Solved

IPTABLE DANSGUARDIAN CENTOS 5.1

Posted on 2008-06-14
6
874 Views
Last Modified: 2013-11-16
Hi Experts ;
I have a cent os 5.1 using firewall with ip tables and content filtering with dansguardian.Both seems working without a problem.I have restricted user and unrestricted user on DG.My customer want me convert  some restricrted ips to unrestricted ips after 6:00 pm till 8:00 Am everyday.So I want to understand how I can make some ip restricted and unrestricted for temporary basis.
Thanks For help !
0
Comment
Question by:mehmetinoglu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21784694
0
 

Author Comment

by:mehmetinoglu
ID: 21784826
Hi shakoush2001 ;
I am using dansguardian.So if I change my webport 3128 proxy redirection to 80(on dansguardian) all user probably take full right to access net. I want to create group in dansguardian for ip address(
sometimes full right(not going through DG filter), some times restricted as user(go through DG filter.)May be I have two exceptioniplist coluld be scheduled appropriate time.To become more spesific
My Exception Iplist
10.10.0.20
10.10.0.24
I want add ips 10.10.0.17 and 10.10.0.29 above list at 06:00 PM - 09:00 AM
And remove added ips after 09:00 AM to 06:00 PM
Thxs  
0
 

Author Comment

by:mehmetinoglu
ID: 21784874
by the way
I can use to exceptioniplist
exceptionlist for original users ip--->a
exception list for temporary users ip and original users-->b
To convert restricted user to full user access I can copy "b" over exceptioniplist as exceptioniplist then restart dansguardian to take effect
To convert ip tables original state,I can copy a over exceptioniplist as exceptioniplist then restart dansguardian to take effect
If  we accept that solution
How can I copy a or b over exceptioniplist as exceptioniplist? And restart dansguardian service.
How can I put two of those procedure  in scheduled basis on Centos5.1?

0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21784983


Try this..the 3rd and 4th rule will only match in the time stated.


iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.24 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.20 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.17 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING-p tcp --dport 80 --source 10.10.0.29 --timestart 18:00 --timestop 8:00  -j REDIRECT --to-port 8080
0
 

Author Comment

by:mehmetinoglu
ID: 21785080
I hope this can solve my problem.But when I put time option and restart my iptable script I get
"iptables v1.3.5: Couldn't load match `--timestart':/lib/iptables/libipt_--timestart.so: cannot open shared object file: No such file or directory" error.
I think I should update something about my iptable and kernel.Anyone advise me how I can do this.
0
 
LVL 27

Accepted Solution

by:
Nopius earned 250 total points
ID: 21862641
All missed extensions can be installed with patch-o-matic: http://netfilter.org/projects/patch-o-matic/index.html

Read about 'time patch' extension:
http://netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO.html

extentions HOWTO is a little bit obsolete, so you should get patch-o-matic not from CVS, but from git: http://git.netfilter.org/cgi-bin/gitweb.cgi

On CentOS:

1) Install 'git' (as root):
cd /etc/yum.repos.d
wget http://www.kernel.org/pub/software/scm/git/RPMS/git.repo
yum install git

2) You might also need the latest 'kernel', 'kernel-headers' and 'kernel-devel' packages:
yum install kernel kernel-headers kernel-devel
You may skip this step now, until patch-o-matic will try to compile modules and only then, in case of an error, install kernel headers.

3) Download the latest patch-o-matic git tree:
cd /tmp
git clone git://git.netfilter.org/patch-o-matic-ng.git

Now you should have a local copy of http://git.netfilter.org/cgi-bin/gitweb.cgi?p=patch-o-matic-ng.git;a=tree

4) Currently 'time' extension is external to netfilter source tree: http://people.netfilter.org/ole/pom/ so download it as described here.

5) Build your patches. Follow patch-o-matic README (and listed above extansion HOWTO): http://git.netfilter.org/cgi-bin/gitweb.cgi?p=patch-o-matic-ng.git;a=blob_plain;f=README;hb=HEAD
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question