Page 6 of 16 FirstFirst ... 45678 ... LastLast
Results 51 to 60 of 152

Thread: HOWTO: Install Dansguardian on a single desktop

  1. #51
    Join Date
    Feb 2007
    Beans
    8

    Re: HOWTO: Install Dansguardian on a single desktop

    I upgraded to feisty and found firehol is no longer starting.
    I get lots of errors like this when firehol is started.
    I've changed the /sbin/firehol script to use bash31 (https://bugs.launchpad.net/ubuntu/+s...hol/+bug/78017). I can now start firehol without errors but the dansguardian/firehol/tinyproxy configuration doesn't work ; it works if I set firefox to use directly tinyproxy. So the transparent proxy is broken...

  2. #52
    Join Date
    Apr 2006
    Location
    Sydney, AUS
    Beans
    62
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: HOWTO: Install Dansguardian on a single desktop

    A solution that doesn't involve copying bash31 from an edgy system is as follows:

    sudo vi /lib/firehol/firehol (replace vi with you editor of choice)
    and replace all %q strings with %b.

    This is what they've done in gentoo to solve the problem.
    There seems to be some confusion as to who is actually responsible for the
    problem bash, firehol or iptables but at least this fixes the problem
    until a proper fix comes along.

  3. #53
    Join Date
    Oct 2005
    Location
    Edwardsville, IL
    Beans
    157

    Re: HOWTO: Install Dansguardian on a single desktop

    Thanks for the %q %b tip. I was on the verge of uninstalling Feisty and going back to Dapper.

    But I am still having some issues. This was such a nice internet filter setup for Dapper/Edgy but I am having some substantial issues with Feisty. My firehol.conf looks like this:

    iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
    transparent_squid 8080 "root root"

    interface any world
    policy drop
    protection strong

    #interface eth1 home
    # server ping accept
    # server ssh accept
    # client all accept
    # server cups accept


    If I comment out the uncommented lines and uncomment the commented lines, I can get access to the internet (but unfiltered and frighteningly unprotected). If I run it as is, firefox says it can't find any servers and I can't ping anywhere - I basically have no access.

    What am I doing wrong?

    Thanks,

    Ryan

  4. #54
    Join Date
    Oct 2005
    Location
    Edwardsville, IL
    Beans
    157

    Re: HOWTO: Install Dansguardian on a single desktop

    Sorry, I am an idiot. I started messing with firehol.conf to try and trouble shoot this before I read the %q %b thing. After replacing the %q's with %b's in /lib/firehol/firehol, everything is working as expected with this firehol.conf:

    iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
    transparent_squid 8080 "root root"

    interface any world
    policy drop
    protection strong

    #interface eth1 home
    # server ping accept
    # server ssh accept
    client all accept
    server cups accept

    Basically, I had forgotten that the last two lines were part of my original firehol.conf and not something I added during the trouble shooting.

    Thanks,

    Ryan

  5. #55
    Join Date
    Apr 2007
    Beans
    29

    Re: HOWTO: Install Dansguardian on a single desktop

    Quote Originally Posted by scottmuz View Post
    A solution that doesn't involve copying bash31 from an edgy system is as follows:

    sudo vi /lib/firehol/firehol (replace vi with you editor of choice)
    and replace all %q strings with %b.

    This is what they've done in gentoo to solve the problem.
    There seems to be some confusion as to who is actually responsible for the
    problem bash, firehol or iptables but at least this fixes the problem
    until a proper fix comes along.
    Hi everbody!

    For me none of the proposed solutions worked...

    I tried first the replace "thing" and after that the copying of bash31.

    I don't remember where, but I read a post of Costa Tsaousis (author of firehol) showing that the replace "thing" generates other problems.

    Last I tried install a Edgy server from scratch, updated it and installed firehol. For my surprise, it doesn't work too! :O

  6. #56
    Join Date
    Oct 2005
    Location
    Edwardsville, IL
    Beans
    157

    Re: HOWTO: Install Dansguardian on a single desktop

    This is more of a Dansguardian question, but does anyone know how when running in blanketblock mode I can have google.com on the grey list but images.google.com on the blacklist?

    Thanks,

    Ryan

  7. #57
    Join Date
    Apr 2007
    Beans
    23

    Question Re: HOWTO: Install Dansguardian on a single desktop

    I'm getting an error when Firehol is restarted. I'm using Feisty(7.0.4). This is my conf settings for Firehol:

    version 5
    iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP

    transparent_squid 8080 "root root"

    interface any world
    policy drop
    protection strong
    client all accept
    server cups accept
    #server webcache accept


    When I restart Firehol, this is the error that I get:

    ERROR : # 1.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world -p tcp -m state '' --state NEW \! --syn -j pr_world_nosyn
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 2.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_all_c1 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 3.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_all_c1 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 4.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_irc_c2 -p tcp --sport 32768:61000 --dport 6667 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 5.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_irc_c2 -p tcp --sport 6667 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 6.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_ftp_c3 -p tcp --sport 32768:61000 --dport ftp -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 7.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_ftp_c3 -p tcp --sport ftp --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 8.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_ftp_c3 -p tcp --sport ftp-data --dport 32768:61000 -m state '' --state ESTABLISHED\,RELATED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 9.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_ftp_c3 -p tcp --sport 32768:61000 --dport ftp-data -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 10.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_ftp_c3 -p tcp --sport 32768:61000 --dport 1000:65535 -m state '' --state ESTABLISHED\,RELATED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 11.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_ftp_c3 -p tcp --sport 1000:65535 --dport 32768:61000 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 12.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p tcp --sport 1000:65535 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 13.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p tcp --sport 631 --dport 1000:65535 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 14.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p tcp --sport 631 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 15.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p tcp --sport 631 --dport 631 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 16.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p udp --sport 1000:65535 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 17.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p udp --sport 631 --dport 1000:65535 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 18.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p udp --sport 631 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 19.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p udp --sport 631 --dport 631 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 20.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line FIN of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world -m state '' --state RELATED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 21.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line FIN of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world -m state '' --state RELATED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 22.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line FIN of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A INPUT -m state '' --state RELATED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 23.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line FIN of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A OUTPUT -m state '' --state RELATED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 24.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line FIN of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A FORWARD -m state '' --state RELATED -j ACCEPT
    OUTPUT :


    [fail]
    I though I followed everything as shown. What have I done wrong?

  8. #58
    Join Date
    Jun 2007
    Beans
    4

    Re: HOWTO: Install Dansguardian on a single desktop

    hi all,

    I followed this tutorial, and it worked just fine , my only problem is that if I want to use checkgmail I have to use this command as root to enable checkgmail to reach my mailbox.

    HTTPS_PROXY="https://127.0.0.1:8080"; checkgmail

    do you know a way around this problem?

    thanks

  9. #59
    Join Date
    Mar 2007
    Location
    UK, Staffordshire
    Beans
    348
    Distro
    Ubuntu 11.04 Natty Narwhal

    HOWTO: Install Dansguardian on a single desktop - Feisty Problem

    Has anyone got Dansguardian to work with Feisty, I have followed this how-to to the letter and when running firefox cannot access any sites, I understand that I keep the setting to direct connection in Firefox>Prefs.

    Also some methods suggest transparentsquis be set to "nobody root" and some "root root" why is this.

    Please help as I need to filter the net for my children.

    I use standard ubuntu with fiesty, internet is on ra0. PC connects to router - router connects to net.

    Thanks

    Ian
    Box 1 | Xubuntu 12.10 64 bit | Gigabyte GA-MA78GM-S3H rev2 / AMD 5900+ | 250Gb Hitachi SATA / 4Gb RAM
    Ubuntu User #14507[/U] | GPG Key 0xBE7E87FD

  10. #60
    Join Date
    Jan 2006
    Beans
    173
    Distro
    Ubuntu 9.10 Karmic Koala

    Re: HOWTO: Install Dansguardian on a single desktop

    I too am having a problem with this howto on feisty.
    pianoboy3333

Page 6 of 16 FirstFirst ... 45678 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •