Profile Details

Toggle Sidebar
Recent updates
  • T1ck3ts
    T1ck3ts replied to a discussion, Torguard OpenVPN issues.

    Thanks for the reply Nick. I'll look into that, see how its done.

    I got it working by setting the following:

    Although, it doesn't help with DNS leaks, sadly.

  • T1ck3ts
    T1ck3ts started a new discussion, Torguard OpenVPN issues.

    Torguard OpenVPN issues.

    Wonder if you guys can help with this one.

    I've setup and generated the Torguard VPN config and put it into /etc/openvpn as with all the others.
    It connects (had to put route-nopull into the torguard config else it would kill my entire network. No webpages would load)

    I would like to only send HTTP and HTTPS traffic over the Torguard VPN connection, leaving my games to run on the normal line, eno1 (External), for lower pings.

    Im having no luck :/ VPN connects but cant forward traffic over it.

    This is what i've tried so far, but with no luck:

    Any ideas would be helpful.

  • That's what I've been trying to tell them.

    But that's what their mail server is doing, picking up external (for their personal inbox) and then having the internal server deal with sending etc,
    removing any sort of sneaky software trying to spam from the network.

    I know that they do have a new Tech on hand that's giving them ideas and such, so I'm guessing these request from from him. He's probably been sniffing around logs
    and seen many access attempts (which I've setup fail2ban to lock them down)

  • Allowing mail server access to residing country only.

    Hi guys

    So a client has asked me to block anyone connecting to the mail server that's outside of the country, which is all good and fine, but the problem is, it seems that most of the forwarding
    source is getting caught up in the block too.

    For example:

    * Using the FORWARD chain as the mail server is behind the ClearOS box and uses port forwarding for people to get their mail outside of the office
    This should block anything that's NOT part of the country ip addresses inside the hash, right?

    But I'm getting blocks from everyone inside the LAN side, also, their mail server cant send anything to gmail server's, for instance.

    Is the rule I'm using incorrect?

  • T1ck3ts
    T1ck3ts replied to a discussion, Using Privoxy instead of Squid

    Nick Howitt wrote:
    So presumably you have another firewall rule intercepting tcp:443 traffic?[/quote]

  • T1ck3ts
    T1ck3ts replied to a discussion, Using Privoxy instead of Squid

    Nick Howitt wrote:
    BTW, is it worth the effort as more and more sites switch to https, which will bypass the Privoxy as it does with the transparent proxy

    I use ProxHTTPSProxyMII with Privoxy

  • T1ck3ts
    T1ck3ts replied to a discussion, Using Privoxy instead of Squid

    Nick Howitt wrote:

    The PREROUTING chain is the normal way and what squid uses as a transparent proxy as well, but use "-j REDIRECT --to-ports 8118". There should be no need to add the POSTROUTING rule. This should remove the requirement to have Privoxy listen on your LAN interface.

    Removed and chanced to iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8118[/code] and after that removed the listening port in config back to, but that stops it from working :/

  • T1ck3ts
    T1ck3ts started a new discussion, Using Privoxy instead of Squid

    Using Privoxy instead of Squid

    Hoping someone could help me here.

    I installed Privoxy (while still having squid installed) but used the following iptable rules:
    they seem to work fine and i decided to remove squid and keep privoxy as the normal.

    After removing squid, the redirect does not work and no HTTP traffic is being directed to the privoxy.

    Could someone give me an update on better iptable rules I'm missing or have not used?

  • Just giving an update:

    Couldnt find a thing that was causing Squid to stop talking to Dansguardian.

    Removed Squid and replaced it with Privoxy, which is running extremely well! Page loads are amazingly fast and people can stream to Twitch without having issues with "Connecting to Proxy" freak outs :D

  • Ben Chambers wrote:

    Your squid log snippet just shows a normal service restart...the action you took...anything before that? Anything in the /var/log/messages or /var/log/system log files just before you restarted Squid that might prove useful?


    Nothing at all :(

    Happened again, from Aug 25 18:20:35 to Aug 25 18:49:02

    I have 3 PC's, 3 Cellphones and a RaspberryPi connected to the TV