Koozali.org: home of the SME Server

Dans Guardian How To - Do NOT understand this step pls help

boardman

Dans Guardian How To - Do NOT understand this step pls help
« on: November 06, 2005, 04:40:05 PM »
Hi,

I installed Dans Guardian according to the excellent "How To" by Ray Mitchell, but I do not understand what needs to be done in the following step, can anyone help: (I use SME V6.0)

=====>
To block access to port 80 and 3128 and force users to use 8080

add the following and remove the transproxy lines from masq

The following applies to sme v5.6 or v6.0 which use iptables.

$OUT .= " /sbin/iptables --append Forward$AllowLocals -s $local -p tcp --destination-port 80 -j DROP\n";

$OUT .= " /sbin/iptables --append Forward$AllowLocals -d $local -p tcp --destination-port 80 -j DROP\n";

$OUT .= " /sbin/iptables --append Input$AllowLocals -s $local -p tcp --destination-port 80 -j DROP\n";

$OUT .= " /sbin/iptables --append Forward$AllowLocals -s $local -p tcp --destination-port 3128 -j DROP\n";

$OUT .= " /sbin/iptables --append Forward$AllowLocals -d $local -p tcp --destination-port 3128 -j DROP\n";

$OUT .= " /sbin/iptables --append Input$AllowLocals -s $local -p tcp --destination-port 3128 -j DROP\n";

Expand the template when changes have been made.

<<<<====

I mean, I do know how to expand a template but what I dont get this time is what to delete, and where to add in the transproxy template fragment of masq.

(35transproxy perhaps, if so where? exactly)

Can anyone help me please....

Best

Boardman

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Dans Guardian How To - Do NOT understand this step pls
« Reply #1 on: November 07, 2005, 05:14:04 AM »
boardman,

It's still in Draft with that section never completed !

There were some good posts about how to resolve this, search the forums for dansguardian.

Also examine the template fragments here, they may help you sort it out.
http://mirror.contribs.org/smeserver/contribs/rmitchell/smeserver/contribs/dansguardian/templates/masq/
...

boardman

Thks for reply Ray - but still lost.
« Reply #2 on: November 07, 2005, 08:06:57 PM »
Thks for the reply Ray.

I checked on the link you posted but still have no clue, I am so confused...

Also searched the phorums for "dansguardian" but the results only refer to your How-To.

Any more help will be really appreciated.

Thks.

Jorge Boardman

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Thks for reply Ray - but still lost.
« Reply #3 on: November 08, 2005, 12:03:00 AM »
boardman

> Also searched the phorums for "dansguardian" but
> the results only refer to your How-To.

I don't believe that.
A search for dansguardian found heaps. You need to click on the Show all results link under the Forums section of search results page.
see
http://forums.contribs.org/index.php?action=search2&search=dansguardian
...

Offline funkusmunkus

  • *
  • 220
  • +0/-0
Dans Guardian How To - Do NOT understand this step pls help
« Reply #4 on: November 09, 2005, 03:12:59 AM »
Hi boardman,

this is how I got it working http://forums.contribs.org/index.php?topic=26445.msg108600#msg108600

However if you make changes like I did to /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35transproxy you will loose your SMTP proxy, so you might want to change the template to reflect you network.

HTH
Cheers
.........

Offline raem

  • *
  • 3,972
  • +4/-0
Re: Dans Guardian How To - Do NOT understand this step pls
« Reply #5 on: July 11, 2007, 05:49:09 PM »
boardman

For future readers who may find this post.
It's all in the new Howto for sme7, with db command configuration, including port blocking.

http://wiki.contribs.org/Dansguardian
...