Profile Details

Toggle Sidebar
Recent updates
  • T1ck3ts
    T1ck3ts replied to a discussion, 2 WAN ip's NAT 1 Internal IP

    Nick Howitt wrote:

    FTP configs are in /etc/proftpd.d/flex-21.conf and that is auto-generated. Any changes you make like adding IP2 risk being lost nest time you visit the Flexshare FTP settings unless you set the immutable but (chattr +i /etc/proftpd.d/flex-21.conf), but then you need to remember you've set it. You could try going into the flexshare settings and making a trivial edit and see if the file regenerates correctly. If not, it is a manual edit.


    Yeah, that's exactly what i was playing with!

    Had to add public ip addres #2 to the <VirtualHost> tag.

  • T1ck3ts
    T1ck3ts replied to a discussion, 2 WAN ip's NAT 1 Internal IP

    Well, the Virtual IP address and manual iptable rule did the trick! Thanks Nick.

    The only problem now is, the FTP is not sending me to the flexshare ftp folder it should be sending me to.
    I get to the flexshare folder if i FTP to my Public Address #1, just doesn't work for Public Address #2

    Any ideas whats up with that?

  • T1ck3ts
    T1ck3ts started a new discussion, 2 WAN ip's NAT 1 Internal IP

    2 WAN ip's NAT 1 Internal IP

    So I've setup a 1-to-1 NAT for my second public IP Address to forward the connections to my internet address (192.168.1.1)
    I've already told my ISP that its coming from the same MAC as the primary address is on.

    Problem is, i cant make any connections from the outside (ie. FTP) but the kicker is, i can ping it from outside and it responds.

    Setup a trace and it seems the ClearOS box is picking it up but not doing anything with it, could it be a possible iptable rule of some sort?

  • T1ck3ts
    T1ck3ts replied to a discussion, Torguard OpenVPN issues.

    Thanks for the reply Nick. I'll look into that, see how its done.

    I got it working by setting the following:

    Although, it doesn't help with DNS leaks, sadly.

  • T1ck3ts
    T1ck3ts started a new discussion, Torguard OpenVPN issues.

    Torguard OpenVPN issues.

    Wonder if you guys can help with this one.

    I've setup and generated the Torguard VPN config and put it into /etc/openvpn as with all the others.
    It connects (had to put route-nopull into the torguard config else it would kill my entire network. No webpages would load)

    I would like to only send HTTP and HTTPS traffic over the Torguard VPN connection, leaving my games to run on the normal line, eno1 (External), for lower pings.

    Im having no luck :/ VPN connects but cant forward traffic over it.

    This is what i've tried so far, but with no luck:



    Any ideas would be helpful.
    Thanks!

  • That's what I've been trying to tell them.

    But that's what their mail server is doing, picking up external (for their personal inbox) and then having the internal server deal with sending etc,
    removing any sort of sneaky software trying to spam from the network.

    I know that they do have a new Tech on hand that's giving them ideas and such, so I'm guessing these request from from him. He's probably been sniffing around logs
    and seen many access attempts (which I've setup fail2ban to lock them down)

  • Allowing mail server access to residing country only.

    Hi guys

    So a client has asked me to block anyone connecting to the mail server that's outside of the country, which is all good and fine, but the problem is, it seems that most of the forwarding
    source is getting caught up in the block too.

    For example:

    * Using the FORWARD chain as the mail server is behind the ClearOS box and uses port forwarding for people to get their mail outside of the office
    This should block anything that's NOT part of the country ip addresses inside the hash, right?

    But I'm getting blocks from everyone inside the LAN side, also, their mail server cant send anything to gmail server's, for instance.

    Is the rule I'm using incorrect?

  • T1ck3ts
    T1ck3ts replied to a discussion, Using Privoxy instead of Squid

    Nick Howitt wrote:
    So presumably you have another firewall rule intercepting tcp:443 traffic?[/quote]
    Yeah

  • T1ck3ts
    T1ck3ts replied to a discussion, Using Privoxy instead of Squid

    Nick Howitt wrote:
    [edit]
    BTW, is it worth the effort as more and more sites switch to https, which will bypass the Privoxy as it does with the transparent proxy
    [/edit]


    I use ProxHTTPSProxyMII with Privoxy

  • T1ck3ts
    T1ck3ts replied to a discussion, Using Privoxy instead of Squid

    Nick Howitt wrote:

    The PREROUTING chain is the normal way and what squid uses as a transparent proxy as well, but use "-j REDIRECT --to-ports 8118". There should be no need to add the POSTROUTING rule. This should remove the requirement to have Privoxy listen on your LAN interface.


    Removed and chanced to iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8118[/code] and after that removed the listening port in config back to 127.0.0.1:8118, but that stops it from working :/