Re: [cobalt-users] Hijacking of Cache Servers

[Jeff Bilicki <jeffb@xxxxxxxxxx>]

I would suggest adding an ipfwadm route manually to the CacheRaQ

/sbin/ipfwadm -I -a deny -W ethx -P tcp -S x.x.x.0/24 -D y.y.y.y 80
or
/sbin/ipfwadm -I -a reject -W ethx -P tcp -S x.x.x.0/24 -D y.y.y.y 80

x.x.x.0 =  The ip subnet of the offending parties (x.x.0.0/16,
x.0.0.0/8, etc)
y.y.y.y =  The ip address of the CacheRaQ
ethx = the ethernet interface with the external IP address

Use port 80 if you are using transparent caching, 8080 if normal.   
These should be put in  /etc/rc.d/init.d/cacheqube-ipfwadm.init.  I'd
use deny, because it will hang the clients trying to abuse your cache,
reject will give them a clean fail, but that is just me.

Jeff- 

Pete Starnes wrote:
> 
> I've got a serious problem here and Cobalt seems unwilling to help (unless
> of course I'm willing to pay $200 per hour for support).  I have 3
> CacheRaq's that are being hijacked by ISP's over seas...lots from Japan,
> Russia, England...all over...are for some reason pointing their dial in
> clients to my cache servers.  It's eating up all of my incoming and outgoing
> bandwidth.
> 
> Can someone please tell me how to restrict client access to only those
> clients from within my IP ranges?
> 
> Thanks in advance.
> 
> Pete Starnes
> President
> NorthEast Texas Online, Inc.
> 
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-users