Re: HOWTO: Install Dansguardian on a single desktop
Quote:
I upgraded to feisty and found firehol is no longer starting.
I get lots of errors like this when firehol is started.
I've changed the /sbin/firehol script to use bash31 (https://bugs.launchpad.net/ubuntu/+s...hol/+bug/78017). I can now start firehol without errors but the dansguardian/firehol/tinyproxy configuration doesn't work ; it works if I set firefox to use directly tinyproxy. So the transparent proxy is broken...
Re: HOWTO: Install Dansguardian on a single desktop
A solution that doesn't involve copying bash31 from an edgy system is as follows:
sudo vi /lib/firehol/firehol (replace vi with you editor of choice)
and replace all %q strings with %b.
This is what they've done in gentoo to solve the problem.
There seems to be some confusion as to who is actually responsible for the
problem bash, firehol or iptables but at least this fixes the problem
until a proper fix comes along.
Re: HOWTO: Install Dansguardian on a single desktop
Thanks for the %q %b tip. I was on the verge of uninstalling Feisty and going back to Dapper.
But I am still having some issues. This was such a nice internet filter setup for Dapper/Edgy but I am having some substantial issues with Feisty. My firehol.conf looks like this:
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "root root"
interface any world
policy drop
protection strong
#interface eth1 home
# server ping accept
# server ssh accept
# client all accept
# server cups accept
If I comment out the uncommented lines and uncomment the commented lines, I can get access to the internet (but unfiltered and frighteningly unprotected). If I run it as is, firefox says it can't find any servers and I can't ping anywhere - I basically have no access.
What am I doing wrong?
Thanks,
Ryan
Re: HOWTO: Install Dansguardian on a single desktop
Sorry, I am an idiot. I started messing with firehol.conf to try and trouble shoot this before I read the %q %b thing. After replacing the %q's with %b's in /lib/firehol/firehol, everything is working as expected with this firehol.conf:
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "root root"
interface any world
policy drop
protection strong
#interface eth1 home
# server ping accept
# server ssh accept
client all accept
server cups accept
Basically, I had forgotten that the last two lines were part of my original firehol.conf and not something I added during the trouble shooting.
Thanks,
Ryan
Re: HOWTO: Install Dansguardian on a single desktop
Quote:
Originally Posted by
scottmuz
A solution that doesn't involve copying bash31 from an edgy system is as follows:
sudo vi /lib/firehol/firehol (replace vi with you editor of choice)
and replace all %q strings with %b.
This is what they've done in gentoo to solve the problem.
There seems to be some confusion as to who is actually responsible for the
problem bash, firehol or iptables but at least this fixes the problem
until a proper fix comes along.
Hi everbody! :)
For me none of the proposed solutions worked... :P
I tried first the replace "thing" and after that the copying of bash31.
I don't remember where, but I read a post of Costa Tsaousis (author of firehol) showing that the replace "thing" generates other problems.
Last I tried install a Edgy server from scratch, updated it and installed firehol. For my surprise, it doesn't work too! :O
Re: HOWTO: Install Dansguardian on a single desktop
This is more of a Dansguardian question, but does anyone know how when running in blanketblock mode I can have google.com on the grey list but images.google.com on the blacklist?
Thanks,
Ryan
Re: HOWTO: Install Dansguardian on a single desktop
I'm getting an error when Firehol is restarted. I'm using Feisty(7.0.4). This is my conf settings for Firehol:
version 5
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "root root"
interface any world
policy drop
protection strong
client all accept
server cups accept
#server webcache accept
When I restart Firehol, this is the error that I get:
ERROR : # 1.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world -p tcp -m state '' --state NEW \! --syn -j pr_world_nosyn
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 2.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_all_c1 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 3.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_all_c1 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 4.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_irc_c2 -p tcp --sport 32768:61000 --dport 6667 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 5.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_irc_c2 -p tcp --sport 6667 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 6.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_ftp_c3 -p tcp --sport 32768:61000 --dport ftp -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 7.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ftp_c3 -p tcp --sport ftp --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 8.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ftp_c3 -p tcp --sport ftp-data --dport 32768:61000 -m state '' --state ESTABLISHED\,RELATED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 9.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_ftp_c3 -p tcp --sport 32768:61000 --dport ftp-data -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 10.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_ftp_c3 -p tcp --sport 32768:61000 --dport 1000:65535 -m state '' --state ESTABLISHED\,RELATED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 11.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ftp_c3 -p tcp --sport 1000:65535 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 12.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p tcp --sport 1000:65535 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 13.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p tcp --sport 631 --dport 1000:65535 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 14.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p tcp --sport 631 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 15.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p tcp --sport 631 --dport 631 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 16.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p udp --sport 1000:65535 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 17.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p udp --sport 631 --dport 1000:65535 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 18.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p udp --sport 631 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 19.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p udp --sport 631 --dport 631 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 20.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world -m state '' --state RELATED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 21.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world -m state '' --state RELATED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 22.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A INPUT -m state '' --state RELATED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 23.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A OUTPUT -m state '' --state RELATED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 24.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A FORWARD -m state '' --state RELATED -j ACCEPT
OUTPUT :
[fail]
I though I followed everything as shown. What have I done wrong?
Re: HOWTO: Install Dansguardian on a single desktop
hi all,
I followed this tutorial, and it worked just fine , my only problem is that if I want to use checkgmail I have to use this command as root to enable checkgmail to reach my mailbox.
HTTPS_PROXY="https://127.0.0.1:8080"; checkgmail
do you know a way around this problem?
thanks
HOWTO: Install Dansguardian on a single desktop - Feisty Problem
Has anyone got Dansguardian to work with Feisty, I have followed this how-to to the letter and when running firefox cannot access any sites, I understand that I keep the setting to direct connection in Firefox>Prefs.
Also some methods suggest transparentsquis be set to "nobody root" and some "root root" why is this.
Please help as I need to filter the net for my children.
I use standard ubuntu with fiesty, internet is on ra0. PC connects to router - router connects to net.
Thanks
Ian
Re: HOWTO: Install Dansguardian on a single desktop
I too am having a problem with this howto on feisty.