Proxy transparente com autenticação pelo NatACL

1. Proxy transparente com autenticação pelo NatACL

sgtmaykel
(usa Linux Mint)

Enviado em 25/07/2014 - 07:41h

Bom dia!
Estou tentando implantar no meu local de trabalho um proxy transparente com autenticação usando o NatACL. Quando eu executo o comando NatACL & o retornoé o seguinte:

maykel-virtual-machine NatACL.20050311 # NatACL &
[1] 26941
maykel-virtual-machine NatACL.20050311 # NatACL: command not found

fui até o diretório onde está o NatACL e executei um make novamente pra ver se tem algo de errado mas não consegui identificar o erro:

maykel-virtual-machine NatACL.20050311 # make
cc build_make.c -o .fastmake/build_fast_make.bin
./.fastmake/build_fast_make.bin
Searching Library: [ xml2] FOUND: /usr/lib/i386-linux-gnu
Searching Include: [ iconv.h] FOUND: /usr/include
Searching Include: [ libxml/xmlversion.h] FOUND: /usr/include/libxml2
./install.bin make.xml
Building project: NatACL

- Build Program: NatACL -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: ssl.h] [FOUND]: /usr/include/openssl
[Library: crypto] [FOUND]: /usr/lib/i386-linux-gnu
[Library: ssl] [FOUND]: /usr/lib/i386-linux-gnu
[Library: dl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build NatACL.c OK - NOT CHANGED
Build config_file.c OK - NOT CHANGED
Build html.c OK - NOT CHANGED
Build log.c OK - NOT CHANGED
Build sha1.c OK - NOT CHANGED
Build util.c OK - NOT CHANGED
Build auth.c OK - NOT CHANGED
Build file.c OK - NOT CHANGED
Build http.c OK - NOT CHANGED
Build ping.c OK - NOT CHANGED
Build socket.c OK - NOT CHANGED
Build webserver.c OK - NOT CHANGED
cc -O2 -rdynamic -s -L/usr/lib/i386-linux-gnu -lcrypto -L/usr/lib/i386-linux-gnu -lssl -L/usr/lib/i386-linux-gnu -ldl src/NatACL/NatACL.o src/NatACL/config_file.o src/NatACL/html.o src/NatACL/log.o src/NatACL/sha1.o src/NatACL/util.o src/NatACL/auth.o src/NatACL/file.o src/NatACL/http.o src/NatACL/ping.o src/NatACL/socket.o src/NatACL/webserver.o -o NatACL

src/NatACL/NatACL.o: In function `init_ssl':
NatACL.c:(.text+0xd19): undefined reference to `SSLv23_server_method'
NatACL.c:(.text+0xd21): undefined reference to `SSL_CTX_new'
NatACL.c:(.text+0xd44): undefined reference to `SSL_CTX_use_certificate_file'
NatACL.c:(.text+0xd67): undefined reference to `SSL_CTX_use_PrivateKey_file'
NatACL.c:(.text+0xd7a): undefined reference to `SSL_CTX_check_private_key'
NatACL.c:(.text+0xd89): undefined reference to `SSL_new'
NatACL.c:(.text+0xda2): undefined reference to `SSL_set_fd'
NatACL.c:(.text+0xdb5): undefined reference to `SSL_accept'
src/NatACL/NatACL.o: In function `main':
NatACL.c:(.text.startup+0x47): undefined reference to `SSL_library_init'
NatACL.c:(.text.startup+0x4c): undefined reference to `SSL_load_error_strings'
src/NatACL/html.o: In function `template_show_fd':
html.c:(.text+0x7cc): undefined reference to `SSL_write'
src/NatACL/auth.o: In function `run_auth_module':
auth.c:(.text+0x7c): undefined reference to `dlopen'
auth.c:(.text+0x92): undefined reference to `dlsym'
auth.c:(.text+0x9c): undefined reference to `dlerror'
auth.c:(.text+0xc3): undefined reference to `dlclose'
auth.c:(.text+0xe9): undefined reference to `dlerror'
src/NatACL/socket.o: In function `sock_buf_fill':
socket.c:(.text+0x37b): undefined reference to `SSL_read'
src/NatACL/socket.o: In function `sock_printf':
socket.c:(.text+0x73e): undefined reference to `SSL_write'
src/NatACL/socket.o: In function `sock_wait_for_data_ssl':
socket.c:(.text+0xd05): undefined reference to `SSL_read'
collect2: error: ld returned 1 exit status

FAILED

Installing...

Creating directory: /usr/local
Creating directory: /usr/local/bin
cp -f NatACL /usr/local/bin

cp: cannot stat ‘NatACL’: No such file or directory

- Build Program: NatACL.log.squid -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: ssl.h] [FOUND]: /usr/include/openssl
[Library: ssl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build NatACL.log.squid.c OK - NOT CHANGED
Build file.c OK - NOT CHANGED
Build log.c OK - NOT CHANGED
Build sha1.c OK - NOT CHANGED
Build tail.c OK - NOT CHANGED
Build util.c OK - NOT CHANGED

Installing...

Creating directory: /usr/local
Creating directory: /usr/local/bin
cp -f NatACL.log.squid /usr/local/bin

- Build Program: auth_mysql.so -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: mysql.h] [FOUND]: /usr/include/mysql
[Include: NatACL.h] [FOUND]: src/NatACL
[Library: mysqlclient] [FOUND]: /usr/lib/i386-linux-gnu
[Library: dl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build Mysql.c OK - NOT CHANGED

Installing...

Creating directory: /var/NatACL
Creating directory: /var/NatACL/modules
Creating directory: /var/NatACL/modules/auth
cp -f auth_mysql.so /var/NatACL/modules/auth

- Build Program: auth_unix.so -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: NatACL.h] [FOUND]: src/NatACL
[Library: crypt] [FOUND]: /usr/lib/i386-linux-gnu
[Library: dl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build main.c OK - NOT CHANGED

Installing...

Creating directory: /var/NatACL
Creating directory: /var/NatACL/modules
Creating directory: /var/NatACL/modules/auth
cp -f auth_unix.so /var/NatACL/modules/auth
Creating directory: /var/NatACL
Creating directory: /var/NatACL/html
cp -f main.html /var/NatACL/html
Creating directory: /var/NatACL
Creating directory: /var/NatACL/html
cp -f login.html /var/NatACL/html
./post_install.sh
Keeping original /usr/local/etc/NatACL.conf
Keeping original cert_server.pem
maykel-virtual-machine NatACL.20050311 #

meu arquivo de configuração do NatACL.conf é o seguinte:

# NETWORK CONFIGURATION
#************************************************************************

# LAN_INTERFACE
# Set the network who will have access to this program
# LAN_INTERFACE [interface] [network/class]
# If you have only one lan interface, you may remove one line.
LAN_INTERFACE eth0:1 13.0.0.0/24

# WAN_INTERFACE
# Set the output internet address
# WAN_INTERFACE [interface] [local address]
WAN_INTERFACE eth0 192.168.204.178

# NAT_TYPE
# Configure the type of your network nat/firewall
# You can create you own type, just add the respective configuration to the RULE section.
# Default existing configuration:
#IPTABLES_NAT
#IPTABLES_PROXY
#IPFW_NAT
#IPFW_PROXY

NAT_TYPE: IPTABLES_PROXY

#define if you will allow simultaneous users at the same tame
SIMULTANEOUS_LOGON: NO

#If you use Freebsd and IPFW/NATD You must set the NATD port
NATD_PORT: 31000

#If you use Proxy instead NAT, you must define the PROXY PORT
PROXY_PORT: 3128

# MODULE CONFIGURATION
#************************************************************************

# AUTH_UNIX
# Set the expire time and expire method for users using the unix password

# Args: EXPIRE_TIME <Time to live in seconds>
# EXPIRE_PING
# EXPIRE_PINGTIME <Time to live in seconds>
# EXPIRE_POPUP
#
# Ex;
# AUTH_UNIX TYPE EXPIRE_TIME 3600
# or
# AUTH_UNIX TYPE EXPIRE_POPUP
# or
# AUTH_UNIX TYPE EXPIRE_PING
# or both ( ping + time )
# AUTH_UNIX TYPE EXPIRE_PINGTIME 3600

# WARNING: If you use Expire_POPUP, make sure that you have an anti-popup browser disabled.

AUTH_UNIX TYPE EXPIRE_TIME 3600

#
# AUTH_MYSQL
# Set the configuration to the mysql database
# Args: Mysql_Host Mysql_db Mysql_user Mysql_password
# Ex. AUTH_MYSQL 127.0.0.1 NatACL User "password"
AUTH_MYSQL 127.0.0.1 NatACL root rede##2009

# RULE SECTION
#************************************************************************
# You dont have to alter this part, unless you know what are you doing.
# You can have multiples configuration, even if you dont have a specific firewall. It will not matter.
# Set the NAT_TYPE to your specific rule.

# START RULE - Is executed only once, when NatACL is run.
# INIT RULE - Is executed one time for each LAN_INTERFACE, when NatACL is run.
# GRANT RULE - Is executed when a user logon.
# REVOKE RULE - Is executed when a user expires.

# Rules for Linux IPTABLES_NAT
#IPTABLES_NAT START "/sbin/iptables -t nat -F"
#IPTABLES_NAT INIT "/sbin/iptables -t nat -I PREROUTING -i eth0:1 -p tcp -s eth0:1 -d 0/0 --dport 80 -j DNAT --to-destination eth0:5121"
#IPTABLES_NAT INIT "/sbin/iptables -t nat -I POSTROUTING -p udp --dport 53 -j SNAT --to-source eth0"
#IPTABLES_NAT GRANT "/sbin/iptables -t nat -I PREROUTING -i eth0:1 -p tcp -s users -d 0/0 --dport 80 -j ACCEPT"
#IPTABLES_NAT GRANT "/sbin/iptables -t nat -I POSTROUTING -p tcp -s users -j SNAT --to-source eth0"
#IPTABLES_NAT REVOKE "/sbin/iptables -t nat -D PREROUTING -i eth0:1 -p tcp -s users -d 0/0 --dport 80 -j ACCEPT"
#IPTABLES_NAT REVOKE "/sbin/iptables -t nat -D POSTROUTING -p tcp -s users -j SNAT --to-source [WAN_ADDRESS]"

# Rules for Linux IPTABLES_PROXY
#IPTABLES_PROXY START "/sbin/iptables -t nat -F"
IPTABLES_PROXY INIT "/sbin/iptables -t nat -I PREROUTING -i eth0:1 -p tcp -s eth0:1 -d 0/0 --dport 80 -j DNAT --to-destination 192.168.204.178:5121"
IPTABLES_PROXY INIT "/sbin/iptables -t nat -I POSTROUTING -p udp --dport 53 -j SNAT --to-source 192.168.204.178"
IPTABLES_PROXY GRANT "/sbin/iptables -t nat -I PREROUTING -i eth0:1 -p tcp -s users --dport 80 -j DNAT --to-destination 192.168.204.178:3128"
IPTABLES_PROXY REVOKE "/sbin/iptables -t nat -D PREROUTING -i eth0:1 -p tcp -s users -j DNAT --to-destination 192.168.204.178:3128"

# Rules for Freebsd IPFW_NAT
IPFW_NAT START "ipfw del 8"
IPFW_NAT START "ipfw del 9"
IPFW_NAT START "ipfw del 10"
IPFW_NAT INIT "ipfw add 10 fwd 127.0.0.1,5121 tcp from [LAN_INTERFACE] to any 80"
IPFW_NAT INIT "ipfw add 10 fwd 127.0.0.1,5122 tcp from [LAN_INTERFACE] to any 5122"
IPFW_NAT GRANT "ipfw add 8 divert [NATD_PORT] ip from [CLIENT_ADDRESS] to any out xmit [WAN_INTERFACE] "
IPFW_NAT GRANT "ipfw add 9 skipto 11 all from [CLIENT_ADDRESS] to any"
IPFW_NAT REVOKE "ipfw del 8 divert [NATD_PORT] ip from [CLIENT_ADDRESS] to any out xmit [WAN_INTERFACE] "
IPFW_NAT REVOKE "ipfw del 9 skipto 11 all from [CLIENT_ADDRESS] to any"

# Rules for Freebsd IPFW_PROXY - PROXY PORT
IPFW_PROXY START "ipfw del 8"
IPFW_PROXY START "ipfw del 9"
IPFW_PROXY START "ipfw del 10"
IPFW_PROXY INIT "ipfw add 10 fwd 127.0.0.1,5121 tcp from [LAN_INTERFACE] to any 80"
IPFW_PROXY INIT "ipfw add 10 fwd 127.0.0.1,5122 tcp from [LAN_INTERFACE] to any 5122"
IPFW_PROXY GRANT "ipfw add 8 fwd 127.0.0.1:[PROXY_PORT] tcp from [CLIENT_ADDRESS] to any 80"
IPFW_PROXY GRANT "ipfw add 9 skipto 11 all from [CLIENT_ADDRESS] to any"
IPFW_PROXY REVOKE "ipfw del 8 fwd 127.0.0.1:[PROXY_PORT] tcp from [CLIENT_ADDRESS] to any 80"
IPFW_PROXY REVOKE "ipfw del 9 skipto 11 all from [CLIENT_ADDRESS] to any"

Alguém poderia me ajudar?

0 0

Quote