LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-21-2003, 05:22 PM   #1
initpcsys
LQ Newbie
 
Registered: Jun 2003
Location: USA
Distribution: RH, Mandrake
Posts: 9

Rep: Reputation: 0
Thumbs down OPEN HTTP Proxy -Urgent


Hi,

I'm having a problem with a webserver which is an open http proxy. The bandwidth usage so far this month is 500Gb when I usually get 2Gb.
I've installed Squid, ipchains, portsentry and shutdown pop3 and imap services. Still I'm having a 35Gb bw usage per day.

Does anyone have an ideia for a configuration that I might be missing?
Thank you in advanced,
Regards,
F.
 
Old 06-21-2003, 05:31 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Don't you have any logs or anything to see where the requests are coming from? Maybe someone is spamming your server.
 
Old 06-21-2003, 05:31 PM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
please do not mark threads as urgent. it may be urgent for you, but it is not urgent for us. thanks.
 
Old 06-21-2003, 05:55 PM   #4
initpcsys
LQ Newbie
 
Registered: Jun 2003
Location: USA
Distribution: RH, Mandrake
Posts: 9

Original Poster
Rep: Reputation: 0
I've checked the logs and I get:


cat /var/log/maillog: tons of relaying denied messages.
cat /var/log/squid/access tons of TCP DENIED to Connect

I've changed my ipchain rules to the following:

ipchains -P input ACCEPT
ipchains -A input -p tcp -d 192.84.219.128 smtp -j ACCEPT
ipchains -A input -p tcp -d 192.84.219.128 pop3 -j ACCEPT
ipchains -A input -p udp -d 192.84.219.129 domain -j ACCEPT
ipchains -A input -p tcp -d 192.84.219.129 domain -j ACCEPT
ipchains -A input -p tcp -d 192.84.218.130 www -j ACCEPT
ipchains -A input -p tcp -d 192.84.218.130 rsync -j ACCEPT
ipchains -A input -p icmp -j icmp-acc
ipchains -A input -j DENY -l

and now I can't access my webpage, my pop acccount and I can't ssh to my server.

Can you tell me what is wrong?

Thank you in advanced,
Francisco
 
Old 06-22-2003, 05:26 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
If you have a default policy of "ACCEPT" for a chain, you don't need to specify rules. You didn't post any forward or output chain policy/rules, you need to specify some. Btw, are you sure the default policy of "ACCEPT" is what you want? It offers no restrictions at all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
http proxy server Seiken Slackware 6 12-09-2005 12:03 PM
http proxy tunneling xowl Linux - Networking 1 02-22-2005 12:41 PM
Lynx -> HTTP Proxy: How? aurelio26 Linux - Newbie 3 10-14-2004 04:11 PM
"socks5" -> "http" proxy protocol, or ssh tunnel to sock5 ? I'm beyond http p vmicho Linux - Networking 2 12-16-2003 05:32 AM
ntpdate through http proxy thas Linux - Networking 0 05-14-2003 01:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration