Proxy transparente com autenticação usando NatACL

sgtmaykel
(usa Linux Mint)

Enviado em 24/07/2014 - 10:35h

Bom dia!
Estou tentando implantar no meu local de trabalho um proxy transparente com autenticação usando o NatACL. Quando eu executo o comando NatACL & o retornoé o seguinte:

maykel-virtual-machine NatACL.20050311 # NatACL &
[1] 26941
maykel-virtual-machine NatACL.20050311 # NatACL: command not found

fui até o diretório onde está o NatACL e executei um make novamente pra ver se tem algo de errado mas não consegui identificar o erro:

maykel-virtual-machine NatACL.20050311 # make
cc build_make.c -o .fastmake/build_fast_make.bin
./.fastmake/build_fast_make.bin
Searching Library: [ xml2] FOUND: /usr/lib/i386-linux-gnu
Searching Include: [ iconv.h] FOUND: /usr/include
Searching Include: [ libxml/xmlversion.h] FOUND: /usr/include/libxml2
./install.bin make.xml
Building project: NatACL

- Build Program: NatACL -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: ssl.h] [FOUND]: /usr/include/openssl
[Library: crypto] [FOUND]: /usr/lib/i386-linux-gnu
[Library: ssl] [FOUND]: /usr/lib/i386-linux-gnu
[Library: dl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build NatACL.c OK - NOT CHANGED
Build config_file.c OK - NOT CHANGED
Build html.c OK - NOT CHANGED
Build log.c OK - NOT CHANGED
Build sha1.c OK - NOT CHANGED
Build util.c OK - NOT CHANGED
Build auth.c OK - NOT CHANGED
Build file.c OK - NOT CHANGED
Build http.c OK - NOT CHANGED
Build ping.c OK - NOT CHANGED
Build socket.c OK - NOT CHANGED
Build webserver.c OK - NOT CHANGED
cc -O2 -rdynamic -s -L/usr/lib/i386-linux-gnu -lcrypto -L/usr/lib/i386-linux-gnu -lssl -L/usr/lib/i386-linux-gnu -ldl src/NatACL/NatACL.o src/NatACL/config_file.o src/NatACL/html.o src/NatACL/log.o src/NatACL/sha1.o src/NatACL/util.o src/NatACL/auth.o src/NatACL/file.o src/NatACL/http.o src/NatACL/ping.o src/NatACL/socket.o src/NatACL/webserver.o -o NatACL


src/NatACL/NatACL.o: In function `init_ssl':
NatACL.c:(.text+0xd19): undefined reference to `SSLv23_server_method'
NatACL.c:(.text+0xd21): undefined reference to `SSL_CTX_new'
NatACL.c:(.text+0xd44): undefined reference to `SSL_CTX_use_certificate_file'
NatACL.c:(.text+0xd67): undefined reference to `SSL_CTX_use_PrivateKey_file'
NatACL.c:(.text+0xd7a): undefined reference to `SSL_CTX_check_private_key'
NatACL.c:(.text+0xd89): undefined reference to `SSL_new'
NatACL.c:(.text+0xda2): undefined reference to `SSL_set_fd'
NatACL.c:(.text+0xdb5): undefined reference to `SSL_accept'
src/NatACL/NatACL.o: In function `main':
NatACL.c:(.text.startup+0x47): undefined reference to `SSL_library_init'
NatACL.c:(.text.startup+0x4c): undefined reference to `SSL_load_error_strings'
src/NatACL/html.o: In function `template_show_fd':
html.c:(.text+0x7cc): undefined reference to `SSL_write'
src/NatACL/auth.o: In function `run_auth_module':
auth.c:(.text+0x7c): undefined reference to `dlopen'
auth.c:(.text+0x92): undefined reference to `dlsym'
auth.c:(.text+0x9c): undefined reference to `dlerror'
auth.c:(.text+0xc3): undefined reference to `dlclose'
auth.c:(.text+0xe9): undefined reference to `dlerror'
src/NatACL/socket.o: In function `sock_buf_fill':
socket.c:(.text+0x37b): undefined reference to `SSL_read'
src/NatACL/socket.o: In function `sock_printf':
socket.c:(.text+0x73e): undefined reference to `SSL_write'
src/NatACL/socket.o: In function `sock_wait_for_data_ssl':
socket.c:(.text+0xd05): undefined reference to `SSL_read'
collect2: error: ld returned 1 exit status


FAILED

Installing...

Creating directory: /usr/local
Creating directory: /usr/local/bin
cp -f NatACL /usr/local/bin


cp: cannot stat ‘NatACL’: No such file or directory



- Build Program: NatACL.log.squid -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: ssl.h] [FOUND]: /usr/include/openssl
[Library: ssl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build NatACL.log.squid.c OK - NOT CHANGED
Build file.c OK - NOT CHANGED
Build log.c OK - NOT CHANGED
Build sha1.c OK - NOT CHANGED
Build tail.c OK - NOT CHANGED
Build util.c OK - NOT CHANGED

Installing...

Creating directory: /usr/local
Creating directory: /usr/local/bin
cp -f NatACL.log.squid /usr/local/bin

- Build Program: auth_mysql.so -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: mysql.h] [FOUND]: /usr/include/mysql
[Include: NatACL.h] [FOUND]: src/NatACL
[Library: mysqlclient] [FOUND]: /usr/lib/i386-linux-gnu
[Library: dl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build Mysql.c OK - NOT CHANGED

Installing...

Creating directory: /var/NatACL
Creating directory: /var/NatACL/modules
Creating directory: /var/NatACL/modules/auth
cp -f auth_mysql.so /var/NatACL/modules/auth

- Build Program: auth_unix.so -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: NatACL.h] [FOUND]: src/NatACL
[Library: crypt] [FOUND]: /usr/lib/i386-linux-gnu
[Library: dl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build main.c OK - NOT CHANGED

Installing...

Creating directory: /var/NatACL
Creating directory: /var/NatACL/modules
Creating directory: /var/NatACL/modules/auth
cp -f auth_unix.so /var/NatACL/modules/auth
Creating directory: /var/NatACL
Creating directory: /var/NatACL/html
cp -f main.html /var/NatACL/html
Creating directory: /var/NatACL
Creating directory: /var/NatACL/html
cp -f login.html /var/NatACL/html
./post_install.sh
Keeping original /usr/local/etc/NatACL.conf
Keeping original cert_server.pem
maykel-virtual-machine NatACL.20050311 #


meu arquivo de configuração do NatACL.conf é o seguinte:

# NETWORK CONFIGURATION
#************************************************************************

# LAN_INTERFACE
# Set the network who will have access to this program
# LAN_INTERFACE [interface] [network/class]
# If you have only one lan interface, you may remove one line.
LAN_INTERFACE eth0:1 13.0.0.0/24

# WAN_INTERFACE
# Set the output internet address
# WAN_INTERFACE [interface] [local address]
WAN_INTERFACE eth0 192.168.204.178

# NAT_TYPE
# Configure the type of your network nat/firewall
# You can create you own type, just add the respective configuration to the RULE section.
# Default existing configuration:
#IPTABLES_NAT
#IPTABLES_PROXY
#IPFW_NAT
#IPFW_PROXY

NAT_TYPE: IPTABLES_PROXY

#define if you will allow simultaneous users at the same tame
SIMULTANEOUS_LOGON: NO

#If you use Freebsd and IPFW/NATD You must set the NATD port
NATD_PORT: 31000

#If you use Proxy instead NAT, you must define the PROXY PORT
PROXY_PORT: 3128

# MODULE CONFIGURATION
#************************************************************************

# AUTH_UNIX
# Set the expire time and expire method for users using the unix password

# Args: EXPIRE_TIME <Time to live in seconds>
# EXPIRE_PING
# EXPIRE_PINGTIME <Time to live in seconds>
# EXPIRE_POPUP
#
# Ex;
# AUTH_UNIX TYPE EXPIRE_TIME 3600
# or
# AUTH_UNIX TYPE EXPIRE_POPUP
# or
# AUTH_UNIX TYPE EXPIRE_PING
# or both ( ping + time )
# AUTH_UNIX TYPE EXPIRE_PINGTIME 3600

# WARNING: If you use Expire_POPUP, make sure that you have an anti-popup browser disabled.

AUTH_UNIX TYPE EXPIRE_TIME 3600

#
# AUTH_MYSQL
# Set the configuration to the mysql database
# Args: Mysql_Host Mysql_db Mysql_user Mysql_password
# Ex. AUTH_MYSQL 127.0.0.1 NatACL User "password"
AUTH_MYSQL 127.0.0.1 NatACL root rede##2009



# RULE SECTION
#************************************************************************
# You dont have to alter this part, unless you know what are you doing.
# You can have multiples configuration, even if you dont have a specific firewall. It will not matter.
# Set the NAT_TYPE to your specific rule.

# START RULE - Is executed only once, when NatACL is run.
# INIT RULE - Is executed one time for each LAN_INTERFACE, when NatACL is run.
# GRANT RULE - Is executed when a user logon.
# REVOKE RULE - Is executed when a user expires.


# Rules for Linux IPTABLES_NAT
#IPTABLES_NAT START "/sbin/iptables -t nat -F"
#IPTABLES_NAT INIT "/sbin/iptables -t nat -I PREROUTING -i eth0:1 -p tcp -s eth0:1 -d 0/0 --dport 80 -j DNAT --to-destination eth0:5121"
#IPTABLES_NAT INIT "/sbin/iptables -t nat -I POSTROUTING -p udp --dport 53 -j SNAT --to-source eth0"
#IPTABLES_NAT GRANT "/sbin/iptables -t nat -I PREROUTING -i eth0:1 -p tcp -s users -d 0/0 --dport 80 -j ACCEPT"
#IPTABLES_NAT GRANT "/sbin/iptables -t nat -I POSTROUTING -p tcp -s users -j SNAT --to-source eth0"
#IPTABLES_NAT REVOKE "/sbin/iptables -t nat -D PREROUTING -i eth0:1 -p tcp -s users -d 0/0 --dport 80 -j ACCEPT"
#IPTABLES_NAT REVOKE "/sbin/iptables -t nat -D POSTROUTING -p tcp -s users -j SNAT --to-source [WAN_ADDRESS]"

# Rules for Linux IPTABLES_PROXY
#IPTABLES_PROXY START "/sbin/iptables -t nat -F"
IPTABLES_PROXY INIT "/sbin/iptables -t nat -I PREROUTING -i eth0:1 -p tcp -s eth0:1 -d 0/0 --dport 80 -j DNAT --to-destination 192.168.204.178:5121"
IPTABLES_PROXY INIT "/sbin/iptables -t nat -I POSTROUTING -p udp --dport 53 -j SNAT --to-source 192.168.204.178"
IPTABLES_PROXY GRANT "/sbin/iptables -t nat -I PREROUTING -i eth0:1 -p tcp -s users --dport 80 -j DNAT --to-destination 192.168.204.178:3128"
IPTABLES_PROXY REVOKE "/sbin/iptables -t nat -D PREROUTING -i eth0:1 -p tcp -s users -j DNAT --to-destination 192.168.204.178:3128"



# Rules for Freebsd IPFW_NAT
IPFW_NAT START "ipfw del 8"
IPFW_NAT START "ipfw del 9"
IPFW_NAT START "ipfw del 10"
IPFW_NAT INIT "ipfw add 10 fwd 127.0.0.1,5121 tcp from [LAN_INTERFACE] to any 80"
IPFW_NAT INIT "ipfw add 10 fwd 127.0.0.1,5122 tcp from [LAN_INTERFACE] to any 5122"
IPFW_NAT GRANT "ipfw add 8 divert [NATD_PORT] ip from [CLIENT_ADDRESS] to any out xmit [WAN_INTERFACE] "
IPFW_NAT GRANT "ipfw add 9 skipto 11 all from [CLIENT_ADDRESS] to any"
IPFW_NAT REVOKE "ipfw del 8 divert [NATD_PORT] ip from [CLIENT_ADDRESS] to any out xmit [WAN_INTERFACE] "
IPFW_NAT REVOKE "ipfw del 9 skipto 11 all from [CLIENT_ADDRESS] to any"

# Rules for Freebsd IPFW_PROXY - PROXY PORT
IPFW_PROXY START "ipfw del 8"
IPFW_PROXY START "ipfw del 9"
IPFW_PROXY START "ipfw del 10"
IPFW_PROXY INIT "ipfw add 10 fwd 127.0.0.1,5121 tcp from [LAN_INTERFACE] to any 80"
IPFW_PROXY INIT "ipfw add 10 fwd 127.0.0.1,5122 tcp from [LAN_INTERFACE] to any 5122"
IPFW_PROXY GRANT "ipfw add 8 fwd 127.0.0.1:[PROXY_PORT] tcp from [CLIENT_ADDRESS] to any 80"
IPFW_PROXY GRANT "ipfw add 9 skipto 11 all from [CLIENT_ADDRESS] to any"
IPFW_PROXY REVOKE "ipfw del 8 fwd 127.0.0.1:[PROXY_PORT] tcp from [CLIENT_ADDRESS] to any 80"
IPFW_PROXY REVOKE "ipfw del 9 skipto 11 all from [CLIENT_ADDRESS] to any"


Alguém poderia me ajudar?

Buckminster
(usa Debian)

Enviado em 24/07/2014 - 12:44h

Executar "make" sem desinstalar o programa primeiro irá instalar por cima utilizando os mesmos arquivos de configuração, ou seja, irá reinstalar com os mesmos erros.

Aconselho a desinstalar o NatACL, reiniciar a máquina e instalá-lo de novo a partir do zero.

É no Linux Mint?

stefaniobrunhara
(usa CentOS)

Enviado em 24/07/2014 - 13:20h

Muito legal, eu sempre tive o conceito que proxy transparente não tinha autenticação.

sgtmaykel
(usa Linux Mint)

Enviado em 25/07/2014 - 07:39h

mas para desistalar o NatACL eu uso o apt-get auto remove NatACL? ou tem algum outro modo de remover completamente para depois eu reiniciar e maquina e tentar reinstalar?

sim eu estou usando o linux mint.

outra duvida quando eu usei o comando auto-apt update ele tentou baixar um pacote Contents-i386.gz mas não conseguiu. o que eu devo fazer? tem algum repositório que posso acrescentar no sources.list pra baixar esse pacote? será a falta deste pacote que ocasionou o erro no NatACL?

dimasdaros
(usa Arch Linux)

Enviado em 25/07/2014 - 08:58h

Estava olhando o que postou ali, você rodou o make mas não o make install.
Não precisaria rodar o make install para instalar esse aplicativo?

roda um

make uninstall
make clean
make
make install

depois tenta rodar o app novamente pra ver se vai

sgtmaykel
(usa Linux Mint)

Enviado em 25/07/2014 - 09:09h

não rodei o make install pq segui um tutorial que dizia pra rodar make ou auto-apt run make

sgtmaykel
(usa Linux Mint)

Enviado em 25/07/2014 - 09:24h

maykel-virtual-machine NatACL.20050311 # make uninstall
make: *** No rule to make target `uninstall'. Stop.
maykel-virtual-machine NatACL.20050311 # make clean
find . -name \*.o -exec rm -f {} \;
find . -name \*.so -exec rm -f {} \;
rm -f NatACL
rm -f install.bin
maykel-virtual-machine NatACL.20050311 #

após o make:
maykel-virtual-machine NatACL.20050311 # make
cc build_make.c -o .fastmake/build_fast_make.bin
./.fastmake/build_fast_make.bin
Searching Library: [ xml2] FOUND: /usr/lib/i386-linux-gnu
Searching Include: [ iconv.h] FOUND: /usr/include
Searching Include: [ libxml/xmlversion.h] FOUND: /usr/include/libxml2
cc -c .fastmake/FastMake.c -o.fastmake/FastMake.o -I/usr/include -I/usr/include/libxml2
cc -c .fastmake/file.c -o.fastmake/file.o -I/usr/include -I/usr/include/libxml2
cc -c .fastmake/search.c -o.fastmake/search.o -I/usr/include -I/usr/include/libxml2
cc -c .fastmake/string.c -o.fastmake/string.o -I/usr/include -I/usr/include/libxml2
cc -c .fastmake/xml.c -o.fastmake/xml.o -I/usr/include -I/usr/include/libxml2
cc -o install.bin .fastmake/FastMake.o .fastmake/file.o .fastmake/search.o .fastmake/string.o .fastmake/xml.o -L/usr/lib/i386-linux-gnu -lxml2
./install.bin make.xml
Building project: NatACL

- Build Program: NatACL -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: ssl.h] [FOUND]: /usr/include/openssl
[Library: crypto] [FOUND]: /usr/lib/i386-linux-gnu
[Library: ssl] [FOUND]: /usr/lib/i386-linux-gnu
[Library: dl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build NatACL.c OK
Build config_file.c OK
Build html.c OK
Build log.c OK
Build sha1.c OK
Build util.c OK
Build auth.c OK
Build file.c OK
Build http.c OK
Build ping.c OK
Build socket.c OK
Build webserver.c OK
cc -O2 -rdynamic -s -L/usr/lib/i386-linux-gnu -lcrypto -L/usr/lib/i386-linux-gnu -lssl -L/usr/lib/i386-linux-gnu -ldl src/NatACL/NatACL.o src/NatACL/config_file.o src/NatACL/html.o src/NatACL/log.o src/NatACL/sha1.o src/NatACL/util.o src/NatACL/auth.o src/NatACL/file.o src/NatACL/http.o src/NatACL/ping.o src/NatACL/socket.o src/NatACL/webserver.o -o NatACL


src/NatACL/NatACL.o: In function `init_ssl':
NatACL.c:(.text+0xd19): undefined reference to `SSLv23_server_method'
NatACL.c:(.text+0xd21): undefined reference to `SSL_CTX_new'
NatACL.c:(.text+0xd44): undefined reference to `SSL_CTX_use_certificate_file'
NatACL.c:(.text+0xd67): undefined reference to `SSL_CTX_use_PrivateKey_file'
NatACL.c:(.text+0xd7a): undefined reference to `SSL_CTX_check_private_key'
NatACL.c:(.text+0xd89): undefined reference to `SSL_new'
NatACL.c:(.text+0xda2): undefined reference to `SSL_set_fd'
NatACL.c:(.text+0xdb5): undefined reference to `SSL_accept'
src/NatACL/NatACL.o: In function `main':
NatACL.c:(.text.startup+0x47): undefined reference to `SSL_library_init'
NatACL.c:(.text.startup+0x4c): undefined reference to `SSL_load_error_strings'
src/NatACL/html.o: In function `template_show_fd':
html.c:(.text+0x7cc): undefined reference to `SSL_write'
src/NatACL/auth.o: In function `run_auth_module':
auth.c:(.text+0x7c): undefined reference to `dlopen'
auth.c:(.text+0x92): undefined reference to `dlsym'
auth.c:(.text+0x9c): undefined reference to `dlerror'
auth.c:(.text+0xc3): undefined reference to `dlclose'
auth.c:(.text+0xe9): undefined reference to `dlerror'
src/NatACL/socket.o: In function `sock_buf_fill':
socket.c:(.text+0x37b): undefined reference to `SSL_read'
src/NatACL/socket.o: In function `sock_printf':
socket.c:(.text+0x73e): undefined reference to `SSL_write'
src/NatACL/socket.o: In function `sock_wait_for_data_ssl':
socket.c:(.text+0xd05): undefined reference to `SSL_read'
collect2: error: ld returned 1 exit status


FAILED

Installing...

Creating directory: /usr/local
Creating directory: /usr/local/bin
cp -f NatACL /usr/local/bin


cp: cannot stat ‘NatACL’: No such file or directory



- Build Program: NatACL.log.squid -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: ssl.h] [FOUND]: /usr/include/openssl
[Library: ssl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build NatACL.log.squid.c OK
Build file.c OK
Build log.c OK
Build sha1.c OK
Build tail.c OK
Build util.c OK
cc -O3 -s -L/usr/lib/i386-linux-gnu -lssl src/NatACL.log.squid/NatACL.log.squid.o src/NatACL.log.squid/file.o src/NatACL.log.squid/log.o src/NatACL.log.squid/sha1.o src/NatACL.log.squid/tail.o src/NatACL.log.squid/util.o -o NatACL.log.squid
OK

Installing...

Creating directory: /usr/local
Creating directory: /usr/local/bin
cp -f NatACL.log.squid /usr/local/bin

- Build Program: auth_mysql.so -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: mysql.h] [FOUND]: /usr/include/mysql
[Include: NatACL.h] [FOUND]: src/NatACL
[Library: mysqlclient] [FOUND]: /usr/lib/i386-linux-gnu
[Library: dl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build Mysql.c OK
cc -O3 -shared -rdynamic -Wl,-soname,A -L/usr/lib/i386-linux-gnu -lmysqlclient -L/usr/lib/i386-linux-gnu -ldl src/modules/auth_mysql/Mysql.o -o auth_mysql.so
OK

Installing...

Creating directory: /var/NatACL
Creating directory: /var/NatACL/modules
Creating directory: /var/NatACL/modules/auth
cp -f auth_mysql.so /var/NatACL/modules/auth

- Build Program: auth_unix.so -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: NatACL.h] [FOUND]: src/NatACL
[Library: crypt] [FOUND]: /usr/lib/i386-linux-gnu
[Library: dl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build main.c OK
cc -O3 -shared -rdynamic -Wl,-soname,A -L/usr/lib/i386-linux-gnu -lcrypt -L/usr/lib/i386-linux-gnu -ldl src/modules/auth_unix/main.o -o auth_unix.so
OK

Installing...

Creating directory: /var/NatACL
Creating directory: /var/NatACL/modules
Creating directory: /var/NatACL/modules/auth
cp -f auth_unix.so /var/NatACL/modules/auth
Creating directory: /var/NatACL
Creating directory: /var/NatACL/html
cp -f main.html /var/NatACL/html
Creating directory: /var/NatACL
Creating directory: /var/NatACL/html
cp -f login.html /var/NatACL/html
./post_install.sh
Keeping original /usr/local/etc/NatACL.conf
Keeping original cert_server.pem
maykel-virtual-machine NatACL.20050311 # make install
make: *** No rule to make target `install'. Stop.
maykel-virtual-machine NatACL.20050311 #


o erro permanece

Buckminster
(usa Debian)

Enviado em 25/07/2014 - 21:46h

Na verdade proxy transparente é proxy transparente e proxy autenticado é proxy autenticado.

O pessoal confunde porque a autenticação não é feita por um proxy tipo o Squid.

Proxy transparente com autenticação não existe. No momento que tu coloca autenticação ele deixa de ser transparente.

O NatACL é basicamente um servidor DHCP que interage com o Iptables. Ele força as estações a usar o DHCP dele e quem não usar fica sem conexão.
E junto tem o servidor NatACL_web que é um servidor HTTP que intercepta as requisições e permite autenticação, além de outras funções.
Tecnicamente o NatACL não é um proxy. E se tem a função de possibilitar login e senha, logicamente também não é transparente.

Buckminster
(usa Debian)

Enviado em 25/07/2014 - 21:48h

Como tu instalou o NatACL... manualmente ou pelo apt-get?

sgtmaykel
(usa Linux Mint)

Enviado em 28/07/2014 - 11:00h

instalei ele manualmente.
vc conhece outra forma de instalar?
conseguiu identificar o erro?

Buckminster
(usa Debian)

Enviado em 29/07/2014 - 02:15h

Primeiro remova completamente o NatACL que tu tem.

Depois execute:

# apt-get update

# apt-get install make gcc g++ libpcap-dev libxml2 sqlite3 openssl libiptc iptables

Depois baixe o NatACL aqui:

http://natacl.sourceforge.net/

Descompacte e instale com:

# make
# make install

E veja o que diz na documentação:
"If you have an old 486 as firewall and 200 workstations.. forget it :)"

"Se tu tem um 486 como CPU e 200 ou mais estações na rede, esqueça o NatACL."

sgtmaykel
(usa Linux Mint)

Enviado em 29/07/2014 - 08:39h

bom dia
criei uma máquina virtual nova apenas para nova instalação. as informações do meu processador são:

maykel-virtual-machine maykel # cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 6
model : 58
model name : Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
stepping : 9
microcode : 0x15
cpu MHz : 2195.013
cache size : 6144 KB
physical id : 0
siblings : 1
core id : 0
cpu cores : 1
apicid : 0
initial apicid : 0
fdiv_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 13
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts mmx fxsr sse sse2 ss nx rdtscp lm constant_tsc arch_perfmon pebs bts xtopology tsc_reliable nonstop_tsc aperfmperf eagerfpu pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt xsave avx f16c rdrand hypervisor lahf_lm ida arat epb xsaveopt pln pts dtherm fsgsbase smep
bogomips : 4390.02
clflush size : 64
cache_alignment : 64
address sizes : 40 bits physical, 48 bits virtual
power management:

maykel-virtual-machine maykel #

após instalar todos os pacotes com exceção do apcote libiptc que não foi encontrado, tive que instalar ainda os pacotes libxml2-dev e libssl-dev pois dava erro nesses pacotes. executei o comando make e o retorno foi:


maykel-virtual-machine NatACL.20050311 # make
cc build_make.c -o .fastmake/build_fast_make.bin
./.fastmake/build_fast_make.bin
Searching Library: [ xml2] FOUND: /usr/lib/i386-linux-gnu
Searching Include: [ iconv.h] FOUND: /usr/include
Searching Include: [ libxml/xmlversion.h] FOUND: /usr/include/libxml2
./install.bin make.xml
Building project: NatACL

- Build Program: NatACL -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: ssl.h] [FOUND]: /usr/include/openssl
[Library: crypto] [FOUND]: /usr/lib/i386-linux-gnu
[Library: ssl] [FOUND]: /usr/lib/i386-linux-gnu
[Library: dl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build NatACL.c OK - NOT CHANGED
Build config_file.c

src/NatACL/config_file.c:33:18: fatal error: pcap.h: No such file or directory
#include <pcap.h>
^
compilation terminated.


FAILED
Build html.c OK - NOT CHANGED
Build log.c OK - NOT CHANGED
Build sha1.c OK - NOT CHANGED
Build util.c OK - NOT CHANGED
Build auth.c OK - NOT CHANGED
Build file.c OK - NOT CHANGED
Build http.c OK - NOT CHANGED
Build ping.c OK - NOT CHANGED
Build socket.c OK - NOT CHANGED
Build webserver.c OK - NOT CHANGED
cc -O2 -rdynamic -s -L/usr/lib/i386-linux-gnu -lcrypto -L/usr/lib/i386-linux-gnu -lssl -L/usr/lib/i386-linux-gnu -ldl src/NatACL/NatACL.o src/NatACL/config_file.o src/NatACL/html.o src/NatACL/log.o src/NatACL/sha1.o src/NatACL/util.o src/NatACL/auth.o src/NatACL/file.o src/NatACL/http.o src/NatACL/ping.o src/NatACL/socket.o src/NatACL/webserver.o -o NatACL


cc: error: src/NatACL/config_file.o: No such file or directory


FAILED

Installing...

Creating directory: /usr/local
Creating directory: /usr/local/bin
cp -f NatACL /usr/local/bin


cp: cannot stat ‘NatACL’: No such file or directory



- Build Program: NatACL.log.squid -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: ssl.h] [FOUND]: /usr/include/openssl
[Library: ssl] [FOUND]: /usr/lib/i386-linux-gnu

Compiling...

Build NatACL.log.squid.c OK - NOT CHANGED
Build file.c OK - NOT CHANGED
Build log.c OK - NOT CHANGED
Build sha1.c OK - NOT CHANGED
Build tail.c OK - NOT CHANGED
Build util.c OK - NOT CHANGED

Installing...

Creating directory: /usr/local
Creating directory: /usr/local/bin
cp -f NatACL.log.squid /usr/local/bin

- Build Program: auth_mysql.so -----------------
[System Include path: src/NatACL]
[System Include path: /usr/local/include]
[System Include path: /usr/include]
[System library path: /usr/local/lib]
[System library path: /usr/lib]

-------------------------------------------------------
Searching...

[Include: mysql.h] [NOT FOUND - CRITICAL]
maykel-virtual-machine NatACL.20050311 #