Zentyal Forum, Linux Small Business Server
Zentyal Server => Installation and Upgrades => Topic started by: reano on November 19, 2013, 03:04:27 pm
-
Need some help here, please - maybe I'm just missing something :)
We're getting many connections between users on our network and amazonaws sites. We're trying to block most of these. The one in question is this one (screenshot from iftop):
(http://i.imgur.com/6TNGkVV.jpg)
That address resolves to 54.221.231.21.
We've created a network object called "object_badsites", with that IP as a member (together with another IP that we also want to block). Object setup is:
(http://i.imgur.com/Kic3oTL.jpg)
Then we set up the firewall to block it at every possible point (some rules are overkill, but bear with me..). Firewall rules are:
External networks to Zentyal:
(http://i.imgur.com/IbkUNIW.jpg)
Traffic coming out of Zentyal:
(http://i.imgur.com/zmVCmdG.jpg)
External networks to internal networks:
(http://i.imgur.com/3kzTDg2.jpg)
Internal networks:
(http://i.imgur.com/rSJxpoR.jpg)
Internal networks to Zentyal:
(http://i.imgur.com/p71Miyl.jpg)
But yet, even with all those rules loaded, we keep seeing traffic get through from/to ec2-54-221-231-21.compute-1.amazonaws.com (as per the first screenshot in my post).
Does anyone have any ideas? Maybe something I set up incorrectly?
-
Anyone have any ideas re the above issue?
-
Anyone have any ideas re the above issue?
You need to do a lock means SQUID.
-
Anyone have any ideas re the above issue?
You need to do a lock means SQUID.
I did block it in squid, but these aren't http connections.