Projects / NatACL

NatACL

NatACL is a Linux firewall group policy controller for intranets and Internet. Using a internal DHCP server, it can force users to use a DHCP client, and you can block static IPs. It will bind an IP to a MAC address and enforce this usage. You can control groups that can see each other with intranet policies, or control who has access to the Internet. It also has an option to force users to authenticate themselves over the Web before accessing the Internet.

Tags
Licenses
Operating Systems

Recent releases

  •  15 Aug 2006 08:40

    Release Notes: Bugfixes were made. A thread pool is now used to run all iptables commands, avoiding race conditions. A new type of lock prevents dead-lock/race conditions. An anti-anti-popup was provided in NatACL_web. A bug on 64-bit machines was fixed.

    •  02 Aug 2006 10:35

      Release Notes: Bugfixes were made. A thread was added to handle the systems() command. A partial implementation of libiptc (iptables library) was made. SO_BIND_TO_DEVICE is used to force interface usage (security).

      •  26 Jul 2006 13:26

        Release Notes: A crash which occurred when a new machine is added was fixed. The NatACL_web POP3 authentication module is working. Makefile errors were fixed. Loss of precision on 32-bit machines was fixed.

        •  23 Jul 2006 06:12

          Release Notes: DHCP client expiration was added, so five minutes of inactivity will remove the FORWARD IPTABLES rules. Group-to-group policies can be implemented to manage ACLs that restrict or allow communications between groups (subnets). EXEC options are now executed with a minimum of five minutes (even if the DHCP client requests an IP address at 15/15s). A little HOWTO in English has been written.

          •  19 Jul 2006 05:25

            Release Notes: A simple DHCP server that allows creation of groups and policy groups was added. It also enforces DHCP usage. Iptables rules are added automatically after a DHCP request, allowing SNAT/DNAT or NATACL configurations. No configuration files are needed. It only works on Linux.

            Recent comments

            11 Oct 2006 15:02 compucated

            compile error
            Compiling...

            Build NatACL_config.c OK

            Build ../common/db.c OK

            Build ../common/conversion.c OK

            Build ../common/socket_tools.c

            In file included from /usr/include/openssl/ssl.h:179,

            from src/common/socket_tools.c:34:

            /usr/include/openssl/kssl.h:72:18: krb5.h: No such file or directory

            In file included from /usr/include/openssl/ssl.h:179,

            from src/common/socket_tools.c:34:

            /usr/include/openssl/kssl.h:134: syntax error before "krb5_enctype"

            /usr/include/openssl/kssl.h:136: syntax error before '*' token

            /usr/include/openssl/kssl.h:137: syntax error before '}' token

            /usr/include/openssl/kssl.h:149: syntax error before "kssl_ctx_setstring"

            /usr/include/openssl/kssl.h:149: syntax error before '*' token

            /usr/include/openssl/kssl.h:150: syntax error before '*' token

            /usr/include/openssl/kssl.h:151: syntax error before '*' token

            /usr/include/openssl/kssl.h:151: syntax error before '*' token

            /usr/include/openssl/kssl.h:152: syntax error before '*' token

            /usr/include/openssl/kssl.h:153: syntax error before "kssl_ctx_setprinc"

            /usr/include/openssl/kssl.h:153: syntax error before '*' token

            /usr/include/openssl/kssl.h:155: syntax error before "kssl_cget_tkt"

            /usr/include/openssl/kssl.h:155: syntax error before '*' token

            /usr/include/openssl/kssl.h:157: syntax error before "kssl_sget_tkt"

            /usr/include/openssl/kssl.h:157: syntax error before '*' token

            /usr/include/openssl/kssl.h:159: syntax error before "kssl_ctx_setkey"

            /usr/include/openssl/kssl.h:159: syntax error before '*' token

            /usr/include/openssl/kssl.h:161: syntax error before "context"

            /usr/include/openssl/kssl.h:162: syntax error before "kssl_build_principal_2"

            /usr/include/openssl/kssl.h:162: syntax error before "context"

            /usr/include/openssl/kssl.h:165: syntax error before "kssl_validate_times"

            /usr/include/openssl/kssl.h:165: syntax error before "atime"

            /usr/include/openssl/kssl.h:167: syntax error before "kssl_check_authent"

            /usr/include/openssl/kssl.h:167: syntax error before '*' token

            /usr/include/openssl/kssl.h:169: syntax error before "enctype"

            In file included from src/common/socket_tools.c:34:

            /usr/include/openssl/ssl.h:909: syntax error before "KSSL_CTX"

            /usr/include/openssl/ssl.h:931: syntax error before '}' token

            FAILED

            libxml2 is installed

            /usr/bin/sqlite3 -version

            3.1.2

            whereis sqlite3

            sqlite3: /usr/bin/sqlite3 /usr/include/sqlite3.h /opt/lampp/bin/sqlite3 /usr/share/man/man1/sqlite3.1.gz

            /usr/bin/openssl version

            OpenSSL 0.9.7a Feb 19 2003

            whereis openssl

            openssl: /usr/bin/openssl /usr/include/openssl /opt/lampp/bin/openssl /usr/share/man/man1/openssl.1ssl.gz

            any idea?

            thanks in advance

            26 Sep 2006 08:54 FabioYY

            Re: SQL error: (null)


            > I've a little problem on using Nat,

            > every time i write an instruction with

            > NatACL_config ...... the terminal

            > writes: "SQL error: (null)"

            > I don't know what to do, if you could

            > help me please

            what command are you tryng to execute?

            24 Sep 2006 11:20 triduo

            SQL error: (null)
            I've a little problem on using Nat, every time i write an instruction with NatACL_config ...... the terminal writes: "SQL error: (null)"

            I don't know what to do, if you could help me please

            18 Jul 2006 15:08 FabioYY

            Re: verification of MAC address/IP


            > It would like to know if it exists the

            > possibility to place a verification of

            > MAC address/IP.

            now it does :)

            23 Apr 2004 16:21 FabioYY

            Re: verification of MAC address/IP

            > It would like to know if it exists the

            > possibility to place a verification of

            > MAC address/IP.

            IP Address check is already been done by mysql plugin.

            ( MAC Address is a firewall issue ).

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.