Slackware This Forum is for the discussion of Slackware Linux.
|
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
04-11-2006, 03:08 PM
|
#16
|
Member
Registered: Sep 2003
Posts: 142
Rep:
|
I am a big a fan of slackware as the next slacker, but perhaps http://www.ipcop.org would be a wiser choice in this situation.
-tank
|
|
|
04-11-2006, 11:14 PM
|
#17
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
I brought the computer home today. It is a Celeron @ 1.1Ghz w/ 128MB of RAM. Apparently it used to be setup as a filter and firewall of some kind. In fact when I boot the system up, it takes me to an installation of RedHat 7. Unfortunately, we have NO IDEA what the system password is so the installation of RedHat is pretty much useless. I put a Slax 5.1 CD in the machine and booted it up. Success!! Slax discovered everything including the 3 network cards and assigned an IP address to the one I plugged into my home network. Unfortunately, when I type startx it puts the X mouse pointer in the middle of the screen that's it. Was I supposed to specify which Environment (Fluxbox or KDE)?? Everytime I type xconf and THEN do startx I get an error message. Considering I am NOT using Slax, but rather a full blown Slackware install, I can do without Slax working smoothly.
In observing the RedHat startup it loaded iptables with the words NetFilter next to it. So apparently the previous setup used iptables in some kind of filter. I just wish I knew how.
|
|
|
04-11-2006, 11:49 PM
|
#18
|
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141
Rep:
|
Have a look in /etc/rc.d/init.d for a file called something like iptables, firewall, rc.firewall, etc. It will probably refer to files /etc/sysconfig. Somewhere in there will be the settings that the firewall uses.
Sorry that's so vague - my config here is different to that...
|
|
|
05-01-2006, 07:36 PM
|
#19
|
LQ Newbie
Registered: Apr 2004
Location: San Tan Valley, Az
Distribution: Any... but I prefer Debian based...
Posts: 26
Rep:
|
Quote:
Originally Posted by tubatodd
I brought the computer home today. It is a Celeron @ 1.1Ghz w/ 128MB of RAM. Apparently it used to be setup as a filter and firewall of some kind. In fact when I boot the system up, it takes me to an installation of RedHat 7. Unfortunately, we have NO IDEA what the system password is so the installation of RedHat is pretty much useless. I put a Slax 5.1 CD in the machine and booted it up. Success!! Slax discovered everything including the 3 network cards and assigned an IP address to the one I plugged into my home network. Unfortunately, when I type startx it puts the X mouse pointer in the middle of the screen that's it. Was I supposed to specify which Environment (Fluxbox or KDE)?? Everytime I type xconf and THEN do startx I get an error message. Considering I am NOT using Slax, but rather a full blown Slackware install, I can do without Slax working smoothly.
In observing the RedHat startup it loaded iptables with the words NetFilter next to it. So apparently the previous setup used iptables in some kind of filter. I just wish I knew how.
|
netfilter = iptables
My recommendation is to just wipe that RH7 out of existence and install slackware, hit linuxpackages and grab squid. Once you have slack running on that box, follow up with this forum if you need to. It seems that everyone here is quite willing to help, I will also check in from time to time. I do this sort of thing for a living so I am not always the quickest to respond on these forums. Best of luck, and have fun. ;-)
|
|
|
05-05-2006, 07:57 PM
|
#20
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
So far, I have Dansguardian and tinyproxy working well together.
THANKS!!!
( http://www.vollmar.ch/dansguardian-e.html)
Those 2 programs are communicating with each other without a hitch.
I followed some instructions on how to direct KDE to have to go through dansguardian. After configuring KDE (on the machine I am configuring to be a filter) and testing with a few banned websites....IT WORKED! Konquer said Access denied. I configured Firefox to use the proxy (127.0.0.1 port 8080) and again...IT WORKED!
So far so good, BUT I still have questions. Currently, I am testing the machine on my home network. I have placed the filtered PC between my DSL modem and my Linksys wireless router (192.168.2.1). Here are my questions.
1. The machine has 2 ethernet cards. The eth0 is connected to the WAN through the DSL modem. The filtered machine detected its ip address automatically and it has internet on that machine. Soooooo, I have a cable connected to eth1 and it goes into the router. On bootup, the filtered machine detects both cards, configures the internet for eth0, but I am getting some new dhcpd errors on bootup. I have a feeling this is because I finally put a cable in the other ethernet card. From the other computers on my home network on can contact the Linksys router, BUT I have no internet access. Sooooo, I have a feeling I don't have my eth1 configured properly to allow access to the internet. Need help!!!
2. Dansguardian does a GREAT job of filtering inappropriate websites and even google searches. However, I do have a few sites that I have been requested to have blocked which include "myspace.com" and various others. How do I block a specific website?
3. I'm interested in configuring the filtered machine so that it FORCES ALL web access through dansguardian. I don't want to configure EVERY machine and EVERY web browser to use the proxy manually. The website listed above suggests running the following commands on bootup
1. modprobe iptable_nat
2. echo 1 > /proc/sys/net/ipv4/ip_forward
3. iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
I tried these commands in a terminal window and I lost web access on the filtered machine. My browser gave me a message from Tinyproxy. Need Help!
Thanks for your help!!!!!!
|
|
|
05-05-2006, 08:27 PM
|
#21
|
Member
Registered: May 2003
Location: S.F. Bay Area
Distribution: Ubuntu 9.04 AMD64
Posts: 595
Rep:
|
I'm running Squid with caching (3GB cache) and no filtering on a Pentium II 400 MHz box with 256MB of RAM, serving 15-20 machines and performance is excellent.
Since you have limited RAM, you SHOULD NOT be running X, let alone KDE or any other desktop environment. Learn how to configure everything from the command line and login to the box using SSH and all should be well.
EDIT: Also, how much disk space do you have? If you decide to do any caching, you'll need disk space for that.
Peace...
Last edited by tomdkat; 05-05-2006 at 08:29 PM.
|
|
|
05-05-2006, 09:09 PM
|
#22
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Quote:
Originally Posted by tomdkat
I'm running Squid with caching (3GB cache) and no filtering on a Pentium II 400 MHz box with 256MB of RAM, serving 15-20 machines and performance is excellent.
Since you have limited RAM, you SHOULD NOT be running X, let alone KDE or any other desktop environment. Learn how to configure everything from the command line and login to the box using SSH and all should be well.
EDIT: Also, how much disk space do you have? If you decide to do any caching, you'll need disk space for that.
Peace...
|
Thanks for your message. I am running KDE only for testing purposes (ie web browser, kedit, terminal...multitasking). Ultimately when the machine is installed at the school it will just boot to a command prompt and work its magic.
Not to be rude, but I am not interested in Squid. Everywhere I look I see Squid this...Squid that...caching...blah blah. I'm not interested in caching and personally all I need this box to do is filter web content which you said you weren't doing anyway.
Last edited by tubatodd; 05-05-2006 at 09:12 PM.
|
|
|
05-05-2006, 09:58 PM
|
#23
|
Member
Registered: May 2003
Location: S.F. Bay Area
Distribution: Ubuntu 9.04 AMD64
Posts: 595
Rep:
|
Quote:
Originally Posted by tubatodd
Not to be rude, but I am not interested in Squid. Everywhere I look I see Squid this...Squid that...caching...blah blah. I'm not interested in caching and personally all I need this box to do is filter web content which you said you weren't doing anyway.
|
That's cool. Caching web content will speed things up for your users and over time reduce the amount of bandwidth used, etc. Squid gets mentioned so much because it works very well and is rock solid. Squid's main purpose in life isn't to filter content even though it has that capability.
Good luck with the box.
Peace...
|
|
|
05-06-2006, 05:56 AM
|
#24
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
caching can be easily disabled in squid:
http://www.squid-cache.org/Doc/FAQ/FAQ-4.html#ss4.20
on this setup, i personally wouldn't disable it, though... with those 128MB of RAM, setting a memory cache of 16 MB or something like that is MUCH better than having no cache at all...
as for the tinyproxy program: i don't think i would ever replace squid with that... as has been said, squid is a rock-solid program which has been around for a LONG time and is still maintained... that tinyproxy hasn't even received an update in almost two years... squid, when properly configured, can make your 128MB box fly...
either way, since you have completely shut squid out and don't wanna hear about "squid this, squid that" this post is also aimed at people who run into this thread on google, like i did...
BTW, about your content filtering: are you using a policy of default deny (whitelist) or default permit (blacklist)?? cuz if you're whitelisting then you don't even need dansguardian in the first place - and that's the big resource hog in your setup...
as for your iptables rules:
Quote:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8080
|
this should actualy look like this once you have the box running in on the LAN:
Code:
iptables -t nat -A PREROUTING -p TCP -i $LAN_IFACE --dport 80 \
-j REDIRECT --to-ports 8080
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p TCP -i $LAN_IFACE --dport 8080 \
-m state --state NEW -j ACCEPT
just my ...
Last edited by win32sux; 05-06-2006 at 05:58 AM.
|
|
|
05-06-2006, 09:33 AM
|
#25
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
In college, one of my computer science professors said the following in regards to programming..
"You make it WORK...then you make it RIGHT....then your make it FAST"
Using his philosophy on accomplishing THIS task, I have made it "work" with dansguardian and tinyproxy. I need to make it "right" by getting it to work for the whole network.
I am not completely opposed to Squid, I just don't see why I should switch when I have installed dansguardian which I NEED for my "black list" style of filtering AND tinyproxy which installed and worked in a matter of minutes.
I am NOT a networking expert, nor am I a Linux expert. I have been using Linux for about 3 years now and I still consider myself an Advanced Beginner. I do NOT mind RTFM, however sometimes I need more direct help. Unfortunately, all I seem to read about Squid and Dansguardian and "compile them, install them, configure them for your network." I am advanced enough that those first 2 steps I can do in my sleep. It's "configuring it to work with my network." How do I get the 2 programs to communicate with each other? Tinyproxy was a no brainer.
Again, I don't mind switching to Squid, but I may need some more detailed help. Thanks again.
PS I love this forum!
|
|
|
05-06-2006, 10:56 PM
|
#26
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Ok, I have squid installed and I configured the config file for port 3128 and such and it runs. When I attempt to run Dansguardian it either hangs and can't detect the proxy OR it reports an error. Still, if I run tinyproxy and then dansguardian, the filter works.
I've tried looking for help on the net and I haven't found anything newbie friendly. I still need your help.
Thanks
|
|
|
05-07-2006, 08:55 AM
|
#27
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
Quote:
Originally Posted by tubatodd
Ok, I have squid installed and I configured the config file for port 3128 and such and it runs. When I attempt to run Dansguardian it either hangs and can't detect the proxy OR it reports an error. Still, if I run tinyproxy and then dansguardian, the filter works.
I've tried looking for help on the net and I haven't found anything newbie friendly. I still need your help.
Thanks
|
could you post the error that you are getting, as well as your squid.conf??
do it like this so that the commented lines are filtered:
Code:
cat /etc/squid/squid.conf | grep -v ^# | grep -v ^$
|
|
|
05-11-2006, 07:51 AM
|
#28
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Well, I haven't had any time to work on this content filter. Currently, it still works with tinyproxy, I just need to know how I configure the system to work with 2 network cards. I have one card (eth0) to connect directly to the internet and the other (eth1) is to connect the machine to the network. eth0 works great, but I'm not sure how I configure eth1 as a through-put. This problem is REALLY what I need the most help with right now. Thanks
|
|
|
06-09-2006, 10:08 AM
|
#29
|
LQ Newbie
Registered: Feb 2003
Location: Seattle, WA
Posts: 16
Rep:
|
Firewall/Squid
I do believe that Squid is the best way to go for content filtering.
But since you have limited resources on the system, I'm going to
suggest using the firewall homeLANsecurity.
The configuration is quite easy and you can turn on transparent proxying.
This will mean that all http traffic on the LAN is automaticly redirected
to the Squid proxy cache without having to configure each workstation.
Some similar things has been suggested by previous posters.
Anyway, that is my two cents.
|
|
|
06-09-2006, 10:11 AM
|
#30
|
Member
Registered: Jun 2003
Location: Birmingham, Alabama (USA)
Distribution: Slackware
Posts: 351
Original Poster
Rep:
|
Well, I have the filter up and running using tinyproxy and dansguardian. Check out this thread...
http://www.linuxquestions.org/questi...d.php?t=448597
|
|
|
All times are GMT -5. The time now is 10:15 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|