Solved

IPTABLE DANSGUARDIAN CENTOS 5.1

Posted on 2008-06-14
6
865 Views
Last Modified: 2013-11-16
Hi Experts ;
I have a cent os 5.1 using firewall with ip tables and content filtering with dansguardian.Both seems working without a problem.I have restricted user and unrestricted user on DG.My customer want me convert  some restricrted ips to unrestricted ips after 6:00 pm till 8:00 Am everyday.So I want to understand how I can make some ip restricted and unrestricted for temporary basis.
Thanks For help !
0
Comment
Question by:mehmetinoglu
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21784694
0
 

Author Comment

by:mehmetinoglu
ID: 21784826
Hi shakoush2001 ;
I am using dansguardian.So if I change my webport 3128 proxy redirection to 80(on dansguardian) all user probably take full right to access net. I want to create group in dansguardian for ip address(
sometimes full right(not going through DG filter), some times restricted as user(go through DG filter.)May be I have two exceptioniplist coluld be scheduled appropriate time.To become more spesific
My Exception Iplist
10.10.0.20
10.10.0.24
I want add ips 10.10.0.17 and 10.10.0.29 above list at 06:00 PM - 09:00 AM
And remove added ips after 09:00 AM to 06:00 PM
Thxs  
0
 

Author Comment

by:mehmetinoglu
ID: 21784874
by the way
I can use to exceptioniplist
exceptionlist for original users ip--->a
exception list for temporary users ip and original users-->b
To convert restricted user to full user access I can copy "b" over exceptioniplist as exceptioniplist then restart dansguardian to take effect
To convert ip tables original state,I can copy a over exceptioniplist as exceptioniplist then restart dansguardian to take effect
If  we accept that solution
How can I copy a or b over exceptioniplist as exceptioniplist? And restart dansguardian service.
How can I put two of those procedure  in scheduled basis on Centos5.1?

0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21784983


Try this..the 3rd and 4th rule will only match in the time stated.


iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.24 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.20 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.17 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.29 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
0
 

Author Comment

by:mehmetinoglu
ID: 21785080
I hope this can solve my problem.But when I put time option and restart my iptable script I get
"iptables v1.3.5: Couldn't load match `--timestart':/lib/iptables/libipt_--timestart.so: cannot open shared object file: No such file or directory" error.
I think I should update something about my iptable and kernel.Anyone advise me how I can do this.
0
 
LVL 27

Accepted Solution

by:
Nopius earned 250 total points
ID: 21862641
All missed extensions can be installed with patch-o-matic: http://netfilter.org/projects/patch-o-matic/index.html

Read about 'time patch' extension:
http://netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO.html

extentions HOWTO is a little bit obsolete, so you should get patch-o-matic not from CVS, but from git: http://git.netfilter.org/cgi-bin/gitweb.cgi

On CentOS:

1) Install 'git' (as root):
cd /etc/yum.repos.d
wget http://www.kernel.org/pub/software/scm/git/RPMS/git.repo
yum install git

2) You might also need the latest 'kernel', 'kernel-headers' and 'kernel-devel' packages:
yum install kernel kernel-headers kernel-devel
You may skip this step now, until patch-o-matic will try to compile modules and only then, in case of an error, install kernel headers.

3) Download the latest patch-o-matic git tree:
cd /tmp
git clone git://git.netfilter.org/patch-o-matic-ng.git

Now you should have a local copy of http://git.netfilter.org/cgi-bin/gitweb.cgi?p=patch-o-matic-ng.git;a=tree

4) Currently 'time' extension is external to netfilter source tree: http://people.netfilter.org/ole/pom/ so download it as described here.

5) Build your patches. Follow patch-o-matic README (and listed above extansion HOWTO): http://git.netfilter.org/cgi-bin/gitweb.cgi?p=patch-o-matic-ng.git;a=blob_plain;f=README;hb=HEAD
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now