Changes

From SME Server
Jump to navigationJump to search

Firewall (view source)

Revision as of 02:10, 25 October 2007

844 bytes added ,  02:10, 25 October 2007
→‎Custom templates
Line 51: Line 51:  
====Block outgoing ports====
 
====Block outgoing ports====
 
*I want to block outgoing traffic from my server.
 
*I want to block outgoing traffic from my server.
These commands are based on  
+
 
http://bugs.contribs.org/show_bug.cgi?id=2977
+
These commands are based on http://bugs.contribs.org/show_bug.cgi?id=2977
    
Please check for the latest attachments (custom template fragments) to this bug.
 
Please check for the latest attachments (custom template fragments) to this bug.
    
At present, traffic is only blocked if it originates on the primary local
 
At present, traffic is only blocked if it originates on the primary local
network.
+
network. No processing is performed on traffic addressed to the LAN IP, WAN IP or
No processing is performed on traffic addressed to the LAN IP, WAN IP or
   
loopback address of the SME.
 
loopback address of the SME.
      
Download custom templates and configure ports with db command
 
Download custom templates and configure ports with db command
Line 81: Line 79:     
Update the config changes and restart masq
 
Update the config changes and restart masq
 +
signal-event remoteaccess-update
 +
/etc/init.d/masq restart
 +
 +
====Bypass Proxy====
 +
*You have Transparent Proxy enabled (the default) but want to allow this to be selectively bypassed.
 +
 +
These commands are based on http://bugs.contribs.org/show_bug.cgi?id=2274
 +
 +
Please check for the latest attachments (custom template fragments) to this bug.
 +
 +
Download custom templates and configure ports with db command
 +
mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
 +
cd /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
 +
wget -O 35transproxy http://bugs.contribs.org/attachment.cgi?id=1410
 +
wget -O 90adjustTransProxy http://bugs.contribs.org/attachment.cgi?id=1411
 +
 +
Create desired db entries for the clients or sites you want to allow
 +
config setprop squid BypassProxyTo  162.23.23.125
 +
config setprop squid BypassProxyFrom a.b.c.d,x.y.z.0/0
 +
 
  signal-event remoteaccess-update
 
  signal-event remoteaccess-update
 
  /etc/init.d/masq restart
 
  /etc/init.d/masq restart
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/5676"

Navigation menu