OPEN HTTP Proxy -Urgent
Hi,
I'm having a problem with a webserver which is an open http proxy. The bandwidth usage so far this month is 500Gb when I usually get 2Gb. I've installed Squid, ipchains, portsentry and shutdown pop3 and imap services. Still I'm having a 35Gb bw usage per day. Does anyone have an ideia for a configuration that I might be missing? Thank you in advanced, Regards, F. |
Don't you have any logs or anything to see where the requests are coming from? Maybe someone is spamming your server.
|
please do not mark threads as urgent. it may be urgent for you, but it is not urgent for us. thanks.
|
I've checked the logs and I get:
cat /var/log/maillog: tons of relaying denied messages. cat /var/log/squid/access tons of TCP DENIED to Connect I've changed my ipchain rules to the following: ipchains -P input ACCEPT ipchains -A input -p tcp -d 192.84.219.128 smtp -j ACCEPT ipchains -A input -p tcp -d 192.84.219.128 pop3 -j ACCEPT ipchains -A input -p udp -d 192.84.219.129 domain -j ACCEPT ipchains -A input -p tcp -d 192.84.219.129 domain -j ACCEPT ipchains -A input -p tcp -d 192.84.218.130 www -j ACCEPT ipchains -A input -p tcp -d 192.84.218.130 rsync -j ACCEPT ipchains -A input -p icmp -j icmp-acc ipchains -A input -j DENY -l and now I can't access my webpage, my pop acccount and I can't ssh to my server. Can you tell me what is wrong? Thank you in advanced, Francisco |
If you have a default policy of "ACCEPT" for a chain, you don't need to specify rules. You didn't post any forward or output chain policy/rules, you need to specify some. Btw, are you sure the default policy of "ACCEPT" is what you want? It offers no restrictions at all.
|
All times are GMT -5. The time now is 11:03 AM. |