[Shorewall-users] Shorewall Captive Portal with sub-zones

Thu, 10 Apr 2008 02:54:53 -0700 

.

Saluton,

About captive portal using Shorewall,
I have some problem about sub-zones.

In file "zones", I create "zone1" and "zone2".

In "police" I DROP all.

In "rules" I have, in resume:
-----------------
redirect zone1 8080 tcp 80 -
redirect zone1 8080 tcp 3128 -

accept zone2 wan tcp 80 -
redirect zone2 3128 tcp 80 -
-----------------

This is to Redirect "http" and "proxy" access
to a login.cgi page on a thttpd server
running on port 8080.

In file "hosts", I have:
-----
zone1 eth2:192.168.2.2
zone2 eth2:192.168.2.3
-----

And in file "started", I have:
-----
shorewall add eth2:192.168.2.21 zone1
shorewall add eth2:192.168.2.22 zone1
shorewall add eth2:192.168.2.23 zone1
shorewall add eth2:192.168.2.24 zone1
shorewall add eth2:192.168.2.25 zone2
-----

The process to add all this IPs to the zones
are very slow.

I needed to do this, because when a user
logins, I need to shorewall delete user from
zone1, ant I need to shorewall add user
in zone2.

I tried to use in file hosts:
----
zone1 eth2:192.168.2.0/24
zone2 eth2:192.168.2.3
----

In this case, I need only do add or 
to delete user in zone2.

But in this case, there are a conflict
of logic of rules when the user is
using proxy.

The system see rule to accept zone2
tcp 3128, but the system see rule
to redirect zone1 3128 --> 8080.

And with last "hosts" file, the user
will be in 2 zones, 1 and 2.

I tried use ACCEPT+ zone2 all tcp 3128 -

But some thing is configured that this "ACCEPT+"
is not ignored by "REDIRECT zone1" rule.

I tried use shorewall-perl, but shows
errors in /var/lib/shorewall/.start

And I tried to understand "sub-zones",
but not found docs to read.

How can I solve this problem about
ACCEPT+ zone2, and REDIRECT zone1,
using the port of proxy?

Thank you

Sávio


      Abra sua conta no Yahoo! Mail, o único sem limite de espaço para 
armazenamento!
http://br.mail.yahoo.com/

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to