[Cialug] Help Dansguardian Issue
Dan Schlichting
dan at cpugeek.org
Fri May 18 10:43:22 CDT 2012
I am trying to get my credit card machines to work through
dansguardian. It works okay until it gets to ssl connection
tptrans.lynksystems.com:6660 the first time it drops the second time
it works. Does anyone have any idea on how to make this work.
I am using Iptables prerouting with the that ip address and it still
isn't working.
*mangle
:PREROUTING ACCEPT [2231011778:1397346745872]
:INPUT ACCEPT [1508326061:1090457847235]
:FORWARD ACCEPT [783067716:320226322781]
:OUTPUT ACCEPT [1516512394:1131769837803]
:POSTROUTING ACCEPT [2299565371:1451995003015]
COMMIT
# Completed on Fri May 18 09:25:02 2012
# Generated by iptables-save v1.4.4 on Fri May 18 09:25:02 2012
*nat
:PREROUTING ACCEPT [19188148:1491516387]
:POSTROUTING ACCEPT [44559154:2815450477]
:OUTPUT ACCEPT [27912287:1683463104]
-A PREROUTING -s 10.24.105.0/24 -i br0 -p tcp -m tcp --dport 80 -j
REDIRECT --to-ports 8080
-A PREROUTING -s 10.24.105.79/32 -i br0 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -s 10.24.105.230/32 -i br0 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -s 10.24.105.230/32 -i br0 -p tcp -m tcp --dport 6660 -j ACCEPT
-A PREROUTING -s 10.24.105.231/32 -i br0 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -s 10.24.105.232/32 -i br0 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -s 10.24.105.233/32 -i br0 -p tcp -m tcp --dport 80 -j ACCEPT
-A PREROUTING -s 10.24.105.232/32 -i br0 -p tcp -m tcp --dport 6660 -j ACCEPT
COMMIT
# Completed on Fri May 18 09:25:02 2012
# Generated by iptables-save v1.4.4 on Fri May 18 09:25:02 2012
*filter
:INPUT ACCEPT [781035700:571617433348]
:FORWARD ACCEPT [7090588:568051463]
:OUTPUT ACCEPT [1516512394:1131769837803]
:tcprules - [0:0]
-A INPUT -j tcprules
-A FORWARD -j tcprules
-A tcprules -s 10.24.105.253/32 -d 10.24.105.245/32 -i br0 -m state
--state NEW -j ACCEPT
-A tcprules -s 10.24.105.253/32 -d 10.24.105.19/32 -i br0 -m state
--state NEW -j ACCEPT
-A tcprules -s 10.24.105.253/32 -d 10.24.105.0/24 -i br0 -m state
--state NEW -j DROP
-A tcprules -i br0 -p icmp -m state --state NEW -j ACCEPT
-A tcprules -s 10.24.105.0/24 -i br0 -m state --state NEW -j ACCEPT
-A tcprules -p icmp -m state --state INVALID -j DROP
-A tcprules -i br0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Fri May 18 09:25:02 2012
This is my setup now.
Any idea's I am unable to plug in behind the filter due to the way the
network is drawn.
Thanks
Dan
More information about the Cialug
mailing list