I have a small forex business company I am consulting for and they’re a startup. I installed nethserver for them to test and they’re having a problem with their freelance traders. Instead of trading on their platform, they opt for trading on another platform with the same mt4 software. I downloaded the .srv files which contains the trading server IPS and I added the IPS to content filter to block them but still the servers are not blocked. How do I resolve this. Thanks for all your assistance.
You could create a firewall object for each ip or for a network and block this with a firewall rule.
If you need more assistance don’t be shy to ask.
thanks. i have done that but it didn’t work and now i am having another problem. The company website doesn’t load very well on nethserver and i have done everything to get it working but to no avail. secondly, despite adding the company trading server url to the domains without proxy, the servers are blocked until i disable the bock http and https ports
Do you use manual, auth or transparent proxy?
Do your clients use Nethserver as gateway and DNS server?
What kind of company website do you use? Are there special needs like PHP version or some cache? How did you install the site, in /var/www/html or with some virtualhost config?
You can go via proxy or via gateway, there are just these two possibilities so if you want to browse to “domains without proxy” you shouldn’t block the ports.
http://docs.nethserver.org/en/v7/web_proxy.html#client-configuration
the company website is not hosted locally. www.rally.trade the website loads halfway and i have tried everything.
secondly, if i block https and http ports in web proxy, their trading server will be blocked despite the fact that it is not listed among the blacklisted domains or url. the 2 sites are listed below
real3a.xtb.com
demob.xtb.com
I couldn’t reproduce it, the rally trade site opens without problems, I am using transparent proxy with SSL.
Did you try if rally trade works without content filter or proxy? Could it be a browser problem?
Are errors in /var/log/squid/*?
You shouldn’t block http/https ports when using proxy exceptions because a proxy exception needs open HTTP/HTTPS ports to work. The “block HTTP/HTTPS ports” function is used to force clients to use the proxy and never bypass it by blocking the ports they use for browsing over the gateway.
BTW, I couldn’t access the xtb sites at all, even without a proxy (Timeout and no route to host errors)
hnmmm you cant because theyre trading servers. you can only ping them. thanks for your quick answers.
but why is it that the sites are blocked by default the moment i enable web proxy and content filter?
Blocked like this? If yes which category?
You may check /var/log/ufdbguard/ufdbguardd.log to see block details. It may be blocked because blocking access using IP addresses or because of some category. You may edit the filter you are using or add the site to the global whitelist.
the mt4 trading software pings the servers and they turn blue if theyre available and red if theyre not. the servers are blocked by default on nethserver the moment i activate web proxy and content filter. if i disable them, they connect immediately
I can’t reproduce it.
I used transparent proxy, blocked direct IP access, disabled HTTP/HTTPS which should not matter in case of ping and ping still worked. Only way to stop ping from working is to block access to red in firewall configuration.
Maybe they use some other method to check their servers?
Do you have the possibility to set Nethserver as proxy in the mt4 trading software settings?
Can you please post the output of these commands to check your proxy/content filter configuration:
config show squid
config show squidguard
db contentfilter show
this are the trading servers that belongs to the company. these servers does not connect the moment i enable web proxy with blocked http/https ports. why are they not working even when it is not listed in domains without proxy thanks a billion for all your help
OK so it seems the only way to make it work is to uncheck “Block HTTP/HTTPS ports”.
Good question. I don’t know how the software wants to connect to the server. What about setting a proxy in the software, I found this:
hnmm but i already designated the transparent proxy
another thing that baffles me is that no matter how much i list the sites like alpari.com and others on blacklist they still bypass the blacklist for mt4 to connect to them. my only option is to use hosts to point them to 0.0.0.0
@dnutan @mrmarkuz @stephdl Nethserver has solved a lot of problems for me and you guys are well appreciated. The issue of this mt4 is the only remaining issue i have. i have configured the server to block connections to some trading servers with content filter blacklist domain and url but the sites still bypass the server and i had to use hosts to point them to 0.0.0.0. Is there another way to block these servers with nethserver.
Examples of these servers are dc1.mt4contest.alpari.org dc1.mt4cent.forextime.com
1 Like
Another way to block the servers are custom categories in the content filter:
http://docs.nethserver.org/en/v7/content_filter.html#web-content-filter
Just create a custom category, enter the server domains and set the filter to block the custom category.
1 Like
let me try it i’ll get back to you
Do they? If not, every traffic would bypass the proxy.
1 Like
yes, my clients are going through nethserver