IPTABLES Time Limits

[karlp at ourldsfamily.com]

I spent much of Friday night and today setting up my network preparatory
to filtering.

I installed a second NIC in my server, changed it's IP address to
10.0.0.1, which was my Cisco router's IP before the change. The Cisco is
now 172.20.20.1 and the second NIC on my server is 172.20.20.2.

I've looked at Squid and am overwhelmed, but have an iptables script that
works just fine for IP traffic forwarding, so the network is functioning
as it did before the change. I had to setup DHCP for an XP Pro PC that
wasn't working.

2 questions:

1. I want to be able to give access to the internet during certain hours
of the day for some PCs on the network and close down outbound access
during after-hours and part of the weekend. Can I do these time
restrictions?

2. what would the best method be of using NAT on the server. The Cisco
already does NAT, but the parts of it that translate to the 10.0.0.0
network now fails. All the services that are translated to the server work
fine. That's because it's on the same subnet as the Cisco (172.20.20.0).

Topology of NAT look like this:

172.20.20.2 25 198.60.114.90 25 tcp    < still works
172.20.20.2 80 198.60.114.90 80 tcp    < still works

10.0.0.2 10001 198.60.114.90 10000 tcp < Webmin to another 'server' fails
10.0.0.20 5900 198.60.114.90 5900 tcp  < VNC to a laptop fails

I'm thinking that I would need to setup the Cisco to direct those ports to
the server and then some iptables rules that redirect those ports to the
internal IP addresses.

Help?

--
Karl Pearson
karlp at ourldsfamily.com
http://consulting.ourldsfamily.com
http://emailgroups.ourldsfamily.com
 If you don't think the dead come back to life, Be here at quitting time
 --
 My Thoughts on Terrorism In America: http://www.ourldsfamily.com/wtc.shtml
 --
 A right is not what someone gives you; it's what no one can take from you.
 -- Ramsey Clark