Re: [Linux-ag] censornet

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Mucibirahman İLBUĞA (mucip.ilbuga@gmail.com)
Date: Thu 21 Sep 2006 - 16:05:53 GMT

Previous message: Kivanc Oskay: "RE: [Linux-ag] censornet"
In reply to: Kivanc Oskay: "RE: [Linux-ag] censornet"
Next in thread: Birol AKBAY: "Re: [Linux-ag] censornet"
Next in thread: Remzi AKYÃœZ: "Re: [Linux-ag] censornet"
Next in thread: Birol AKBAY: "Re: [Linux-ag] censornet"

Selamlar,
Censornet kullanan birisi olarak alınmadım :) Ancak DansGuardian da denemiştik ama bize göre (20 istemci) çok detaylı geldi ve bir sürü ayar da gerekiyordu.. Censornet ile yarım saatte devreye aldık... Elbette herşey ihtiyaç karşılama olayı... Gerisi teferruat :)

En klasik felsefe : Çalışıyorsa bırak çalışsın :)

Saygılarımla,
Mucip:)
  ----- Original Message -----
  From: Kivanc Oskay
  To: linux-ag@liste.linux.org.tr
  Sent: Thursday, September 21, 2006 6:33 PM
  Subject: RE: [Linux-ag] censornet

merhaba,
sayenizde merak edip censornet'i kurup inceledim(3.3r6), kisaca istediklerinizi yapmaniz icin yeteri kadar esnek olmadigini soyleyebilirim. nedenine gelince, kernel 2.6.6 ve iptables v.1.2.9 kullaniliyor fakat PREROUTING zincirinde REDIRECT diye bir hedef bulunmuyor.. squid proxy konfigurasyonu illa kullanicinin bir sekilde (3) kimlik dogrulamasini istiyor.. ayrica censorneti kullanacak olan bilgisayarlarin IP veya MAC adresleriyle bir bir eklenmesi gerekiyor.. biraz eziyet yani. censornet gibi dar bi alanda bunlari cozmeye calismaktansa (kullanan arkadaslar alinmasin) dogru duzgun bir dagitim kurup onun uzerinde iptables, squid, dansguardian (zaten cogu dagitimda hazir geliyor) konfigure etmek hem size daha cok sey katacaktir hem de kaynak bulmaniz kolaylasacaktir diye dusunuyorum ben :)

  saygilarimla,
  --
  kivanc oskay

----------------------------------------------------------------------------
    From: linux-ag-bounces@liste.linux.org.tr [mailto:linux-ag-bounces@liste.linux.org.tr] On Behalf Of necip celepci
    Sent: 21 September 2006 Thursday 17:55
    To: linux-ag@liste.linux.org.tr
    Subject: Re: [Linux-ag] censornet

arkadaşlar merhaba,
baya kafanızı ağrıtıyorum. sonunda okuduğum dökümanlardan iptables çıktısını almayı vaşardım. baya da uzun bir liste. şimdi aşağıdaki listede ne yapmam lazım ki eth0 a gelen 80. port isteklerini 8080 e göndereyim. baya bir drop yapılmış gerçi ama?

help... pls

# Generated by iptables-save v1.2.9 on Thu Sep 21 20:48:27 2006
*nat
:PREROUTING ACCEPT [964:302778]
:POSTROUTING ACCEPT [1171:91118]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Thu Sep 21 20:48:27 2006
# Generated by iptables-save v1.2.9 on Thu Sep 21 20:48:27 2006
*mangle
:PREROUTING ACCEPT [9404:2804321]
:INPUT ACCEPT [8840:2674241]
:FORWARD ACCEPT [54:2592]
:OUTPUT ACCEPT [10405:2673227]
:POSTROUTING ACCEPT [10546:2689613]
-A OUTPUT -p tcp -m tcp --dport 23 -j TOS --set-tos 0x10
-A OUTPUT -p tcp -m tcp --dport 22 -j TOS --set-tos 0x10
COMMIT
# Completed on Thu Sep 21 20:48:27 2006
# Generated by iptables-save v1.2.9 on Thu Sep 21 20:48:27 2006
*filter
:INPUT DROP [605:201794]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [10405:2673227]
:ADMIN_ACCESS_A - [0:0]
:FORWARD_ACCESS_A - [0:0]
:INPUT_ACCESS_A - [0:0]
-A INPUT -i ! lo -p tcp -m tcp --dport 99 -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 81 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 22 -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state RELATED -j ACCEPT
-A INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -i eth1 -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 137:139 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 1 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 1 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 20:25 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 20:25 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 42 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 42 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 110 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 110 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 137:139 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 137:139 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 123 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 123 -j ACCEPT
-A INPUT -i eth0 -p icmp -j ACCEPT
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 8 -j DROP
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 13 -j DROP
-A INPUT -i eth1 -p icmp -m icmp --icmp-type 17 -j DROP
-A INPUT -i eth1 -p icmp -j ACCEPT
-A INPUT -j ADMIN_ACCESS_A
-A INPUT -j INPUT_ACCESS_A
-A FORWARD -i eth0 -p tcp -m tcp --dport 80 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 80 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 81 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 81 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 443 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 443 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 488 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 488 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 563 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 563 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 777 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 777 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 3128 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 3128 -j DROP
-A FORWARD -i eth0 -p tcp -m tcp --dport 8080 -j DROP
-A FORWARD -i eth0 -p udp -m udp --dport 8080 -j DROP
-A FORWARD -p tcp -m state --state RELATED -j ACCEPT
-A FORWARD -p tcp -m state --state ESTABLISHED -j ACCEPT
-A FORWARD -p udp -m udp --sport 53 -j ACCEPT
-A FORWARD -p udp -m udp --dport 53 -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth0 -p icmp -j ACCEPT
-A FORWARD -i eth1 -p icmp -m icmp --icmp-type 8 -j DROP
-A FORWARD -i eth1 -p icmp -m icmp --icmp-type 13 -j DROP
-A FORWARD -i eth1 -p icmp -m icmp --icmp-type 17 -j DROP
-A FORWARD -i eth1 -p icmp -j ACCEPT
-A FORWARD -j FORWARD_ACCESS_A
-A ADMIN_ACCESS_A -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A ADMIN_ACCESS_A -i eth0 -p udp -m udp --dport 80 -j ACCEPT
-A INPUT_ACCESS_A -s 192.168.1.2 -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
COMMIT
# Completed on Thu Sep 21 20:48:27 2006

------------------------------------------------------------------------------

  _______________________________________________
  Linux-ag mailing list
  Linux-ag@liste.linux.org.tr
  http://liste.linux.org.tr/mailman/listinfo/linux-ag

_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag

Previous message: Kivanc Oskay: "RE: [Linux-ag] censornet"
In reply to: Kivanc Oskay: "RE: [Linux-ag] censornet"
Next in thread: Birol AKBAY: "Re: [Linux-ag] censornet"
Next in thread: Remzi AKYÃœZ: "Re: [Linux-ag] censornet"
Next in thread: Birol AKBAY: "Re: [Linux-ag] censornet"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.