Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: boardman on November 06, 2005, 04:40:05 PM

Title: Dans Guardian How To - Do NOT understand this step pls help
Post by: boardman on November 06, 2005, 04:40:05 PM

Hi,

I installed Dans Guardian according to the excellent "How To" by Ray Mitchell, but I do not understand what needs to be done in the following step, can anyone help: (I use SME V6.0)

=====>
To block access to port 80 and 3128 and force users to use 8080

add the following and remove the transproxy lines from masq

The following applies to sme v5.6 or v6.0 which use iptables.

$OUT .= " /sbin/iptables --append Forward$AllowLocals -s $local -p tcp --destination-port 80 -j DROP\n";

$OUT .= " /sbin/iptables --append Forward$AllowLocals -d $local -p tcp --destination-port 80 -j DROP\n";

$OUT .= " /sbin/iptables --append Input$AllowLocals -s $local -p tcp --destination-port 80 -j DROP\n";

$OUT .= " /sbin/iptables --append Forward$AllowLocals -s $local -p tcp --destination-port 3128 -j DROP\n";

$OUT .= " /sbin/iptables --append Forward$AllowLocals -d $local -p tcp --destination-port 3128 -j DROP\n";

$OUT .= " /sbin/iptables --append Input$AllowLocals -s $local -p tcp --destination-port 3128 -j DROP\n";

Expand the template when changes have been made.

<<<<====

I mean, I do know how to expand a template but what I dont get this time is what to delete, and where to add in the transproxy template fragment of masq.

(35transproxy perhaps, if so where? exactly)

Can anyone help me please....

Best

Boardman

Title: Re: Dans Guardian How To - Do NOT understand this step pls
Post by: raem on November 07, 2005, 05:14:04 AM

boardman,

It's still in Draft with that section never completed !

There were some good posts about how to resolve this, search the forums for dansguardian.

Also examine the template fragments here, they may help you sort it out.
http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/contribs/dansguardian/templates/masq/

Title: Thks for reply Ray - but still lost.
Post by: boardman on November 07, 2005, 08:06:57 PM

Thks for the reply Ray.

I checked on the link you posted but still have no clue, I am so confused...

Also searched the phorums for "dansguardian" but the results only refer to your How-To.

Any more help will be really appreciated.

Thks.

Jorge Boardman

Title: Re: Thks for reply Ray - but still lost.
Post by: raem on November 08, 2005, 12:03:00 AM

boardman

> Also searched the phorums for "dansguardian" but
> the results only refer to your How-To.

I don't believe that.
A search for dansguardian found heaps. You need to click on the Show all results link under the Forums section of search results page.
see
http://forums.contribs.org/index.php?action=search2&search=dansguardian

Title: Dans Guardian How To - Do NOT understand this step pls help
Post by: funkusmunkus on November 09, 2005, 03:12:59 AM

Hi boardman,

this is how I got it working http://forums.contribs.org/index.php?topic=26445.msg108600#msg108600

However if you make changes like I did to /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35transproxy you will loose your SMTP proxy, so you might want to change the template to reflect you network.

HTH
Cheers

Title: Re: Dans Guardian How To - Do NOT understand this step pls
Post by: raem on July 11, 2007, 05:49:09 PM

boardman

For future readers who may find this post.
It's all in the new Howto for sme7, with db command configuration, including port blocking.

http://wiki.contribs.org/Dansguardian