Solved

IPTABLE DANSGUARDIAN CENTOS 5.1

Posted on 2008-06-14
6
872 Views
Last Modified: 2013-11-16
Hi Experts ;
I have a cent os 5.1 using firewall with ip tables and content filtering with dansguardian.Both seems working without a problem.I have restricted user and unrestricted user on DG.My customer want me convert  some restricrted ips to unrestricted ips after 6:00 pm till 8:00 Am everyday.So I want to understand how I can make some ip restricted and unrestricted for temporary basis.
Thanks For help !
0
Comment
Question by:mehmetinoglu
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21784694
0
 

Author Comment

by:mehmetinoglu
ID: 21784826
Hi shakoush2001 ;
I am using dansguardian.So if I change my webport 3128 proxy redirection to 80(on dansguardian) all user probably take full right to access net. I want to create group in dansguardian for ip address(
sometimes full right(not going through DG filter), some times restricted as user(go through DG filter.)May be I have two exceptioniplist coluld be scheduled appropriate time.To become more spesific
My Exception Iplist
10.10.0.20
10.10.0.24
I want add ips 10.10.0.17 and 10.10.0.29 above list at 06:00 PM - 09:00 AM
And remove added ips after 09:00 AM to 06:00 PM
Thxs  
0
 

Author Comment

by:mehmetinoglu
ID: 21784874
by the way
I can use to exceptioniplist
exceptionlist for original users ip--->a
exception list for temporary users ip and original users-->b
To convert restricted user to full user access I can copy "b" over exceptioniplist as exceptioniplist then restart dansguardian to take effect
To convert ip tables original state,I can copy a over exceptioniplist as exceptioniplist then restart dansguardian to take effect
If  we accept that solution
How can I copy a or b over exceptioniplist as exceptioniplist? And restart dansguardian service.
How can I put two of those procedure  in scheduled basis on Centos5.1?

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21784983


Try this..the 3rd and 4th rule will only match in the time stated.


iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.24 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.20 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.17 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.29 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
0
 

Author Comment

by:mehmetinoglu
ID: 21785080
I hope this can solve my problem.But when I put time option and restart my iptable script I get
"iptables v1.3.5: Couldn't load match `--timestart':/lib/iptables/libipt_--timestart.so: cannot open shared object file: No such file or directory" error.
I think I should update something about my iptable and kernel.Anyone advise me how I can do this.
0
 
LVL 27

Accepted Solution

by:
Nopius earned 250 total points
ID: 21862641
All missed extensions can be installed with patch-o-matic: http://netfilter.org/projects/patch-o-matic/index.html

Read about 'time patch' extension:
http://netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO.html

extentions HOWTO is a little bit obsolete, so you should get patch-o-matic not from CVS, but from git: http://git.netfilter.org/cgi-bin/gitweb.cgi

On CentOS:

1) Install 'git' (as root):
cd /etc/yum.repos.d
wget http://www.kernel.org/pub/software/scm/git/RPMS/git.repo
yum install git

2) You might also need the latest 'kernel', 'kernel-headers' and 'kernel-devel' packages:
yum install kernel kernel-headers kernel-devel
You may skip this step now, until patch-o-matic will try to compile modules and only then, in case of an error, install kernel headers.

3) Download the latest patch-o-matic git tree:
cd /tmp
git clone git://git.netfilter.org/patch-o-matic-ng.git

Now you should have a local copy of http://git.netfilter.org/cgi-bin/gitweb.cgi?p=patch-o-matic-ng.git;a=tree

4) Currently 'time' extension is external to netfilter source tree: http://people.netfilter.org/ole/pom/ so download it as described here.

5) Build your patches. Follow patch-o-matic README (and listed above extansion HOWTO): http://git.netfilter.org/cgi-bin/gitweb.cgi?p=patch-o-matic-ng.git;a=blob_plain;f=README;hb=HEAD
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ftp to port 21 4 68
centos commands 6 90
HOw To Install Docker on VMware Workstation 19 326
combine Mutt command with a select statement to distribute file in Linux 2 49
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question