Question to the Linux Cracks…

Nextiva is a cloud based VoIP phone system, hosting lots of small and medium sized businesses nationwide. the provides UNLIMITED business calling for only $19.95 a month!! Click here for the detail about this promotion!!

Hello Linux Cracks. I there I in the company beside my normal work also still the entire EDP on the neck have, must you times ask which it at mine place would make.

We are in the office 20 mA all this over one let us rout via cable in Internet go.
We have 22 computers in this network.

In order to keep the colleagues of all the garbage in the Internet far, I filter via opendns everything raus which not with the work to tuhen have raus. Furthermore OpenDNS offers also the possibility the access to well-known offering nets to block. Now it comes stop now and then before me ODNS on mark commodity activity refers to.

The stupid is only I cannot thereby not locate on which of the 21 Windows computers itself this mark commodity in genius constant has. Past proceeding was then all computer complex with anti-virus software and AdAware scanned became.

Now I would like to install on that 22 computers (Debian Lenny) a software, those in the situation am DNS inquire the Clients to receive and these inquire to Nat routing to pass on. While it makes, the IP address of the Clients and the dnsanfrage are to be held in a log.

the log is to look as follows.


Date Time IPAdresse DNSanfrage
12.03.2010 13:57: 12 192.168.45.2 www.zielurl.ho t

thus prinziepiell I would like to know which client when which URL angesurft.
So I can directly on the contaminated computer fall itself and do not have not 21 computers scan.


Thanks for your tips!

---

one squid

---

determines ne mad software is squit, however I would like to reach this without proxy attitudes.

heist I would like simply into windows linux the computer as dns server to enter, and that whole is to fluppen. quasi without operating a complete dns server or proxy.

---

Keep the legal aspect in the eye. Mitloggen of visited Internet sides might not be so easily permissible - even if the attendance of the sides is not permitted.
To clarify should in each case of the employers.

---

Quotation:

Quotation of HyBird the log is to look as follows. Code: Date Time IPAdresse DNSanfrage 12.03.2010 13:57: 12 192.168.45.2 www.zielurl.ho t

The standard name server (bind), which already with the Linux system thereby is, offers such minutes. Probably it will not be switched on in the pre-setting, but in the description the necessary configuration should have to be found.

---

Quotation:

Quotation of HyBird The stupid is only I cannot thereby not locate on which of the 21 Windows computers itself this mark commodity in genius constant has. Now I would like to install on that 22 computers (Debian Lenny) a software, those in the situation am DNS inquire the Clients to receive and these inquire to Nat routing to pass on. While it makes, the IP address of the Clients and the dnsanfrage are to be held in a log.

one iptables, LOG target. But remember that Windows cached.

---

I would also say: BIND take. _ist_ the DNS server, makes by nature even the DNS Caching for Client inquiries, logs over its own log section and then looks you still after the options “forwarders” and for “forward”, if it the inquiries just to DSL-rout to pass on is, instead of even in the Inet to kramen.

_Alles_ configurable in _einer_ file: Check and employ you with /etc/named.conf.

Power thus exactly, which you want.

Wenns for example around Webbrowsergeschichten goes, and you know, go the doubtful URL there some more much geileres: By means of gefakter zone file inquiries on your Lenny crate return (Apache configure) and wait, who comes there in the company “nen picture of HyBird, that me the stinking finger shows!” calls…

---

Quotation:

Quotation of HyBird Now I would like to install on that 22 computers (Debian Lenny) a software, those in the situation am DNS inquire the Clients to receive and these inquire to Nat routing to pass on.

Do not understand I. External NAT routing? Why doesn't make debian NAT rout?

dnsmasq and iptables and finished.

Bind overkill one does not do oneself nevertheless because of so a small LAN.

With the cannon shot at Spatzen.

---

Quotation:

Quotation of woprr Do not understand I. Bind overkill one does not do oneself nevertheless because of so a small LAN. With the cannon shot at Spatzen.

I hate such further inquiries, because they can cause senseless debates under EH gelists, but I must place them, in order to call for objectivity:

What please BINDS on is the Overkill? The name server (without own zones; only for the purpose of the Cachings and LOGGING) to furnish 240sek lasts. Edit in named.conf, and or two commands on shell level. Then one still looks in the Firewall (if furnished) after the accessibility of 53/udp. Finished.

Quotation:

External NAT routing? Why doesn't make debian NAT rout? dnsmasq and iptables and finished.

I accept, that a NAT routing with HyBird am that boron the gateway of the whole firm net (as you already say: “small LAN”). , Masquerading, LOGGING, opened one of haven, configurations/LOGGING and forwardings of the NAT Routers shift DSL entrance thus on the Lenny transferred to the Lenny, only…

… functions again in such a way up to everything, as it before already was… hhm. Subsequently, only still the LOGGING so trims, until the inquiries mentioned by HyBird are logged in such a way, as desired.

I like me err, but for me sounds after more work than the four minutes the name server and EN starting bringing. And we did not speak yet about which dengelt and routet it meant, if that takes over a NAT routing also still the DHCP for the company, VoIP etc.

One can make that in such a way everything, as suggested by you. I am even large fan of it. In all of me cared for mechanisms are shifted as first DNS and DHCP from the small embedded boxes redundantly on servers, because there are then thereby the few problems. But here HyBird wanted to shift nevertheless only one possibility for logging, and not whole boron the gateway…

---

Now completely simply the Debiankiste is internal file server and Askerisk telephone system and places I certainly not with more ner public IP in the net without me with the configuration of the Firewall to be versed.
IP Tables is super however quite complicated.
Therefore our RV042 NAT between 2 Internetanschlsssen and internal one makes network. To that leave yourself also more comfortable with VPN between the firm locations interlacing.

I now times will install and will configure bind9. And look whether me the LOGGING makes lucky.

---

more @Kritter
May not be, I am filling time network uncles.
And iptables LOG logs.
Machs it then nevertheless fast over SSH?

Quotation:

Quotation of HyBird Now completely simply the Debiankiste is internal file server and Askerisk telephone system and places I certainly not with more ner public IP in the net without me with the configuration of the Firewall to be versed.

There does one the Firewallqualitt of so ner purchase box then rather trust and does come into redundant and uneconomic complexity to this Thread led? OK ONE. Wusst I not.

---

Quotation:

Quotation of woprr And iptables LOG logs.

You have also the instruction ready, with that iptables that Contents the DNS inquiry lied? It did not concern to determine here, that a computer DNS inquiries makes, probably does for each computer. It concerned, which computer sends DNS inquiries with concrete contents.

---

super. again thanks for the tip!

which is missing to me now still, a tip is as I routs Linksys RV042
teach all Traffic to forbid and individual services permit.
does someone have such a part to to run?

Greeting Marco

---

Hoppla, of ner Cisco purchase box htt I however now expected
Looks in such a way as if debian and iptables that would have to make nevertheless.

---

Now all the same back to the topic: Bind overkill??? with nieces! I registered perhaps 10 lines code into ne config file. And rockt great!
IP Tables is there substantially more complex and if one makes errors there, what guaranteed I will make as LL (LinuxLamer), is no longer safe the network. Thus the RV042 must settle that.

Interesting only that is the RV042 with creation of the Firewalll ACCESS Rules
the VPN traffic locks out.

In addition property I times ne Mail skillfully to the support for that it interests. The solution become I post then also here.

---

That your RDP functions itself?

You times IP copilot looks at, should one also without much knowledge get. About Surfverhalten:
Squid
Squidguard
COFFIN

---

Quotation:

Quotation of HyBird Interesting only that is the RV042 with creation of the Firewalll ACCESS Rules the VPN traffic locks out.

Initial principle of the smallest rights. Had to release explicitly.

---

even if I ipsec do not release luppt that.

give ipsec from each rj11 haven from each IP to each IP freely gives none.

---

From bottom to top vintages! I wait posts for the solution and become you then.

Code:

Very honoured Mr. W.,  

thanks for the actualization. From today on I already discuss the problem with escalation engineer. Expect more information from it or me in the next days.

Yours sincerely,  

Marco W. wrote: 
I have at the incoming goods rout in factory settings put back. Unfortunately
> no change resulted in. I estimate that nevertheless the Firmwareentwikler
> again ran must.
> For further inquiries, you reach me from 8 to 17 o'clock under telephone
> 02225 ****** after 17 o'clock 0177 *******.
> 
> MFG Marco W.
> 
> On Tuesday, Cisco mA wrote the 16.02.2010, 14:04 +0200:
>   
> Very honoured Mr. W.,  
> > 
> > I reproduced the problem in our laboratory and the result
> > was exactly the same. If you rout already in
> > Factory settings put and the problem back still exist,
> > let me know, in order to escalate the case.
> > 
> > Yours sincerely,  
> > 
> > Marco Wolff wrote: 
> >     
> > Very honoured Mr. ******,
> > > 
> > > first times thanks for the friendly Geprch with you.
> > > Enclosed again a small summary of the problem.
> > > 
> > > Firewall rules are provided as evident on the screen SHOT,
> > > the RV042 leaves no more network traffic by the IPSEC tunnel.
> > > The Lan behind the RV042 is no longer attainable then via VPN.
> > > Gateway thus the RV042 remains attainable via VPN.
> > > 
> > > I will mornings again rout in factory settings to put back
> > > and again configuring. Then we continue to see.
> > > 
> > > My Cisco Login is: ********
> > > 
> > > I hope you can now a case of support from it make.

---

Quotation:

Quotation of HyBird Now all the same back to the topic: Bind overkill??? with nieces! I registered perhaps 10 lines code into ne config file. And rockt great!

Does your DNS search (the output problem) have already somewhat to light promoted on the part of the Clients? Remarkablenesses, which you can report here anonymizated? Nevertheless sounded nevertheless quite exciting…

---

okay the server now everyone dns inquires there logs, can one now great on the basis the statistics of opendns see which computers which closed domains to access.

Assumed odns statisktik, that indicates is very often tried the page foxclub.de to call.

here I log in now in the CONSOLE and look for myself in the log file query.log
by means of:
Code:

asterisk: /var/log/bind# grep - i www.foxclub.de query.log
 15-Feb-2010 13:36: 41.376 queries: info.: client 192.168.133.145 #50868: query: www.foxclub.de IN A +
 asterisk: /var/log/bind#

now I can snatch myself the user of computer 145 and ask him that in the future to omit.
exactly the same I proceed now also with malwaredomains.
so I could already find a computer with an unknown root kit and eleminieren the kit.
(for me viruses are unknown if no scanengine on NoVirusThanks on it respond.)

has by the way also dhcp of rout eleminiert and on debian gotten.
dhcp the server can one do not only say distribute ips! but also verklickeren the computers, which does not agree the IP address of the gateway with the IP address of the DNS of server. Totally geile thing that here.

Now I still wait for deeskalation from Cisco. the only hook is that the people the whole LOGGING stuff to go around can in another dns the server merge statically.

Thus and for this I need evenly the Firewallregeln of the Routers. Which I cannot use unfortunately, because the VPN traffic is then locked out. grummel.

---

Well is nevertheless great. Then you got ahead exactly in the crucial thing. Makes happy us. But remain opposite nevertheless polite for your users/fellow combatants. The problem mostly sits before the computer, but the people are not direct sometimes debt, if under its desk which verselbstndigt itself…

---

As already said, general (also in our office) admits the Sex is sides due to the large popularity as virus centrifuges is abused.
For each dark there Internet, the more highly is the Warscheinlichkeit which to be caught.
Our MAs has signed these activities in the office to omit.
(SEX, file sharing, WAREZ etc.) if you it do, you nevertheless are evenly addressed and the index fingers raised. <--Even if that is the effect. The bad is that the people means not bad and still tries over Proxies to access. The freiwillige obligation brought nothing. therefore now one rigs! Because the boss packs me if there at the eggs which inclined went ......

---

Quotation:

Quotation of HyBird Because the boss packs me if there at the eggs which inclined went ......

Thus already again Sex in the office. And then still of the hard sort.

---

Sex in the office is the Knaller solang it in the Internet does not take place!
Furthermore do not point I also which it to laugh there gives Novize! tztz
Probably not yet from the Kicheralter raus which?