I'm new to networking so please tell me if this isn't allowed, I'm also not to sure how to even ask this question, or if I'm even asking the right question.
Ok, I want to create a .mobileconfig file that will connect on demand to my server, and block a few ad DNS names so all the traffic on my iPhones will be processed through a "DNS blocker" on a linux Ubuntu server, yet I can't find any information on how to do this. I don't know how to search for it as everything I search fails to be what I'm looking for. I have the mobile configuration file ready to go, but I can not figure out how to make the phone send it's traffic through a file that says block "apple.com" for example.
I hope this makes sense, sorry for the noob post, I'm just trying to learn and I can't find help.
Edit: need help on the software side of routing all traffic through DNS blocker Ubuntu Linux vps, have ssh root access
Related
I've searched in general, and looked at suggested responses here, so I hope this isn't immediately marked as a duplicate. So here goes.
I'm building a simple web app with an Angular server using port 3000 on my desktop. I've been testing it with the standard "localhost:3000" URL. I then wanted to make it accessible to others outside my home for testing and review. So I did the expected port forwarding in my router of port 3000 to my local machine at 10.0.0.90. I then constructed a link using my external IP (router's "WAN IP") like "[wan ip]:3000". And this has worked as expected, enabling external access as well as internal access. The only thing funny at the time was having to add "--host 0.0.0.0" to the server invocation.
But here's the problem. My original setup, where everything worked, was a Comcast modem with my router (TP-Link) hanging off of it. Recently, I switched to their Xfinity Gateway combo modem/router (Arris TG1682G). Now, I can't get to the server using the [wan ip]:3000 URL. I can't even ping that URL, they all time out. So, while on the phone with Comcast tech support, and not being able to determine why I had this problem (even after upgrading router firmware and rebooting it), I asked him to try [wan ip]:3000, and it worked! It also doesn't work from any other machines on my local network. But, when I changed my laptop wireless connection from my house Xfinity router to an external one (one of the many "xfinitywifi"s seen in a list of networks, besides numerous neighbors), it again worked! Poking around in Xfinity router admin pages, I didn't see anything that sounded like it was involved with this.
So, any idea what's going on, and how to fix? Thanks for any ideas or guidance.
OK, I think I see what's going on. A colleague mentioned that for this to work, the router needs to support "NAT reflection/loopback". Looking at every setup page on this router, I don't see anything that sounds like that. Further searching shows a page where they state that this router does not support it. Oh well.
I am working with a Synology NAS type aDS716+II, DSM 6.1.4-15217 Update 2 on wich runs Docker with a Jira container.
So now what I want to do I'm assinged to get to work is to access Jira's webinterface with let's say jira.synology.local with synology being the servername.
I read a lot about nginx and how it's built in since DSM 6.X but I don't seem to get it to work properly at all.
I can access Jira's webinterface from another machine within the LAN via IP_OF_SYNOLGY:PORT so when setting up a reverse proxy on the server it should be pointing to LOCALHOST:PORT right? I have also tried using the actual IP instead of LOCALHOST but without success.
I can access the interface of Synology itself not only via IP_OF_SYNOLGY:PORT but also via DOMAINNAME.LOCAL if I set the domain name.
I really don't know what I'm missing and I tried everything I could think of. Does someone has experience with this?
If some information is missing, I'll gladly provide it. I'm fairly new to synology I have to admit. Thanks in advance!
So this has gotten zero response but I figured probably someone will have a similar "problem" in the future, so I will answer anyway.
I solved everything, when I setup Active Directory. When installing AD, the DNS-Server will automatically be installed too.
So we have JIRA running in a Docker container (on port, let's say, 12345) and I want to access it via the LAN on jira.domainname.
To do so we need to have installed DSM6.X or higher (for nginx) and the DNS-Server. That's it.
In the DNS-Server you will have to create a new master zone
and apply the following settings, whereas you can freely choose the domain name and Master DNS server must be the IP of your synology station, since it functions as a DNS
Then you want to edit the Resource Record
There you want to add an A Record Resource
and an CNAME Record Resource
So your Resource Records will look like this
Now the last step for setting up the DNS server is to tell it what to do if there is no specific record for a query. So for example if you want to open jira.domainname in your browser, there is a specific record for that and the DNS server knows how to direct it. But if you want to open up for example google.com the DNS server has no information on that and does now know what to do. So what we do now is to to tell the DNS server to forward the request, if it has no records for a request. To do so, enable the forwarders and put in the IP of your gateway/ managed switch as primary and some public DNS server (8.8.8.8 for one of google's DNS server) as secondary.
Please remember that jira.domainname shall always be the domainname you choose and 192.168.0.200 shall always be the IP of your synology station.
So now the DNS server is completely setup. Now we want to take advantage of the built-in reverse proxy (which runs on nginx in the background). To do so we navigate as seen here
and create a new reverse proxy rule
So now that the URL's can point to the same destination (your synology, 192.168.0.200) but on different Port. That comes in very handy for some applications running in docker.
So now if you are running this in an home setup or small office, you probably are working with standard issue commercial router such as for example a FritzBox by AVM. Those are pretty good but beware that some prohibit the so called DNS Rebinding which means that DNS requests pointing to a local IP will be not allowed. Since in this setup the DNS server (your synology) and the destination JIRA (also your synology) are in the same LAN, we have to create an exception. Probably other routers don't suppress those requests, but if so exceptions are necessary.
So the next step, it to tell your Gateway or managed switch that it has to use the newly setup DNS server as the primary DNS server. For FritzBox' you can do so here
put in the IP of your DNS server and an secondary DNS server. This is important as a fallback solution if your DNS server probably stops working at some point.
Now that everything is setup I would recommend to restart the router/ managed switch, synology and the workstation you are working on, to flush all caches. After that you can simply open your browser and type in jira.domainname and JIRA should open up. You can also open a terminal/ cmd and type in nslookup jira.domainname to see if it is being resolved correctly.
I really hope this will help someone at some point and if there are any additional questions, please feel free to comment this or write me directly!
i deployed a rails app on a EC2 instance and on this morning when i clicked on a section of the app redirected to this http://testp2.czar.bielawa.pl/.
i would like to know if this is a malware or what?
because this link is not part of the app.
thanks
Yes its type malware, you might not be the actual target is rather that your server might be used for source of spam, port scanning and DDoS attacks.
There is pretty extensive abuse list for
http://testp2.czar.bielawa.pl/
See here.http://www.abuseipdb.com/report-history/185.25.151.159
For getting rid of this follow the great instructions from serverfault below.
https://serverfault.com/questions/218005/how-do-i-deal-with-a-compromised-server
Alternatively if there is nothing important there just delete the EC2 and start again
I'm new to web development, rails, etc. I have what is probably a very dumb questions but I searched and was not able to find the specific answer, though there's a good chance I asked the wrong question.
I'm following this tutorial which wants you to create a test rails app locally and view it via localhost in a browser. However I am learning directly on the server itself. This is because currently I only have an iPad to work with, but I've been able to do everything directly on the server itself using Panic's Prompt. To continue with these lessons I need to be able to see what I've done via a browser which since I can't use localhost, I want to see directly on my server. Here is the tutorial I'm following:
http://installfest.railsbridge.org/installfest/create_a_rails_app
Here is my website:
redvardo.com
Any help or pointers toward the correct information would be helpful. Please tell me if I did not include enough information as well. Thanks!
If your server provides a public IP address, use that ip to access the project. First of all make sure the brick server is running via rails s then you can go ahead and access the page directly via the ip: 12.13.31.115:3000 for example. This would be the fastest way, otherwise you need to setup dns to point to your server via your domain name registrar.
Hope that helps.
Thanks for the help but for me, what I did was simply install a VNC server on the server itself, now I can view localhost on the server for everything the tutorials are asking.
I want to write an application in Delphi which filters requested URLs in the OS (not only web browsers) and if it matches - blocks it or changes the URL's content to blank. The problem is - I don't know where to start looking. Could you help me with some informations?
I think you're talking about a DNS service. usually, DNS services live outside, on your router, your ISP, or a 3rd-party like www.openDNS.org
But you could write your own, run it on your PC, and set your internet settings to use that as your DNS server.
I suspect that a lot of malware works like this....
Also, this sort of thing can be done with no programming at all - just edit your hosts file in C:\WINDOWS\system32\drivers\etc\hosts (it's a text file with no extension).
Anything in there should trump.
Also, before you start writing an application to do this, have a look at OpenDNS. If it's an app for personal use, you may find that you don't need it. If it's going to be a commercial offering, this is the bar for usability and usefulness that you need to meet or beat.
http://www.mail-archive.com/delphi-talk#elists.org/msg01558.html - text by Francois PIETTE quoted bellow(in case link will become unavailable):
"There are several way to achieve your goal. The two main I see are:
1) Write a LSP (Layered Service Provider)
2) Write a proxy server
The first is not possible with Delphi (At least I think so. If anyone know
how to write a LSP using Delphi, I would love to get the code).
The second - writing a proxy - is more or less easy with Delphi using ICS
components. See "usermade" link at ICS website (http://www.overbyte.be).
With this option, you have to configure IE to use the proxy: IE Menu / Tools
/ Internet options / Connections / Network parameters / Use a proxy and then
enter the IP address (127.0.0.1 if proxy run on the same computer) and port
number (pick anyone you like, for example 8080). Once IE is configured to
use a proxy, it will send all requests to the proxy. Then the proxy will
make the real request to the target server and return data back to IE. What
is important there is that you get all URL entered in IE or indirectly use
(clicking on links), and you can either really rely them to the target
server or forge and answer your self to say the page access is denied.
At ICS website, on the usermade page, you'll even find a HTTP proxy
component. If you need help with this component and/or the entire ICS,
please use ICS support mailing list (same server as this list). See
"support" link at ICS website for support details."
LE: it seems that this question is possible a duplicate
Using delphi to block websites
use GetExtendedTcpTable api locate if there are any connexions to the remote server you want to block on port 80 if there is a connection use SetTcpEntry to terminate that connexion is pretty simple