHP to fetch files through Apache but it seems as if Apache is not allowed to make a connection to the outer world. Additionally we use a proxy server to connect to the outer world so right at the beginning http_proxy is used to set that environmental variable. And for the root user it all works fine after that but it seems as if the apache user is not allowed to access the internet. Just to make a remark our web server can be accessed from the outer world so its a one way street for now.

View 1 Replies View Related

CentOS 5 Hardware :: How To Access To Server Over Internet To Bio

Feb 15, 2010

i want to buy a pci weasel, people told me i will have access to the server over internet with this board.Does anyone have any experience with this kind of card?How can i have access to server over internet to the bios,etc.

View 1 Replies View Related

CentOS 5 Server :: SSH Access Denied Over Internet?

May 28, 2010

I am getting an access denied when trying to log in via SSH to my home server with putty(windows) over the internet. I can use any user including root and get the same result. If I use my Android phone with the ssh terminal command I am able to successfully log in and use the server.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved