Is squid running?
Is squid running?
Its certainly to be hoped that Squid is not running - it shouldn't be!
Please see the the other thread where you asked the same question concerning Clamav issues.
--Tony
I setup my home PC (I only have one PC at home with no internal network) using this HowTo several months ago and it has been working great .
Then today I found my PC really slow and noticed my broadband modems LEDs were blinking like crazy. I did a tail -f on tinyproxy log and saw it was scrolling like crazy. I was horrified to find I was being used as a proxy server by God only knows who.
I commented out "server webcache accept" in firehol.conf and this seemed to stop the external traffic.
But now I'm a bit scared. Am I right in thinking that the way firehol is setup it allows any inbound connection on any port. My firehol.conf is:
<<
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "root root"
interface any world
policy drop
protection strong
client all accept
server cups accept
# server webcache accept
version 5
>>
I was expecting Firehol to block all inbound traffic.
Sorry to hear of your unpleasant experience!
The inclusion of "server webcache accept" was at the request of many who wished to use the dansguardian box to filter other boxes on a network - it therefore had to be opened to them. I did mention the following:
"The dansguardian system that is doing the filtering on your network using this configuration CANNOT be connected directly to the internet - very important!!"
Meaning that firehol is allowing access to all and that a router or separate system should be controlling the incoming traffic.
Perhaps by default the "server webcache accept" line should be commented out!
** Have just edited the first post so that it is commented out **
Thanks for pointing out the danger of this.
--Tony
Last edited by tonhou; March 4th, 2007 at 09:25 AM.
Question... If I have this setup... Internet -> Router -> Hub -> to multiple computers, one of which is the DG one, will it still work? Or would I have to have the DG box before the hub?
Borris
__________________________________________________ __
"If at first it doesn't work... install, install, install again."
Yes, provided the other configuration conditions are met as per the first post.to multiple computers, one of which is the DG one, will it still work?
--Tony
Well, I don't want to have to set all the browsers. None of the network connections would run through the box. It would just be on one of the branches of the hub. That or is there an easy way to have my router use a proxy?
Borris
__________________________________________________ __
"If at first it doesn't work... install, install, install again."
Hi Tonhou,
Brilliant how to. I used this previously on Mepis for my kids pc and it worked like adream. but i have moved to xubuntu fiesty as it seems to be faster on this old pII box.
I have followed the instructions again but when i restart firehol i get a whole lot of errors and firehol fails and i can't browse "tiny proxy error" if i switch of firehol everything works and dansguardian does it's job as expected.
Can i leave it running without firehol and what are the implication of doing so. also could i install a different firewall i.e. one with a gui that i can configure for other rules and would that in turn effect dansguardian?? below is the error ouput from firehol.
thanks for any help.
ERROR : # 1.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world -p tcp -m state '' --state NEW \! --syn -j pr_world_nosyn
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 2.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_all_c1 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 3.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_all_c1 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 4.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_irc_c2 -p tcp --sport 1024:4999 --dport 6667 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 5.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_irc_c2 -p tcp --sport 6667 --dport 1024:4999 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 6.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_ftp_c3 -p tcp --sport 1024:4999 --dport ftp -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 7.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ftp_c3 -p tcp --sport ftp --dport 1024:4999 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 8.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ftp_c3 -p tcp --sport ftp-data --dport 1024:4999 -m state '' --state ESTABLISHED\,RELATED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 9.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_ftp_c3 -p tcp --sport 1024:4999 --dport ftp-data -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 10.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_ftp_c3 -p tcp --sport 1024:4999 --dport 1000:65535 -m state '' --state ESTABLISHED\,RELATED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 11.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_ftp_c3 -p tcp --sport 1000:65535 --dport 1024:4999 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 12.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p tcp --sport 1000:65535 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 13.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p tcp --sport 631 --dport 1000:65535 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 14.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p tcp --sport 631 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 15.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p tcp --sport 631 --dport 631 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 16.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p udp --sport 1000:65535 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 17.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p udp --sport 631 --dport 1000:65535 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 18.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world_cups_s4 -p udp --sport 631 --dport 631 -m state '' --state NEW\,ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 19.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line INIT of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world_cups_s4 -p udp --sport 631 --dport 631 -m state '' --state ESTABLISHED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 20.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A in_world -m state '' --state RELATED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 21.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A out_world -m state '' --state RELATED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 22.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A INPUT -m state '' --state RELATED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 23.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A OUTPUT -m state '' --state RELATED -j ACCEPT
OUTPUT :
--------------------------------------------------------------------------------
ERROR : # 24.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A FORWARD -m state '' --state RELATED -j ACCEPT
OUTPUT :
I'm trying to connect my laptop (running Ubuntu 6.10) and other PCs with Win XP , to my network.
I want to use another Ubuntu box, with DG to do web filtering. My set up is like this:
The Ubuntu CE, does an excellent jot at web filtering, but only on the browser running on that machine. The browser on the laptop does not connect to the internet, and I followed the directions in this HOWTO. The UbuntuCE even has a dhcp server. From the laptop I can not ping 192.168.10.3 nor 192.168.10.1 which is my modem.Code:Internet <-> DSL Modem UbuntuCE Router <-> 192.168.10.37 (Dhcp) Switch with DG 192.168.10.1 192.168.10.3 (Static) static ^ | v Switch < - > Laptop (192.168.10.200)
What am I doing wrong???
FV
I upgraded to feisty and found firehol is no longer starting.
I get lots of errors like this when firehol is started.
--------------------------------------------------------------------------------
ERROR : # 16.
WHAT : A runtime command failed to execute (returned error 2).
SOURCE : line FIN of /etc/firehol/firehol.conf
COMMAND : /sbin/iptables -t filter -A FORWARD -m state '' --state RELATED -j ACCEPT
OUTPUT :
It seems there is some sort of iptables / firehol incompatibility from reading
http://archives.free.net.ph/message/...82996a.en.html
Bookmarks