NatACL
NatACL is a Linux firewall group policy controller for intranets and Internet. Using a internal DHCP server, it can force users to use a DHCP client, and you can block static IPs. It will bind an IP to a MAC address and enforce this usage. You can control groups that can see each other with intranet policies, or control who has access to the Internet. It also has an option to force users to authenticate themselves over the Web before accessing the Internet.
| Tags | Internet Proxy Servers Web HTTP Servers Networking Firewalls |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX BSD FreeBSD NetBSD |
Recent releases
- 15 Aug 2006 01:40
Changes: Bugfixes were made. A thread pool is now used to run all iptables commands, avoiding race conditions. A new type of lock prevents dead-lock/race conditions. An anti-anti-popup was provided in NatACL_web. A bug on 64-bit machines was fixed.
- 02 Aug 2006 03:35
Changes: Bugfixes were made. A thread was added to handle the systems() command. A partial implementation of libiptc (iptables library) was made. SO_BIND_TO_DEVICE is used to force interface usage (security).
- 26 Jul 2006 06:26
Changes: A crash which occurred when a new machine is added was fixed. The NatACL_web POP3 authentication module is working. Makefile errors were fixed. Loss of precision on 32-bit machines was fixed.
- 22 Jul 2006 23:12
Changes: DHCP client expiration was added, so five minutes of inactivity will remove the FORWARD IPTABLES rules. Group-to-group policies can be implemented to manage ACLs that restrict or allow communications between groups (subnets). EXEC options are now executed with a minimum of five minutes (even if the DHCP client requests an IP address at 15/15s). A little HOWTO in English has been written.
- 18 Jul 2006 22:25
Changes: A simple DHCP server that allows creation of groups and policy groups was added. It also enforces DHCP usage. Iptables rules are added automatically after a DHCP request, allowing SNAT/DNAT or NATACL configurations. No configuration files are needed. It only works on Linux.
- All comments
Recent commentscompile error
Compiling...
Build NatACL_config.c OK
Build ../common/db.c OK
Build ../common/conversion.c OK
Build ../common/socket_tools.c
In file included from /usr/include/openssl/ssl.h:179,
from src/common/socket_tools.c:34:
/usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory
In file included from /usr/include/openssl/ssl.h:179,
from src/common/socket_tools.c:34:
/usr/include/openssl/kssl.h:134: syntax error before "krb5_enctype"
/usr/include/openssl/kssl.h:136: syntax error before '*' token
/usr/include/openssl/kssl.h:137: syntax error before '}' token
/usr/include/openssl/kssl.h:149: syntax error before "kssl_ctx_setstring"
/usr/include/openssl/kssl.h:149: syntax error before '*' token
/usr/include/openssl/kssl.h:150: syntax error before '*' token
/usr/include/openssl/kssl.h:151: syntax error before '*' token
/usr/include/openssl/kssl.h:151: syntax error before '*' token
/usr/include/openssl/kssl.h:152: syntax error before '*' token
/usr/include/openssl/kssl.h:153: syntax error before "kssl_ctx_setprinc"
/usr/include/openssl/kssl.h:153: syntax error before '*' token
/usr/include/openssl/kssl.h:155: syntax error before "kssl_cget_tkt"
/usr/include/openssl/kssl.h:155: syntax error before '*' token
/usr/include/openssl/kssl.h:157: syntax error before "kssl_sget_tkt"
/usr/include/openssl/kssl.h:157: syntax error before '*' token
/usr/include/openssl/kssl.h:159: syntax error before "kssl_ctx_setkey"
/usr/include/openssl/kssl.h:159: syntax error before '*' token
/usr/include/openssl/kssl.h:161: syntax error before "context"
/usr/include/openssl/kssl.h:162: syntax error before "kssl_build_principal_2"
/usr/include/openssl/kssl.h:162: syntax error before "context"
/usr/include/openssl/kssl.h:165: syntax error before "kssl_validate_times"
/usr/include/openssl/kssl.h:165: syntax error before "atime"
/usr/include/openssl/kssl.h:167: syntax error before "kssl_check_authent"
/usr/include/openssl/kssl.h:167: syntax error before '*' token
/usr/include/openssl/kssl.h:169: syntax error before "enctype"
In file included from src/common/socket_tools.c:34:
/usr/include/openssl/ssl.h:909: syntax error before "KSSL_CTX"
/usr/include/openssl/ssl.h:931: syntax error before '}' token
FAILED
libxml2 is installed
/usr/bin/sqlite3 -version
3.1.2
whereis sqlite3
sqlite3: /usr/bin/sqlite3 /usr/include/sqlite3.h /opt/lampp/bin/sqlite3 /usr/share/man/man1/sqlite3.1.gz
/usr/bin/openssl version
OpenSSL 0.9.7a Feb 19 2003
whereis openssl
openssl: /usr/bin/openssl /usr/include/openssl /opt/lampp/bin/openssl /usr/share/man/man1/openssl.1ssl.gz
any idea?
thanks in advance
Re: SQL error: (null)
> I've a little problem on using Nat,
> every time i write an instruction with
> NatACL_config ...... the terminal
> writes: "SQL error: (null)"
> I don't know what to do, if you could
> help me please
what command are you tryng to execute?
SQL error: (null)
I've a little problem on using Nat, every time i write an instruction with NatACL_config ...... the terminal writes: "SQL error: (null)"
I don't know what to do, if you could help me please
Re: verification of MAC address/IP
> It would like to know if it exists the
> possibility to place a verification of
> MAC address/IP.
now it does :)
Re: verification of MAC address/IP
> It would like to know if it exists the
> possibility to place a verification of
> MAC address/IP.
IP Address check is already been done by mysql plugin.
( MAC Address is a firewall issue ).