similar to: Squid vs. iptables redirection: exception for certain domains ?

Am 11.03.2018 um 11:53 schrieb Nicolas Kovacs <info at microlinux.fr>: > > I've experimented some more, and I have a partial success. Here, I'm > redirecting all HTTPS traffic *except* the one that goes to my bank: > > iptables -A PREROUTING -t nat -i $IFACE_LAN -p tcp ! -d > www.credit-cooperatif.coop --dport 443 -j REDIRECT --to-port 3129 > > This works

Le 11/03/2018 ? 13:09, Leon Fauster a ?crit?: > It is not a good practice to place domain names into iptables rules. Define > a custom table, place this table into your rule list (to stick at the right > place) and feed that table with the resolved domain names. This can be altered > while running in the case of changes (check resolving results periodically). I admit I've never

Hi, Another idea - but this gets complicated and with that, prone to faults - use a simple shell script to resolve the desired domains and keep their IPs in an ipset, then use the ipset in your firewall rules, this way you can keep your iptables rules static, your squid config static and simply add or remove IPs from the ipset. -- Sent from the Delta quadrant using Borg technology! Nux!

Le 11/03/2018 ? 11:01, Nicolas Kovacs a ?crit?: > So here's what I want to do, in plain words: > > 1. Redirect all HTTP traffic (port 80) to port 3128. So far so good. > > 2. Redirect all HTTPS traffic (port 443) to port 3129. Equally OK. > > AND... > > 3. DO NOT REDIRECT traffic that goes to certain domains, like: > > github.com >

Hi, I just migrated my office's server from Slackware64 14.1 to CentOS 7. So far everything's running fine, I just have a few minor details to work out. I removed the firewalld package and replaced it by a simple Iptables script: --8<---------------------------------------------------- #!/bin/sh # # firewall-lan.sh IPT=$(which iptables) MOD=$(which modprobe) SYS=$(which sysctl)

On 19.02.2015 11:58, Niki Kovacs wrote: > Hi, > > I just migrated my office's server from Slackware64 14.1 to CentOS 7. So > far everything's running fine, I just have a few minor details to work out. > > I removed the firewalld package and replaced it by a simple Iptables > script: > > > --8<---------------------------------------------------- >

On 23 May 2018 at 10:24, Nicolas Kovacs <info at microlinux.fr> wrote: > Hi, > > I'm currently setting up a local FTP server, to receive disk images sent > with G4L (Ghost4Linux). > > This server has been running Slackware Linux before, and the Vsftpd > setup was relatively simple. > > With CentOS things seem to be slightly different, so I'm currently >

Hi, I'm currently setting up a local FTP server, to receive disk images sent with G4L (Ghost4Linux). This server has been running Slackware Linux before, and the Vsftpd setup was relatively simple. With CentOS things seem to be slightly different, so I'm currently trying to work things out. For the moment, two things seem to be creating problems, the simple iptables firewall and

ive got a config thats client -> server ->Dansguardian->Squid -> onward adn I want to transparently redirect web traffic to DG/Squid Not sure where the problem lies - hoping you guys can help me and at least tell me that its NOT my shorewall config heres the configs When I point a browser straight at 3128 or 3129 I get web pages back and the appropriate stuff in the logs . I get a

Le 23/05/2018 ? 16:36, Nux! a ?crit?: > Try "iptables -I INPUT" for your FTP rule. Doesn't work. I redirected all my errors to /var/log/messages, so here's what I get when I try to connect Filezilla to that server. May 23 16:48:58 c7-server kernel: +++ IPv4 packet rejected +++ IN=enp0s3 OUT= MAC=08:00:27:00:00:03:d4:85:64:b2:b2:1b:08:00 SRC=192.168.2.2 DST=192.168.2.12

Hello, I have a problem with my GNU/Linux router. I mean, I am trying to configure a VPN conection for the clients of the LAN and allow to connect them to the Internet trought the router. I have installed in the server a QoS policy and I have configured the firewall for allowing all the clients to connect. I attach the script. The idea is that when a client connect this pc the dhcp gives him an

Hi, I've setup a transparent HTTP+HTTPS proxy on my server running CentOS 7, using Squid. Here's my configuration file. --8<---------------------------------------------------------------- # /etc/squid/squid.conf # D?finitions acl localnet src 192.168.2.0/24 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port

I''ve network with NATed hosts. I want to catch only all traffic going from my server, but I don''t want catch NATed traffic from LAN. I need only traffic going from/to my server (traffic from INPUT, OUTPUT chain in iptables) (like SSH, postfix, WWW or proxy). This is throw all traffic from my LAN to IFB: $TC qdisc add dev $iface_lan handle ffff: ingress $TC qdisc add dev

Hello, I hope this isn't too off topic, but I'm attempting to set up a Spectralink 8002 Wifi phone with our Asterisk installation, and seem to be running into a brick well (more of a wall than others that have posted their experiences). My problem is that the phone boots, associates with the wireless, grabs an IP (tried static too - same thing), contacts the TFTP server for firmware, then

Vicidial can't call and transfer to my softphone. I get some line that says Spawn Extension....exited on non zero.... Here's some of the CLI output. I am using Asterisk 1.2.4 and astguiclient 1.1.8 ...thanks for the help |SELECT count(*) FROM vicidial_auto_calls where status = 'LIVE' and server_ip='127.0.0.1' and campaign_id = '' and call_time <

Here is another log from the * server CLI, I reall hope some one can help me out on this one. thanks |SELECT count(*) FROM vicidial_auto_calls where status = 'LIVE' and server_ip='127.0.0.1' and campaign_id = '' and call_time < "" and lead_id != '';| -- VDAD get agent: |0|update of vla table: |127.0.0.1 |UPDATE vicidial_live_agents set

We run a Hosting farm behind a bridge/iptables firewall setup running Gentoo with kernel 2.4.20-gentoo-r6, connected to a dual 15Mbps international internet pipe / , as this: Net Pipe --------- eth1 Bridge/Firewall eth0 -------- Internal Hosting Network lately we have been looking at htb to somehow control excessive usage from the users behind, but in our implementation there seems to be an

Hello, Is there any reason why an IP-phone would pounder on port 5060 ? My firewall blocks the public IP because it thinks the remote IP is port scanning on port 5060. I think the phone is just registering but for some reason it does this repeatedly in a very short time. Oct 28 09:01:48 astserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:00:00

Greetings all, Ran into a strange problem with the krige function from geoR. The problem that I am having is that while the krige function seems to work well, the resulting predicted values are all NAs. Given the size of the datasets I am working with can't attach it, but I can provide snippets of the datasets. > casedata station year month day obs mpe bias type

To fix this, i would start with. First, set the first AD-DC its resolv.conf to SERVER_IP=$(ip -o route get to 8.8.8.8 | sed -n 's/.*src \([0-9.]\+\).*/\1/p') search $(hostname -d) > resolv.conf.new nameserver ${SERVER_IP} >> resolv.conf.new nameserver 8.8.8.8 # because we want a fallback to internet, for now. >> resolv.conf.new mv /etc/resolv.conf{,.backup} mv