Dante blocking some localhost connectionsSetting up dante socks serverPassive ssh/telnet server?How to allow remote connections from non localhost clients with ssh remote port forwarding?Routing specific server traffic through my VPSVPN client blocked through squid serverHow do you use ELB's support for PROXY protocol version 1 securely?Tunnel windows VPN through SSHHow to duplicate TCP traffic to one or multiple remote servers for benchmarking purposes?ssh tunneling on the same machineDante server Pam authentication does not work
Is it OK to look at the list of played moves during the game to determine the status of the 50 move rule?
nginx conf: http2 module not working in Chrome in ubuntu 18.04
Managing heat dissipation in a magic wand
Why is a weak base more able to deprotonate a strong acid than a weak acid?
Is there a solution to paying high fees when opening and closing lightning channels once we hit a fee only market?
Is it normal to "extract a paper" from a master thesis?
One word for 'the thing that attracts me'?
If a character has cast the Fly spell on themselves, can they "hand off" to the Levitate spell without interruption?
Passport queue length in UK in relation to arrival method
Is there an idiom that means that you are in a very strong negotiation position in a negotiation?
How did the Allies achieve air superiority on Sicily?
What pc resources are used when bruteforcing?
Writing "hahaha" versus describing the laugh
Why is 'additive' EQ more difficult to use than 'subtractive'?
Caught with my phone during an exam
Why do testers need root cause analysis?
size of pointers and architecture
Keeping the dodos out of the field
Can diplomats be allowed on the flight deck of a commercial European airline?
mmap: effect of other processes writing to a file previously mapped read-only
Adobe Illustrator: How can I change the profile of a dashed stroke?
Does attacking (or having a rider attack) cancel Charge/Pounce-like abilities?
Why is Ni[(PPh₃)₂Cl₂] tetrahedral?
Was murdering a slave illegal in American slavery, and if so, what punishments were given for it?
Dante blocking some localhost connections
Setting up dante socks serverPassive ssh/telnet server?How to allow remote connections from non localhost clients with ssh remote port forwarding?Routing specific server traffic through my VPSVPN client blocked through squid serverHow do you use ELB's support for PROXY protocol version 1 securely?Tunnel windows VPN through SSHHow to duplicate TCP traffic to one or multiple remote servers for benchmarking purposes?ssh tunneling on the same machineDante server Pam authentication does not work
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I connect through a tunnel to Dante. It works but still blocks two of the apps that I need to work through the SOCKS proxy
Aug 28 14:20:24 (1377699624) danted[3519]: block(1): tcp/connect [: 127.0.0.1.51519 -> 127.0.0.1.30000
Aug 28 14:20:33 (1377699633) danted[3519]: block(1): tcp/connect [: 127.0.0.1.51527 -> 127.0.0.1.6112
That is what it says on the logs. My config is :
#Where are we going to log all those useful error messages?
logoutput: /var/log/dante.log
#What ip and port should Dante listen on,
# since I am only going to be using this via SSH
#I only want to allow connections over the loopback
internal: 127.0.0.1 port = 1080
#Bind to the eth0 interface
external: eth0
#Since I am only accepting connections over the loopback,
# the only people that COULD connect
# would already be authenticated,
# no need to have dante authenticate also
method: username none
#Which unprivileged user will Dante impersonate if need-be?
user.notprivileged: nobody
# Who can access this proxy?
# Accept only connections from the loopback, all ports
client pass
from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
#Block all other connection attempts
client block
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
# Once connected, where can they go?
block
from: 0.0.0.0/0 to: 127.0.0.0/8
log: connect error
#Pass from the internal IP to anywhere
pass
from: 192.168.0.0/16 to: 0.0.0.0/0
protocol: tcp udp
#Pass from the loopback going anywhere
pass
from: 127.0.0.0/8 to: 0.0.0.0/0
protocol: tcp udp
# Block everything else
block
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
Do you know what happens here ? I'm pretty confused
ssh proxy dante
asked Aug 28 '13 at 14:55
Chroma FunkChroma Funk
85
add a comment |
I connect through a tunnel to Dante. It works but still blocks two of the apps that I need to work through the SOCKS proxy
Aug 28 14:20:24 (1377699624) danted[3519]: block(1): tcp/connect [: 127.0.0.1.51519 -> 127.0.0.1.30000
Aug 28 14:20:33 (1377699633) danted[3519]: block(1): tcp/connect [: 127.0.0.1.51527 -> 127.0.0.1.6112
That is what it says on the logs. My config is :
#Where are we going to log all those useful error messages?
logoutput: /var/log/dante.log
#What ip and port should Dante listen on,
# since I am only going to be using this via SSH
#I only want to allow connections over the loopback
internal: 127.0.0.1 port = 1080
#Bind to the eth0 interface
external: eth0
#Since I am only accepting connections over the loopback,
# the only people that COULD connect
# would already be authenticated,
# no need to have dante authenticate also
method: username none
#Which unprivileged user will Dante impersonate if need-be?
user.notprivileged: nobody
# Who can access this proxy?
# Accept only connections from the loopback, all ports
client pass
from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
#Block all other connection attempts
client block
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
# Once connected, where can they go?
block
from: 0.0.0.0/0 to: 127.0.0.0/8
log: connect error
#Pass from the internal IP to anywhere
pass
from: 192.168.0.0/16 to: 0.0.0.0/0
protocol: tcp udp
#Pass from the loopback going anywhere
pass
from: 127.0.0.0/8 to: 0.0.0.0/0
protocol: tcp udp
# Block everything else
block
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
Do you know what happens here ? I'm pretty confused
ssh proxy dante
asked Aug 28 '13 at 14:55
Chroma FunkChroma Funk
85
add a comment |
I connect through a tunnel to Dante. It works but still blocks two of the apps that I need to work through the SOCKS proxy
Aug 28 14:20:24 (1377699624) danted[3519]: block(1): tcp/connect [: 127.0.0.1.51519 -> 127.0.0.1.30000
Aug 28 14:20:33 (1377699633) danted[3519]: block(1): tcp/connect [: 127.0.0.1.51527 -> 127.0.0.1.6112
That is what it says on the logs. My config is :
#Where are we going to log all those useful error messages?
logoutput: /var/log/dante.log
#What ip and port should Dante listen on,
# since I am only going to be using this via SSH
#I only want to allow connections over the loopback
internal: 127.0.0.1 port = 1080
#Bind to the eth0 interface
external: eth0
#Since I am only accepting connections over the loopback,
# the only people that COULD connect
# would already be authenticated,
# no need to have dante authenticate also
method: username none
#Which unprivileged user will Dante impersonate if need-be?
user.notprivileged: nobody
# Who can access this proxy?
# Accept only connections from the loopback, all ports
client pass
from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
#Block all other connection attempts
client block
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
# Once connected, where can they go?
block
from: 0.0.0.0/0 to: 127.0.0.0/8
log: connect error
#Pass from the internal IP to anywhere
pass
from: 192.168.0.0/16 to: 0.0.0.0/0
protocol: tcp udp
#Pass from the loopback going anywhere
pass
from: 127.0.0.0/8 to: 0.0.0.0/0
protocol: tcp udp
# Block everything else
block
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
Do you know what happens here ? I'm pretty confused
ssh proxy dante
asked Aug 28 '13 at 14:55
Chroma FunkChroma Funk
85
I connect through a tunnel to Dante. It works but still blocks two of the apps that I need to work through the SOCKS proxy
Aug 28 14:20:24 (1377699624) danted[3519]: block(1): tcp/connect [: 127.0.0.1.51519 -> 127.0.0.1.30000
Aug 28 14:20:33 (1377699633) danted[3519]: block(1): tcp/connect [: 127.0.0.1.51527 -> 127.0.0.1.6112
That is what it says on the logs. My config is :
#Where are we going to log all those useful error messages?
logoutput: /var/log/dante.log
#What ip and port should Dante listen on,
# since I am only going to be using this via SSH
#I only want to allow connections over the loopback
internal: 127.0.0.1 port = 1080
#Bind to the eth0 interface
external: eth0
#Since I am only accepting connections over the loopback,
# the only people that COULD connect
# would already be authenticated,
# no need to have dante authenticate also
method: username none
#Which unprivileged user will Dante impersonate if need-be?
user.notprivileged: nobody
# Who can access this proxy?
# Accept only connections from the loopback, all ports
client pass
from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
#Block all other connection attempts
client block
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
# Once connected, where can they go?
block
from: 0.0.0.0/0 to: 127.0.0.0/8
log: connect error
#Pass from the internal IP to anywhere
pass
from: 192.168.0.0/16 to: 0.0.0.0/0
protocol: tcp udp
#Pass from the loopback going anywhere
pass
from: 127.0.0.0/8 to: 0.0.0.0/0
protocol: tcp udp
# Block everything else
block
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
Do you know what happens here ? I'm pretty confused
ssh proxy dante
ssh proxy dante
asked Aug 28 '13 at 14:55
Chroma FunkChroma Funk
85
asked Aug 28 '13 at 14:55
Chroma FunkChroma Funk
85
asked Aug 28 '13 at 14:55
Chroma FunkChroma Funk
85
asked Aug 28 '13 at 14:55
Chroma FunkChroma Funk
85
asked Aug 28 '13 at 14:55
Chroma FunkChroma Funk
85
85
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
You should read the documentation.
Dante rules are processed on a first-match basis, and all addresses match 0.0.0.0/0. So, rewrite those rules to do what you actually want, keeping the block rule at the end.
We have no information about what it does work for, but I'd have to assume the things it does work on aren't at localhost or aren't being proxied.
Something to bear in mind also is that when you access localhost through a proxy, the endpoint will be the proxy's loopback interface, not yours. However, as you're running the proxy on the same computer as you are accessing and hosting stuff (for some reason), it doesn't matter in this particular case. However, this is why blocking loopback on proxies is common.
answered Nov 17 '13 at 23:04
Falcon MomotFalcon Momot
22.8k104979
add a comment |
You are blocking traffic from any ip to loopback ip. Fix your first "block" statement.
answered Nov 17 '13 at 21:25
RebellRebell
1
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f534518%2fdante-blocking-some-localhost-connections%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You should read the documentation.
Dante rules are processed on a first-match basis, and all addresses match 0.0.0.0/0. So, rewrite those rules to do what you actually want, keeping the block rule at the end.
We have no information about what it does work for, but I'd have to assume the things it does work on aren't at localhost or aren't being proxied.
Something to bear in mind also is that when you access localhost through a proxy, the endpoint will be the proxy's loopback interface, not yours. However, as you're running the proxy on the same computer as you are accessing and hosting stuff (for some reason), it doesn't matter in this particular case. However, this is why blocking loopback on proxies is common.
answered Nov 17 '13 at 23:04
Falcon MomotFalcon Momot
22.8k104979
add a comment |
You should read the documentation.
Dante rules are processed on a first-match basis, and all addresses match 0.0.0.0/0. So, rewrite those rules to do what you actually want, keeping the block rule at the end.
We have no information about what it does work for, but I'd have to assume the things it does work on aren't at localhost or aren't being proxied.
Something to bear in mind also is that when you access localhost through a proxy, the endpoint will be the proxy's loopback interface, not yours. However, as you're running the proxy on the same computer as you are accessing and hosting stuff (for some reason), it doesn't matter in this particular case. However, this is why blocking loopback on proxies is common.
answered Nov 17 '13 at 23:04
Falcon MomotFalcon Momot
22.8k104979
add a comment |
You should read the documentation.
Dante rules are processed on a first-match basis, and all addresses match 0.0.0.0/0. So, rewrite those rules to do what you actually want, keeping the block rule at the end.
We have no information about what it does work for, but I'd have to assume the things it does work on aren't at localhost or aren't being proxied.
Something to bear in mind also is that when you access localhost through a proxy, the endpoint will be the proxy's loopback interface, not yours. However, as you're running the proxy on the same computer as you are accessing and hosting stuff (for some reason), it doesn't matter in this particular case. However, this is why blocking loopback on proxies is common.
answered Nov 17 '13 at 23:04
Falcon MomotFalcon Momot
22.8k104979
You should read the documentation.
Dante rules are processed on a first-match basis, and all addresses match 0.0.0.0/0. So, rewrite those rules to do what you actually want, keeping the block rule at the end.
We have no information about what it does work for, but I'd have to assume the things it does work on aren't at localhost or aren't being proxied.
Something to bear in mind also is that when you access localhost through a proxy, the endpoint will be the proxy's loopback interface, not yours. However, as you're running the proxy on the same computer as you are accessing and hosting stuff (for some reason), it doesn't matter in this particular case. However, this is why blocking loopback on proxies is common.
answered Nov 17 '13 at 23:04
Falcon MomotFalcon Momot
22.8k104979
answered Nov 17 '13 at 23:04
Falcon MomotFalcon Momot
22.8k104979
answered Nov 17 '13 at 23:04
Falcon MomotFalcon Momot
22.8k104979
answered Nov 17 '13 at 23:04
Falcon MomotFalcon Momot
22.8k104979
22.8k104979
add a comment |
add a comment |
You are blocking traffic from any ip to loopback ip. Fix your first "block" statement.
answered Nov 17 '13 at 21:25
RebellRebell
1
add a comment |
You are blocking traffic from any ip to loopback ip. Fix your first "block" statement.
answered Nov 17 '13 at 21:25
RebellRebell
1
add a comment |
You are blocking traffic from any ip to loopback ip. Fix your first "block" statement.
answered Nov 17 '13 at 21:25
RebellRebell
1
You are blocking traffic from any ip to loopback ip. Fix your first "block" statement.
answered Nov 17 '13 at 21:25
RebellRebell
1
answered Nov 17 '13 at 21:25
RebellRebell
1
answered Nov 17 '13 at 21:25
RebellRebell
1
answered Nov 17 '13 at 21:25
RebellRebell
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f534518%2fdante-blocking-some-localhost-connections%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
