?
Solved

IPTABLE DANSGUARDIAN CENTOS 5.1

Posted on 2008-06-14
6
Medium Priority
?
875 Views
Last Modified: 2013-11-16
Hi Experts ;
I have a cent os 5.1 using firewall with ip tables and content filtering with dansguardian.Both seems working without a problem.I have restricted user and unrestricted user on DG.My customer want me convert  some restricrted ips to unrestricted ips after 6:00 pm till 8:00 Am everyday.So I want to understand how I can make some ip restricted and unrestricted for temporary basis.
Thanks For help !
0
Comment
Question by:mehmetinoglu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21784694
0
 

Author Comment

by:mehmetinoglu
ID: 21784826
Hi shakoush2001 ;
I am using dansguardian.So if I change my webport 3128 proxy redirection to 80(on dansguardian) all user probably take full right to access net. I want to create group in dansguardian for ip address(
sometimes full right(not going through DG filter), some times restricted as user(go through DG filter.)May be I have two exceptioniplist coluld be scheduled appropriate time.To become more spesific
My Exception Iplist
10.10.0.20
10.10.0.24
I want add ips 10.10.0.17 and 10.10.0.29 above list at 06:00 PM - 09:00 AM
And remove added ips after 09:00 AM to 06:00 PM
Thxs  
0
 

Author Comment

by:mehmetinoglu
ID: 21784874
by the way
I can use to exceptioniplist
exceptionlist for original users ip--->a
exception list for temporary users ip and original users-->b
To convert restricted user to full user access I can copy "b" over exceptioniplist as exceptioniplist then restart dansguardian to take effect
To convert ip tables original state,I can copy a over exceptioniplist as exceptioniplist then restart dansguardian to take effect
If  we accept that solution
How can I copy a or b over exceptioniplist as exceptioniplist? And restart dansguardian service.
How can I put two of those procedure  in scheduled basis on Centos5.1?

0
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21784983


Try this..the 3rd and 4th rule will only match in the time stated.


iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.24 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.20 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.17 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.29 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
0
 

Author Comment

by:mehmetinoglu
ID: 21785080
I hope this can solve my problem.But when I put time option and restart my iptable script I get
"iptables v1.3.5: Couldn't load match `--timestart':/lib/iptables/libipt_--timestart.so: cannot open shared object file: No such file or directory" error.
I think I should update something about my iptable and kernel.Anyone advise me how I can do this.
0
 
LVL 27

Accepted Solution

by:
Nopius earned 750 total points
ID: 21862641
All missed extensions can be installed with patch-o-matic: http://netfilter.org/projects/patch-o-matic/index.html

Read about 'time patch' extension:
http://netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO.html

extentions HOWTO is a little bit obsolete, so you should get patch-o-matic not from CVS, but from git: http://git.netfilter.org/cgi-bin/gitweb.cgi

On CentOS:

1) Install 'git' (as root):
cd /etc/yum.repos.d
wget http://www.kernel.org/pub/software/scm/git/RPMS/git.repo
yum install git

2) You might also need the latest 'kernel', 'kernel-headers' and 'kernel-devel' packages:
yum install kernel kernel-headers kernel-devel
You may skip this step now, until patch-o-matic will try to compile modules and only then, in case of an error, install kernel headers.

3) Download the latest patch-o-matic git tree:
cd /tmp
git clone git://git.netfilter.org/patch-o-matic-ng.git

Now you should have a local copy of http://git.netfilter.org/cgi-bin/gitweb.cgi?p=patch-o-matic-ng.git;a=tree

4) Currently 'time' extension is external to netfilter source tree: http://people.netfilter.org/ole/pom/ so download it as described here.

5) Build your patches. Follow patch-o-matic README (and listed above extansion HOWTO): http://git.netfilter.org/cgi-bin/gitweb.cgi?p=patch-o-matic-ng.git;a=blob_plain;f=README;hb=HEAD
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month9 days, 18 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question