I am setting up a Squid proxy for home network that is on Wi-fi. I have given static IPs to my desktop machine and laptop at home and I want only these machines to be able to connect to internet. The squid acl I have is
acl home_ws src 192.168.4.1
acl home_laptop src 192.168.4.2
acl google dstdomain google.co.in
http_access allow home_ws
http_access allow home_laptop
http_access allow google
http_port 8080
But, when I try to connect with the squid proxy ip from my laptop, it doesn't work. The same however works fine on the desktop. I am using curl for this purpose. The error is curl: (7) couldn't connect to host. This is how I am using the curl command.
curl --proxy 192.168.4.1:8080 www.google.co.in
The ping to my desktop machine(192.168.4.1) is working fine. Am I missing something with squid.conf?
Related
I set up a wireguard instance in a docker container and use nginx proxy manager to set up all reverse proxy settings. Now I want the website to be only accessible when I am connected to the VPN.
I tried to add localhost as the forward address and set the only allow to the local server ip, but it doesn't work and just displays a cant connect to server message in my browser.
Add this to a server block (or a location or http block) in your nginx configuration:
allow IP_ADDRESS_OR_NETWORK; # allow only connections from Wireguard VPN network
deny all; # block the rest of the world
The allowed network has to match your specific Wireguard VPN network. All peer IP addresses which should have access must be part of the network range. Depending on your NAT settings, you should verify the actual IP address or network by checking the access log: tail -f /var/log/nginx/access.log
Be sure to reload your nginx config to apply changes: service nginx reload
See also http://nginx.org/en/docs/http/ngx_http_access_module.html for usage hints on the HTTP access module.
Here's my project: Use Stunnel in front of OpenVPN to proxy traffic on my Mac to an external servers IP.
Here's my issue: Brew installs the packages just fine but when running they are unable to find a route to any public IP. My Stunnel server uses OpenVPN behind it for more security and OpenVPN sends its traffic via a port on localhost where Stunnel listens and DOES recieve. The issue is when stunnel tries to connect to the external server. Eliminating Stunnel fixes this as OpenVPN is able to connect directly to the external IP. I have this exact same Stunnel/OpenVPN setup on my Windows machine and it works just fine. I just bought this Mac and am not familiar with Brew but any help would be appricaiated!
I have squid proxy, which is currently allowing all vpc cidr range to whitelist file. I want to set-up an acl that the proxy client accessed on port 3128 it needs to apply whitelist1 and on port 3129 whitelist2. Is this possible ?
I'm running a public proxy server and would like to block clients from accessing local devices on the server.
Local devices are on 10.0.0.0/8.
The proxy server runs on 127.0.0.1:31336. Access to the proxy server is made by reverse proxy on nginx which is listening on a public IP address.
Would an iptables rule like "reject 127.0.0.1:31336 from accessing 10.0.0.0/8" work? If so can I get an example iptables command to do so?
If not, would I have to work with network namespaces to achieve what I am seeking for?
why would you even use iptables for blocking client of a nginx, anyway follow this tutorial it will show you how you can allow or deny an ip or range ip : https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-tcp/
I'm on a corporate network and need to find out the external IP address that my ssh is showing up as so I can white-list it.
I can't use whatismyip.com or "curl ifconfig.me" because this network is proxying all the web traffic, so the IP is different than what SSH goes out as.
Is there an equivalent service that I can SSH to and it will repeat my external IP address?
Ok, finally got around to solving this myself:
http://ipcheck.finne.us/
Chrome won't do a request on port 22, so
curl http://ipcheck.finne.us:22/