September 22, 2010 at 7:31 am #42652
Here is my problem,
I have written a script to enable a gateway at a specific time and then disable it at a another specific time of the date.
In the cron tab , i created a new cron job and then chosen the specific time to run , in the script file i wrote :
./nb_changegw “06” “gateway_s190” “yes” “1” “192.168.170.1” “” “8”
Still in the log , i get erros,
iptables command not found
ip command not found
I guess it is the path that i am missing, as it seems inside the script of the nb_changegw the iptables command and the ip command can’t be executed and give command not found, any suggestions or is it another way to do this job.
Thanking you in advance.September 22, 2010 at 9:05 am #51099
Use the firewall rules to enable a time-based rule in the FORWARD chain.
Note that if you are using the CaptivePortal feature you should use DROP rules. So you should DROP the traffic in the hours when the traffic is not allowed, NOT the contrary!!
This is because there is an invisibile last rule called CapPor that send everything trough the captive portal, but if you ALLOW something before the users don’t pass trough captiveportal since rules are hierarchical (first matched -> exit).
MarcoSeptember 22, 2010 at 9:43 am #51100
am not using portal captive, still in the firewall chain if i use a rule to enbable or disable the forward chain, I guess when disabling it , the browsing will stop when the request pas through this gateway ,
As i can understand from your reply, i have to go to the startup/cron tab and create a firewall rule to disable the forward chain through this gateway (IP address) ?? Right ??
and in case of disabling forward chain through this ip or gateway won’t my users get a timeout page from time to time in their browsers ??September 22, 2010 at 9:52 am #51101
Sorry for the misunderstanding 🙂
I got your point, in the firewall rule , i create a rule for the IP range of my gateway and at a specific time i drop the forward chain and so the Gateway will be fault by itself so the browsing will stop and the same for enabling it .
did I get your point ??September 22, 2010 at 10:11 am #51102
You should go in the “Firewall” section, choose the “FORWARD” chain (if not already) and add a firewall rule.
Since you are not using captiveportal, you can put the rule you prefer,
ALLOW allowed hours
DROP not allowed hours
The second must to be choosed in case of captiveportal.
You must be logged in to reply to this topic.