Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
OK..Thanks for reply....Another thing is that , from squid system I m able to login remote ftp server (I m not telling about browser based ftp websites; like ftp://ftp.abcd.com)and get mails through pop client . In linux I m using Evolution pop mail....But from other client ssytem those are connected with my squid server, they are not able to do this kind of activity . Only browse google etc. Even I use IPTABLEs to allow all source-all destination for FTP . Even put it in squid ACL as safeport.....Any suggestion.Pls tell.
OK..Thanks for reply....Another thing is that , from squid system I m able to login remote ftp server (I m not telling about browser based ftp websites; like ftp://ftp.abcd.com)and get mails through pop client . In linux I m using Evolution pop mail....But from other client ssytem those are connected with my squid server, they are not able to do this kind of activity . Only browse google etc. Even I use IPTABLEs to allow all source-all destination for FTP . Even put it in squid ACL as safeport.....Any suggestion.Pls tell.
If I understand your post correctly, you are saying that your clients are having problems accessing FTP servers. If that is indeed what you are saying, then that is a completely separate issue and does not belong in this thread.
Yes you are right. Actually if I manually block required sites through squid it may be possible . But now I m seeing that users are unable to get mails through outlook or not able to login remote FTP server (not browser based ftp sites). Pls..Pls. help me out .
Its possible from local squid system...but not other client XP system who are connected with my squid system.
Last edited by santanu.santanu; 07-03-2008 at 12:11 AM.
But pls, tell me the way how to solve the FTP / Outlook related problem. This is a serious issue for me . Pls.don't take me other way . Actually I m focusing on this issue . And I m not getting proper suggestions from others . Pls help.....After solving the issue we can talk on previous matter......But pls tell me any way ; may be IPTABLES / Squid ACL .
At the moment I have to allow connected XP users for getting mails through Outlook and allow them to login remote ftp server........>>>> through squid-proxy system....Here a common error coming " domain no resolved "...I think thats the problem . Client system are are unable to resolve remote domains through squid-proxy system..Any paramitter needed to add in squid . And POP (in case of Outlook)showing port 110 related error .
I m not getting any reason ... so that client systems are unable to resolve the remote domain....because google etc. are browsing . And my user's getway is my squid system.
I've moved this new discussion into a separate thread in Networking.
santanu.santanu, I hope next time you will take a hint and start a new thread for your new issue. Asking how to filter Web-based email on your network is a security matter, but FTP and Outlook clients with connectivity problems is not.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
How are you forcing your POP users to connect through Squid any way? So far as I know Outlook doesn't have any proxy support... Are you using iptables to redirect all port 110/tcp connections to Squid, or haven't you done that? If you just blocked all outbound connections, but didn't direct any traffic to Squid and just relied on the browser Proxy settings, then of course nothing besides browsers are going to work, because those are the only applications that actually have the proxy settings.
First I put in Squid ACL - POP related ports as safe ports. I also used IPTABLES like ....
iptables -A OUTPUT -p tcp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 --dport 110 -j ACCEPT
iptables -A OUTPUT -p udp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 --dport 110 -j ACCEPT
iptables -A INPUT -p udp -s 0.0.0.0/0.0.0.0 -d 0.0.0.0/0.0.0.0 --dport 110 -j ACCEPT
.........is there any other way , I can write in IPTABLES rules to allow POP users.Any thing needs to add in Squid ?
POP3 is TCP, not UDP.
Squid is an HTTP proxy; not POP3.
Why are you using dport=110 on OUTPUT? Destination port will be a high-level, random port, and sport will be 110.
Perhaps you want to only allow ESTABLISHED connections on OUTPUT.
Thanks..for above link.Can I use domain name instead of iP in iptables rule( -s abcd.com or -d abcd.com ).And most importantly , genereally in normal situation (no firewall and direct connect to the internet); in outlook / pop client I just type :->>>> Full Name :-> user ;; E-mail Id :-> user@abcd.com ;; Receiving/POP :-> mail.abcd.com ;; Sending/SMTP :-> mail.abcd.com....like this . In this case how I map client pop form XP systems with this .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.