Nick Howitt wrote:
FTP configs are in /etc/proftpd.d/flex-21.conf and that is auto-generated. Any changes you make like adding IP2 risk being lost nest time you visit the Flexshare FTP settings unless you set the immutable but (chattr +i /etc/proftpd.d/flex-21.conf), but then you need to remember you've set it. You could try going into the flexshare settings and making a trivial edit and see if the file regenerates correctly. If not, it is a manual edit.
Yeah, that's exactly what i was playing with!
Had to add public ip addres #2 to the <VirtualHost> tag.
Well, the Virtual IP address and manual iptable rule did the trick! Thanks Nick.
The only problem now is, the FTP is not sending me to the flexshare ftp folder it should be sending me to.
I get to the flexshare folder if i FTP to my Public Address #1, just doesn't work for Public Address #2
Any ideas whats up with that?
So I've setup a 1-to-1 NAT for my second public IP Address to forward the connections to my internet address (192.168.1.1)
I've already told my ISP that its coming from the same MAC as the primary address is on.
Problem is, i cant make any connections from the outside (ie. FTP) but the kicker is, i can ping it from outside and it responds.
Setup a trace and it seems the ClearOS box is picking it up but not doing anything with it, could it be a possible iptable rule of some sort?
Wonder if you guys can help with this one.
I've setup and generated the Torguard VPN config and put it into /etc/openvpn as with all the others.
It connects (had to put route-nopull into the torguard config else it would kill my entire network. No webpages would load)
I would like to only send HTTP and HTTPS traffic over the Torguard VPN connection, leaving my games to run on the normal line, eno1 (External), for lower pings.
Im having no luck :/ VPN connects but cant forward traffic over it.
This is what i've tried so far, but with no luck:
Any ideas would be helpful.
That's what I've been trying to tell them.
But that's what their mail server is doing, picking up external (for their personal inbox) and then having the internal server deal with sending etc,
removing any sort of sneaky software trying to spam from the network.
I know that they do have a new Tech on hand that's giving them ideas and such, so I'm guessing these request from from him. He's probably been sniffing around logs
and seen many access attempts (which I've setup fail2ban to lock them down)
So a client has asked me to block anyone connecting to the mail server that's outside of the country, which is all good and fine, but the problem is, it seems that most of the forwarding
source is getting caught up in the block too.
* Using the FORWARD chain as the mail server is behind the ClearOS box and uses port forwarding for people to get their mail outside of the office
This should block anything that's NOT part of the country ip addresses inside the hash, right?
But I'm getting blocks from everyone inside the LAN side, also, their mail server cant send anything to gmail server's, for instance.
Is the rule I'm using incorrect?
Nick Howitt wrote:
BTW, is it worth the effort as more and more sites switch to https, which will bypass the Privoxy as it does with the transparent proxy
I use ProxHTTPSProxyMII with Privoxy
Nick Howitt wrote:
The PREROUTING chain is the normal way and what squid uses as a transparent proxy as well, but use "-j REDIRECT --to-ports 8118". There should be no need to add the POSTROUTING rule. This should remove the requirement to have Privoxy listen on your LAN interface.
Removed and chanced to iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8118[/code] and after that removed the listening port in config back to 127.0.0.1:8118, but that stops it from working :/