orallo

Forum Replies Created

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • in reply to: Proxy Blacklists and IP management #50183

    orallo
    Member

    Ok, I found the solution to my own problem so if someone finds himself on a similar problem there is some documentation here to help them out.

    It was right in front of my nose the whole time…

    using dansguardian groups, you can create several filters for different groups.

    What I ended up doing was putting all the banned sites in ONE bannedsites file and creating different exceptionsitelist files (exceptionsitelistf1, exceptionsitelistf2… you can have upto 99 filters) for each site or group of sites that are allowed for a particular user or user group.

    Then simply add each user to a filter on the filtergroup list and you are DONE!

    By default all users go to exceptionsitelist (which can be empty and therefore the bannedsitelist applies in full force) and only those users lucky enough to get access granted to sites on the bannedsitelist get the filter2 or filter3… applied to them.

    Hope this helps someone,
    Best regards to all,
    Orallo.

    in reply to: Proxy Blacklists and IP management #50182

    orallo
    Member

    Hi Again ppalias,

    I’ve installed the dansguardian patch listed on the zeroshell site and its up and running. I’ve got the blacklist running and the content aware stuff is working too.

    But I havent found anywhere any documentation on how to allow a single IP to access a particular site…

    Anybody have any ideas???

    Thanks in advance,
    -Orallo

    in reply to: Proxy Blacklists and IP management #50180

    orallo
    Member

    Create a “Not Capture” rule describing the specific user, e.g source interface, source IP.

    Woulndt that unblock ALL the sites on the black list?

    is it not posible to open just one site for one user?

    I know its stupid, but that’s what I’ve been told to do…

    Thanks again

    in reply to: Question regarding QoS, NetBalancing and Traffic shaping #50065

    orallo
    Member

    Good Morning Atheling and everybody else,

    Yesterday was the last day of class in one of my classrooms so now I got 16 computers to play with…

    And thats what I’m going to do today, segment those 16 computers in 3 – 4 IP ranges and start classifiying their traffic with ZS.

    One question though, how can I measure that the MAX/Guaranteed bandwithds are being applied???

    Thanks to all in advance.
    -Orallo

    in reply to: Question regarding QoS, NetBalancing and Traffic shaping #50063

    orallo
    Member

    Hi Again Atheling,

    Regarding the topology… I know, its bad, I just dropped the ZS box on the switch in my office.

    If/when I get all the NB/QoS stuff working I will move ZS to the server/switch room where it will be placed between the DSL modems and the LAN. But for now, for testing purposes, I think it should do.

    Regarding the NB/QoS stuff…

    Here is what I’m trying to accomplish: (its a slight variation from what I had stated before)

    – Put all computers on the 172.16.1.XXX segment.
    – Balance both internet connections in ZS.
    – Apply QoS rules by IP ranges, for example I want to make sure an IP (for example 172.16.1.112 gets a guaranteed 1mb up/down pipe for all traffic combined )
    – And eventually I’d like to setup a captive portal to filter some content too, but thats not important for right now.

    And by the way, there is a typo on the diagram, my DSL routers are on IPs 192.168.1.1 and 192.168.2.1 NOT on 192.168.1.1 and 192.168.1.2.

    If you could give me a list of the things I need to do to get all this working I’d greatly appreciate it.

    I think a list should be enough, I dont think I need step by step instructions (but then again… if you feel typey… go nuts!! lol)

    Thanks again,
    -Orallo

    in reply to: Question regarding QoS, NetBalancing and Traffic shaping #50060

    orallo
    Member

    Good Morning Atheling,

    Here is the output from the command you posted:

    Thanks

    root@zeroshell root> iptables -t mangle -nv -L
    Chain PREROUTING (policy ACCEPT 87966 packets, 9104K bytes)
    pkts bytes target prot opt in out source destination
    87966 9104K CONNMARK all — * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
    55448 6317K NB_CT_PRE all — * * 0.0.0.0/0 0.0.0.0/0 state NEW
    87966 9104K NetBalancer all — * * 0.0.0.0/0 0.0.0.0/0

    Chain INPUT (policy ACCEPT 78598 packets, 7898K bytes)
    pkts bytes target prot opt in out source destination
    46080 5111K NB_CT_POST all — * * 0.0.0.0/0 0.0.0.0/0 state NEW
    78598 7898K NetBalancer all — * * 0.0.0.0/0 0.0.0.0/0

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination

    Chain OUTPUT (policy ACCEPT 33130 packets, 3072K bytes)
    pkts bytes target prot opt in out source destination
    33130 3072K CONNMARK all — * * 0.0.0.0/0 0.0.0.0/0 CONNMARK restore
    33130 3072K NetBalancer all — * * 0.0.0.0/0 0.0.0.0/0
    33130 3072K OpenVPN all — * * 0.0.0.0/0 0.0.0.0/0

    Chain POSTROUTING (policy ACCEPT 33130 packets, 3072K bytes)
    pkts bytes target prot opt in out source destination
    32117 2682K NB_CT_POST all — * * 0.0.0.0/0 0.0.0.0/0 state NEW
    33130 3072K NB_STAT all — * * 0.0.0.0/0 0.0.0.0/0
    33130 3072K QoS all — * * 0.0.0.0/0 0.0.0.0/0

    Chain NB_CT_POST (2 references)
    pkts bytes target prot opt in out source destination
    934 70783 MARK all — * * 0.0.0.0/0 0.0.0.0/0 realm 0x66 MARK set 0x66
    935 71036 MARK all — * * 0.0.0.0/0 0.0.0.0/0 realm 0x65 MARK set 0x65
    78197 7793K CONNMARK all — * * 0.0.0.0/0 0.0.0.0/0 CONNMARK save

    Chain NB_CT_PRE (1 references)
    pkts bytes target prot opt in out source destination
    27717 3158K MARK all — ETH01 * 0.0.0.0/0 0.0.0.0/0 MARK set 0x66
    27717 3158K MARK all — ETH01 * 0.0.0.0/0 0.0.0.0/0 MARK set 0x65

    Chain NB_STAT (1 references)
    pkts bytes target prot opt in out source destination
    999 75366 all — * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x66
    1817 447K all — * * 0.0.0.0/0 0.0.0.0/0 MARK match 0x65

    Chain NetBalancer (3 references)
    pkts bytes target prot opt in out source destination

    Chain OpenVPN (1 references)
    pkts bytes target prot opt in out source destination

    Chain QoS (1 references)
    pkts bytes target prot opt in out source destination
    33130 3072K MARK all — * * 0.0.0.0/0 0.0.0.0/0 MARK set 0x0
    0 0 MARK all — ETH01 * 172.16.1.112 0.0.0.0/0 MARK set 0xa
    0 0 ACCEPT all — * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0
    root@zeroshell root>

    in reply to: Question regarding QoS, NetBalancing and Traffic shaping #50058

    orallo
    Member

    Hi All,

    We patched the system so netbalancing and QoS can work together but unfortunatelly we cant seem to get it to work.

    We create the clases, classify the traffic by IP ranges as described above and when I assign an IP on the (for example) IT range to my workstation, I still go to the WAN through the DEFAULT class.

    We┬┤re not sure what we are doing wrong or not doing.

    One of the tutorials (http://www.zeroshell.net/listing/QOS-zeroshell.pdf) suggests that we HAVE TO create a bridge between ETH00 and ETH01 in order for QoS to work, so we tried that too, but what happened is that it took our whole network down. Which is very strange to us…

    Our LAN is laid out right now with static IP addreses for each computer on the 192.168.1.x and 192.168.2.x ranges and the only computers “behind” zeroshell are our test computers until we get everything working…

    But when we create a bridge with the two interfaces as they are pictured above every computer on the LAN stops being able to access the WAN.

    Any ideas?? What are we missing??

    Thanks to all for any and all input.

    -Orallo

    in reply to: Date of a new release #50013

    orallo
    Member

    Outstanding, thanks a lot, I am rebooting my ZS box right now to try all the changes.

    Thanks again atheling,

    Orallo.

    in reply to: Date of a new release #50010

    orallo
    Member

    Can anyone post detailed process for patching a system??

    I’ve tryed copying the patch to kerbynet.cgi folder and then issuing the command:

    patch -p0 < Zeroshell.3.patch

    And that patches 6 files on the scripts folder

    patching file scripts/fw_initrules
    patching file scripts/fw_makerule
    patching file scripts/fw_start
    patching file scripts/fw_viewchain
    patching file scripts/nb_fw
    patching file scripts/nb_setautomarking

    BUT when I reboot the system the changes are lost and If I DONT reboot the system when I try to modify rules on the QoS classifier and click on “Confirm” to save and close the popup with the rule details, it doesnt close and I get:

    iptables: No chain/target/match by that name

    in red text at the bottom of the window.

    Help anybody?

    Thanks in advance,


    orallo
    Member

    Is this true??? can anybody confirm?

    If so, I read this morning that a new release of ZS is comming out soon, does anybody know if this problem will be fixed with the new release?

    Thanks a lot.
    -Orallo

    in reply to: LOST ADMIN PASSWORD #49404

    orallo
    Member

    Annyyu22 you just don’t know where in the world you are, do you??

    Did you know that ZS runs on linux and not windows??? Further more do you know what ZeroShell is???

    Anyway, have a good one.

    Orallo

Viewing 11 posts - 1 through 11 (of 11 total)