• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 878
  • Last Modified:

IPTABLE DANSGUARDIAN CENTOS 5.1

Hi Experts ;
I have a cent os 5.1 using firewall with ip tables and content filtering with dansguardian.Both seems working without a problem.I have restricted user and unrestricted user on DG.My customer want me convert  some restricrted ips to unrestricted ips after 6:00 pm till 8:00 Am everyday.So I want to understand how I can make some ip restricted and unrestricted for temporary basis.
Thanks For help !
0
mehmetinoglu
Asked:
mehmetinoglu
  • 3
  • 2
1 Solution
 
mehmetinogluAuthor Commented:
Hi shakoush2001 ;
I am using dansguardian.So if I change my webport 3128 proxy redirection to 80(on dansguardian) all user probably take full right to access net. I want to create group in dansguardian for ip address(
sometimes full right(not going through DG filter), some times restricted as user(go through DG filter.)May be I have two exceptioniplist coluld be scheduled appropriate time.To become more spesific
My Exception Iplist
10.10.0.20
10.10.0.24
I want add ips 10.10.0.17 and 10.10.0.29 above list at 06:00 PM - 09:00 AM
And remove added ips after 09:00 AM to 06:00 PM
Thxs  
0
 
mehmetinogluAuthor Commented:
by the way
I can use to exceptioniplist
exceptionlist for original users ip--->a
exception list for temporary users ip and original users-->b
To convert restricted user to full user access I can copy "b" over exceptioniplist as exceptioniplist then restart dansguardian to take effect
To convert ip tables original state,I can copy a over exceptioniplist as exceptioniplist then restart dansguardian to take effect
If  we accept that solution
How can I copy a or b over exceptioniplist as exceptioniplist? And restart dansguardian service.
How can I put two of those procedure  in scheduled basis on Centos5.1?

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
http:// thevpn.guruCommented:


Try this..the 3rd and 4th rule will only match in the time stated.


iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.24 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.20 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.17 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.29 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
0
 
mehmetinogluAuthor Commented:
I hope this can solve my problem.But when I put time option and restart my iptable script I get
"iptables v1.3.5: Couldn't load match `--timestart':/lib/iptables/libipt_--timestart.so: cannot open shared object file: No such file or directory" error.
I think I should update something about my iptable and kernel.Anyone advise me how I can do this.
0
 
NopiusCommented:
All missed extensions can be installed with patch-o-matic: http://netfilter.org/projects/patch-o-matic/index.html

Read about 'time patch' extension:
http://netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO.html

extentions HOWTO is a little bit obsolete, so you should get patch-o-matic not from CVS, but from git: http://git.netfilter.org/cgi-bin/gitweb.cgi

On CentOS:

1) Install 'git' (as root):
cd /etc/yum.repos.d
wget http://www.kernel.org/pub/software/scm/git/RPMS/git.repo
yum install git

2) You might also need the latest 'kernel', 'kernel-headers' and 'kernel-devel' packages:
yum install kernel kernel-headers kernel-devel
You may skip this step now, until patch-o-matic will try to compile modules and only then, in case of an error, install kernel headers.

3) Download the latest patch-o-matic git tree:
cd /tmp
git clone git://git.netfilter.org/patch-o-matic-ng.git

Now you should have a local copy of http://git.netfilter.org/cgi-bin/gitweb.cgi?p=patch-o-matic-ng.git;a=tree

4) Currently 'time' extension is external to netfilter source tree: http://people.netfilter.org/ole/pom/ so download it as described here.

5) Build your patches. Follow patch-o-matic README (and listed above extansion HOWTO): http://git.netfilter.org/cgi-bin/gitweb.cgi?p=patch-o-matic-ng.git;a=blob_plain;f=README;hb=HEAD
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now