LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 08-25-2004, 07:29 PM   #1
Louie55
Member
 
Registered: Oct 2003
Location: Nebraska
Distribution: SuSE 9.0, Redhat 9.0
Posts: 41

Rep: Reputation: 15
Networking with Dansguardian...please help!


I am building a Redhat 9 box to use as an internet filter with Dansguardian. I need my network to go in this order.

DSL Modem----------->RH9 Box---------->Wireless Router---------) ) ) ) Wireless Network

I have 2 network cards installed in the box. Right now, The filter is working ok if I am sitting on the RH9 box. But I cannot get it to work when I use a different computer connected to the internet through the RH9 box. The RH9 Box can get to the internet fine through eth1 and I am connecting it to my network on eth0. My question is, how do I setup my network cards? eth1 is setup to use DHCP and right now is getting a 10.0.0.13/24 address. Does eth0 need to be setup on the same 10.0.0.0/24 network? Or does it have to be on a different network? Please explain how I should address everything. thanks.

Louie
 
Old 08-26-2004, 04:19 AM   #2
Robert0380
LQ Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
i have **NO** clue what dansguardian is so i'll give you my script i made that sets up a gateway without any additional software and should work on any Linux system with iptables:

For this example, eth0 will be 192.168.0.1 and all computer on that side should be 192.168.0.2 to 192.168.0.254 i.e. 192.168.0.0/24. I run the IFCONFIG for you in this script also so when you get this edited to your liking, just call it from /etc/rc.local and it will set everything up on boot.

example rc.local if the path of the script is /ect/gateway.sh
Code:
sh /etc/gateway.sh
that's it


Also, there are examples at the bottom if you want to allow services like SMTP, SSH, HTTP....etc on the gateway box. Just uncomment the line with the IPTABLES rule an re-run the script as root.



Code:
#!/bin/bash

IPTABLES="/sbin/iptables"
NET_IFACE="eth1"    ######  change this to whatever NIC goes out to the interet #######
LAN_IFACE="eth0"    ######  change this to whatever NIC is on the LAN (non-internet side) #######
IFCONFIG="/sbin/ifconfig"
GATEWAY_IP="192.168.0.1"   
NETMASK="255.255.255.0"  
BCAST="192.168.0.255"      
LAN="192.168.0.0/24"       ##

### Make sure ip_forward is on ###
echo "1" > /proc/sys/net/ipv4/ip_forward

### Setup the LAN interface ####
$IFCONFIG $LAN_IFACE $GATEWAY_IP netmask $NETMASK broadcast $BCAST
$IFCONFIG $LAN_IFACE up

#### Flush tables ###
$IPTABLES -F
$IPTABLES -t nat -F

#### Security stuff #####
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

### Allow forwarding to LAN ###
echo "Turning on forwarding to LAN"
$IPTABLES -A FORWARD -s $LAN -j ACCEPT
$IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

### Allow INPUT from LAN ####
echo "Allowing INPUT from LAN"
$IPTABLES -A INPUT -s $LAN -j ACCEPT
$IPTABLES -A INPUT -i lo -j ACCEPT ## Allow iput from self


###  MAQUERADE ###
echo "MAQUERADEing"
$IPTABLES -A POSTROUTING -t nat -o $NET_IFACE -j MASQUERADE


### NOTES ####
# this makes your box pretty secure but u cant
# run any servers from it, uncomment the rules below to
# open up certain ports

## Open up SSH port#
#$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

## HTTP port (web server) ##
#$IPTABLES -A INPUT -p tcp --dport 80 -j ACCEPT

## Email server port ##
#$IPTABLES -A INPUT -p tcp --dport 25 -j ACCEPT

again, i dont know what the hell that guadian software is so i make no mention of it here.
 
Old 08-26-2004, 10:22 AM   #3
Louie55
Member
 
Registered: Oct 2003
Location: Nebraska
Distribution: SuSE 9.0, Redhat 9.0
Posts: 41

Original Poster
Rep: Reputation: 15
Thanks for the info and the script! Dansguardian is an Open Source Internet filter. http://dansguardian.org For those of you who do know what dansguardian is, I am also having trouble making it a transparent proxy using iptables firewall. I've read the HOWTO's and I don't know if it's working right. Is there any way to test if I did it right?

Louie
 
Old 08-26-2004, 11:17 AM   #4
Louie55
Member
 
Registered: Oct 2003
Location: Nebraska
Distribution: SuSE 9.0, Redhat 9.0
Posts: 41

Original Poster
Rep: Reputation: 15
Robert0380....Thank you so much for the script! It now works perfectly! I just added a few lines to it to redirect port 80 requests to port 8080 to make it a transparent proxy. Thanks again.

Louie
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
using DansGuardian Trio3b Linux - Security 4 12-02-2005 03:18 AM
Dansguardian with ClamAV jomy Linux - Networking 0 11-30-2005 12:28 AM
Dansguardian jomy Linux - Networking 2 11-27-2005 09:56 AM
dansguardian without another system germanyzulu Linux - Networking 3 10-28-2005 11:32 PM
Dansguardian mahmoudkhn Linux - Networking 4 12-20-2004 06:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration