Page 5 of 16 FirstFirst ... 3456715 ... LastLast
Results 41 to 50 of 152

Thread: HOWTO: Install Dansguardian on a single desktop

  1. #41
    Join Date
    Jan 2007
    Beans
    3

    Re: HOWTO: Install Dansguardian on a single desktop

    Is squid running?

  2. #42
    Join Date
    Jun 2006
    Beans
    70

    Re: HOWTO: Install Dansguardian on a single desktop

    Its certainly to be hoped that Squid is not running - it shouldn't be!

    Please see the the other thread where you asked the same question concerning Clamav issues.

    --Tony

  3. #43
    Join Date
    Apr 2006
    Location
    Sydney, AUS
    Beans
    62
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: HOWTO: Install Dansguardian on a single desktop

    I setup my home PC (I only have one PC at home with no internal network) using this HowTo several months ago and it has been working great .

    Then today I found my PC really slow and noticed my broadband modems LEDs were blinking like crazy. I did a tail -f on tinyproxy log and saw it was scrolling like crazy. I was horrified to find I was being used as a proxy server by God only knows who.

    I commented out "server webcache accept" in firehol.conf and this seemed to stop the external traffic.

    But now I'm a bit scared. Am I right in thinking that the way firehol is setup it allows any inbound connection on any port. My firehol.conf is:
    <<
    iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP

    transparent_squid 8080 "root root"

    interface any world
    policy drop
    protection strong
    client all accept
    server cups accept
    # server webcache accept

    version 5
    >>

    I was expecting Firehol to block all inbound traffic.

  4. #44
    Join Date
    Jun 2006
    Beans
    70

    Re: HOWTO: Install Dansguardian on a single desktop

    Sorry to hear of your unpleasant experience!

    The inclusion of "server webcache accept" was at the request of many who wished to use the dansguardian box to filter other boxes on a network - it therefore had to be opened to them. I did mention the following:

    "The dansguardian system that is doing the filtering on your network using this configuration CANNOT be connected directly to the internet - very important!!"

    Meaning that firehol is allowing access to all and that a router or separate system should be controlling the incoming traffic.

    Perhaps by default the "server webcache accept" line should be commented out!

    ** Have just edited the first post so that it is commented out **

    Thanks for pointing out the danger of this.

    --Tony
    Last edited by tonhou; March 4th, 2007 at 09:25 AM.

  5. #45
    Join Date
    Oct 2006
    Beans
    218

    Re: HOWTO: Install Dansguardian on a single desktop

    Question... If I have this setup... Internet -> Router -> Hub -> to multiple computers, one of which is the DG one, will it still work? Or would I have to have the DG box before the hub?
    Borris
    __________________________________________________ __

    "If at first it doesn't work... install, install, install again."

  6. #46
    Join Date
    Jun 2006
    Beans
    70

    Re: HOWTO: Install Dansguardian on a single desktop

    to multiple computers, one of which is the DG one, will it still work?
    Yes, provided the other configuration conditions are met as per the first post.

    --Tony

  7. #47
    Join Date
    Oct 2006
    Beans
    218

    Re: HOWTO: Install Dansguardian on a single desktop

    Well, I don't want to have to set all the browsers. None of the network connections would run through the box. It would just be on one of the branches of the hub. That or is there an easy way to have my router use a proxy?
    Borris
    __________________________________________________ __

    "If at first it doesn't work... install, install, install again."

  8. #48
    Join Date
    Mar 2007
    Beans
    Hidden!

    Re: HOWTO: Install Dansguardian on a single desktop

    Hi Tonhou,

    Brilliant how to. I used this previously on Mepis for my kids pc and it worked like adream. but i have moved to xubuntu fiesty as it seems to be faster on this old pII box.

    I have followed the instructions again but when i restart firehol i get a whole lot of errors and firehol fails and i can't browse "tiny proxy error" if i switch of firehol everything works and dansguardian does it's job as expected.

    Can i leave it running without firehol and what are the implication of doing so. also could i install a different firewall i.e. one with a gui that i can configure for other rules and would that in turn effect dansguardian?? below is the error ouput from firehol.

    thanks for any help.

    ERROR : # 1.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world -p tcp -m state '' --state NEW \! --syn -j pr_world_nosyn
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 2.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_all_c1 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 3.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_all_c1 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 4.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_irc_c2 -p tcp --sport 1024:4999 --dport 6667 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 5.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_irc_c2 -p tcp --sport 6667 --dport 1024:4999 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 6.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_ftp_c3 -p tcp --sport 1024:4999 --dport ftp -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 7.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_ftp_c3 -p tcp --sport ftp --dport 1024:4999 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 8.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_ftp_c3 -p tcp --sport ftp-data --dport 1024:4999 -m state '' --state ESTABLISHED\,RELATED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 9.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_ftp_c3 -p tcp --sport 1024:4999 --dport ftp-data -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 10.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_ftp_c3 -p tcp --sport 1024:4999 --dport 1000:65535 -m state '' --state ESTABLISHED\,RELATED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 11.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_ftp_c3 -p tcp --sport 1000:65535 --dport 1024:4999 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 12.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p tcp --sport 1000:65535 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 13.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p tcp --sport 631 --dport 1000:65535 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 14.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p tcp --sport 631 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 15.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p tcp --sport 631 --dport 631 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 16.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p udp --sport 1000:65535 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 17.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p udp --sport 631 --dport 1000:65535 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 18.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p udp --sport 631 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 19.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line INIT of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p udp --sport 631 --dport 631 -m state '' --state ESTABLISHED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 20.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line FIN of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A in_world -m state '' --state RELATED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 21.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line FIN of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A out_world -m state '' --state RELATED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 22.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line FIN of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A INPUT -m state '' --state RELATED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 23.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line FIN of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A OUTPUT -m state '' --state RELATED -j ACCEPT
    OUTPUT :




    --------------------------------------------------------------------------------
    ERROR : # 24.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line FIN of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A FORWARD -m state '' --state RELATED -j ACCEPT
    OUTPUT :

  9. #49
    Join Date
    Oct 2006
    Beans
    1

    Re: HOWTO: Install Dansguardian on a single desktop

    I'm trying to connect my laptop (running Ubuntu 6.10) and other PCs with Win XP , to my network.
    I want to use another Ubuntu box, with DG to do web filtering. My set up is like this:

    Code:
    Internet <-> DSL Modem         UbuntuCE
                 Router            <-> 192.168.10.37 (Dhcp)
                 Switch                    with DG
                   192.168.10.1       192.168.10.3 (Static)
                    static                               ^
                                                         |
                                                         v
                                                        Switch < - > Laptop  (192.168.10.200)
    The Ubuntu CE, does an excellent jot at web filtering, but only on the browser running on that machine. The browser on the laptop does not connect to the internet, and I followed the directions in this HOWTO. The UbuntuCE even has a dhcp server. From the laptop I can not ping 192.168.10.3 nor 192.168.10.1 which is my modem.

    What am I doing wrong???


    FV

  10. #50
    Join Date
    Apr 2006
    Location
    Sydney, AUS
    Beans
    62
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: HOWTO: Install Dansguardian on a single desktop

    I upgraded to feisty and found firehol is no longer starting.

    I get lots of errors like this when firehol is started.
    --------------------------------------------------------------------------------
    ERROR : # 16.
    WHAT : A runtime command failed to execute (returned error 2).
    SOURCE : line FIN of /etc/firehol/firehol.conf
    COMMAND : /sbin/iptables -t filter -A FORWARD -m state '' --state RELATED -j ACCEPT
    OUTPUT :

    It seems there is some sort of iptables / firehol incompatibility from reading
    http://archives.free.net.ph/message/...82996a.en.html

Page 5 of 16 FirstFirst ... 3456715 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •