Friday, May 15, 2009
Filtering with DansGuardian and Squid
Recently I took my server and changed it's functions.
Previously, all it did was handle Web Serving and Email.
Now, well, it does a whole lot more.
Web Serving, Email, Filtering, Proxy, Routing, DNS, DHCP, and a few other things that I really don't understand so well.
Because I mixed all these function together, some things started to not function. Dansguardian was working, but not communicating to Squid. Squid was working, but you could bypass the proxy all together. I had DG set for Filter Groups, but we couldn't get it to accept anyone.
I really want to outline the whole details, and at some point I just might, but for now, I will simply outline the solution...
My network at home is secure. no real chance of getting hacked from the inside, so I used Ident for the auth service. You need to install gidentd on all the machines on the network, but that isn't a problem.
I had to change the settings between DG and Squid. DG had to be located on "localhost" not on "127.0.0.1" or "192.168.xxx.xxx", but DG has to listen on the internal interface "192.168.xxx.xxx".
Squid has to look for DG on "localhost" not on "127.0.0.1" or "192.168.xxx.xxx". And Squid communicates on the external interface "xxx.xxx.xxx.xxx"...
This solved that problem, but then, I could still "direct connect to the internet".
This was solved by blocking port 80 on the internal interface. So, now you use 8080, or nothing.
I know this was quick, but I hope it helps
Previously, all it did was handle Web Serving and Email.
Now, well, it does a whole lot more.
Web Serving, Email, Filtering, Proxy, Routing, DNS, DHCP, and a few other things that I really don't understand so well.
Because I mixed all these function together, some things started to not function. Dansguardian was working, but not communicating to Squid. Squid was working, but you could bypass the proxy all together. I had DG set for Filter Groups, but we couldn't get it to accept anyone.
I really want to outline the whole details, and at some point I just might, but for now, I will simply outline the solution...
My network at home is secure. no real chance of getting hacked from the inside, so I used Ident for the auth service. You need to install gidentd on all the machines on the network, but that isn't a problem.
I had to change the settings between DG and Squid. DG had to be located on "localhost" not on "127.0.0.1" or "192.168.xxx.xxx", but DG has to listen on the internal interface "192.168.xxx.xxx".
Squid has to look for DG on "localhost" not on "127.0.0.1" or "192.168.xxx.xxx". And Squid communicates on the external interface "xxx.xxx.xxx.xxx"...
This solved that problem, but then, I could still "direct connect to the internet".
This was solved by blocking port 80 on the internal interface. So, now you use 8080, or nothing.
I know this was quick, but I hope it helps
Monday, November 10, 2008
Harness the Power of VIM
I love VIM...
I love learning about all the fun things you can do with VIM...
Check this out...
http://vim.wikia.com/wiki/Best_Vim_Tips
Now, you will play with VIM like I do...soon, you too can become a VIM Master!!
;-}
I love learning about all the fun things you can do with VIM...
Check this out...
http://vim.wikia.com/wiki/Best_Vim_Tips
Now, you will play with VIM like I do...soon, you too can become a VIM Master!!
;-}
Tuesday, October 21, 2008
Setting Up a Server
It isn't that I haven't done it before, but I found setting this server up was a little more challenging...
I took my old P4 3.0 ghz machine and installed Ubuntu Server.
This was the easy part.
Congratulations! Its done!
Then I installed Postfix and Dovecot. These are the mail programs to handle the email. They seemed to install easy enough, but there are some missing details...
#1 - you need to install dovecot-imapd
#2 - you need signed keys to make TLS and other security features available
#3 - I had to use 3 different sources for the config files to get all the correct items in place
#4 - Procmail also needs a setting to get your mail to the right directories, you need to create a .procmailrc file in your home directory that contains the path from /var/lib/mail to /home/[user]/Maildir
I installed Squid and Dansguardian. These are a proxy and a filter program to control internet access. Always a good idea when you have kids.
#1 - Follow the how-to tutorials on these
#2 - I still need to edit the iptables to handle a 'dual-home" setup
#4 - for now, I have the firefox lockpref settings on the machines that need it
#5 - I tried setting the auth settings on Squid, but they aren't working
I installed Apache2 - a web server.
#1 - be sure you don't forget a "/" in the config files...I did, took a while to debug, but everything is working fine
I also installed Fail2ban and Mediawiki -
#1 - fail2ban is easy
#2 - Mediawiki, however, has a trick. Once you have it installed, you need to make a sym-link to the Mediawiki directory in your www directory
#3 - after you follow the directions from there (web interface setup of Mediawiki) you have to move the config file to the mediawiki dir **and** you need to change its permissions to www-data not root. That knowledge isn't easy to find.
I still have a few things left to do...
#1 - the IPTables thing (postponed)
#2 - testing the security on the server (done)
#3 - getting Squid and Dansguardian running and tested (done now)
#4 - install and configure Squirrel Mail (sort of done...not quite working yet)
#5 - get https and other secure options enabled and working (done)
Oh, and I set my wife's machine up again, with a mirror RAID, wireless and all without any trouble this time...using Ubuntu...not Fedora...
I took my old P4 3.0 ghz machine and installed Ubuntu Server.
This was the easy part.
Congratulations! Its done!
Then I installed Postfix and Dovecot. These are the mail programs to handle the email. They seemed to install easy enough, but there are some missing details...
#1 - you need to install dovecot-imapd
#2 - you need signed keys to make TLS and other security features available
#3 - I had to use 3 different sources for the config files to get all the correct items in place
#4 - Procmail also needs a setting to get your mail to the right directories, you need to create a .procmailrc file in your home directory that contains the path from /var/lib/mail to /home/[user]/Maildir
I installed Squid and Dansguardian. These are a proxy and a filter program to control internet access. Always a good idea when you have kids.
#1 - Follow the how-to tutorials on these
#2 - I still need to edit the iptables to handle a 'dual-home" setup
#4 - for now, I have the firefox lockpref settings on the machines that need it
#5 - I tried setting the auth settings on Squid, but they aren't working
I installed Apache2 - a web server.
#1 - be sure you don't forget a "/" in the config files...I did, took a while to debug, but everything is working fine
I also installed Fail2ban and Mediawiki -
#1 - fail2ban is easy
#2 - Mediawiki, however, has a trick. Once you have it installed, you need to make a sym-link to the Mediawiki directory in your www directory
#3 - after you follow the directions from there (web interface setup of Mediawiki) you have to move the config file to the mediawiki dir **and** you need to change its permissions to www-data not root. That knowledge isn't easy to find.
I still have a few things left to do...
#1 - the IPTables thing (postponed)
#2 - testing the security on the server (done)
#3 - getting Squid and Dansguardian running and tested (done now)
#4 - install and configure Squirrel Mail (sort of done...not quite working yet)
#5 - get https and other secure options enabled and working (done)
Oh, and I set my wife's machine up again, with a mirror RAID, wireless and all without any trouble this time...using Ubuntu...not Fedora...
Wednesday, September 17, 2008
RAID and MDADM
Well, I know I don't keep this blog to active...I do have lots of information to put in here, but time is something I don't have a lot of...
So, I recently got the bright idea to build a Raid array. I had 3 extra disks and bundled them together in a Raid 5.
This wasn't so bad, and I put all my data on the raid. Then I thought...hay, why not add another drive? So I found another drive (identical to the other 3) and added it in...or TRIED to ad it in.
I lost everything.
So, let me detail the RIGHT way to do things...
1) Once you have a set of disks that you wanna use for a Raid array plug them all into your board and crank up the power.
2) Using GPartEd or some other partition editor, set the drives up with an extended partition, unformatted, and set the RAID flag
3) from the Terminal, type in "sudo mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/sdb5 /dev/sdc5 /dev/sdd5
4) when done, you have to format the array using mkfs.ext3 or mkfs.ext2, or whatever your favorite file system is - you will have no troubles to this point...
5) When you want to get brave and add a disk to your array, you should first add the new drive as a spare: sudo mdadm /dev/md0 --add /dev/sdc1
This should work fine, and it should take a little while as something happens to the drive (mine took a couple hours)
6) When that is all done, you should have a Raid 5 with 3 Active Disks and one Spare: sudo mdadm -D /dev/md0
7) Now, you can GROW your raid array onto the spare: sudo mdadm --grow /dev/md1 --raid-devices=4 --size=max
8) Then, you must resize the file system: sudo resize2fs /dev/md1
I got this to work, but only after following this pattern. Doing it the other way caused everything to go very badly...
So, I recently got the bright idea to build a Raid array. I had 3 extra disks and bundled them together in a Raid 5.
This wasn't so bad, and I put all my data on the raid. Then I thought...hay, why not add another drive? So I found another drive (identical to the other 3) and added it in...or TRIED to ad it in.
I lost everything.
So, let me detail the RIGHT way to do things...
1) Once you have a set of disks that you wanna use for a Raid array plug them all into your board and crank up the power.
2) Using GPartEd or some other partition editor, set the drives up with an extended partition, unformatted, and set the RAID flag
3) from the Terminal, type in "sudo mdadm --create --verbose /dev/md0 --level=5 --raid-devices=3 /dev/sdb5 /dev/sdc5 /dev/sdd5
4) when done, you have to format the array using mkfs.ext3 or mkfs.ext2, or whatever your favorite file system is - you will have no troubles to this point...
5) When you want to get brave and add a disk to your array, you should first add the new drive as a spare: sudo mdadm /dev/md0 --add /dev/sdc1
This should work fine, and it should take a little while as something happens to the drive (mine took a couple hours)
6) When that is all done, you should have a Raid 5 with 3 Active Disks and one Spare: sudo mdadm -D /dev/md0
7) Now, you can GROW your raid array onto the spare: sudo mdadm --grow /dev/md1 --raid-devices=4 --size=max
8) Then, you must resize the file system: sudo resize2fs /dev/md1
I got this to work, but only after following this pattern. Doing it the other way caused everything to go very badly...
Friday, December 01, 2006
Wireless on Linux
I won't say that it is impossible to get wireless cards working on Fedora, I know there are some out there working...
Keep in mind, however, that I am new to this whole Linux thing...I tried for 6 hours to get my NetGear WG511T up and running...it didn't work.
I followed 3 different procedures on line, and worked at it from all 3 different angles for several hours each...
So, I have come to the conclusion that I need a different wireless card, or reinstall Windows XP Pro on my wife's machine.
I tried MadWiFi, NDISWrapper, and AntLinux's solutions. None of them worked.
So...any suggestions?
I will let you know how it ends up...but for now, it looks like I hardwire it for a while.
>>>UPDATE<<<
I have another Wireless Card, the WMP300N from LinkSys. I installed NDISWrapper and it was recognized using the windows drivers. Then I had to get WPA_Supplicant, which installed and gave no issues, but I cannot get it to run.
It seems that, without native drivers, wireless just does not seem to want to run on Linux.
I have been talking to LinkSys, but they are incredibly slow, to see if they can provide any linux drivers, after all, they use linux in their firmware and NAT routers...
I will let you know how it pans out.
Another Update:
Nothing from LinkSys...
Keep in mind, however, that I am new to this whole Linux thing...I tried for 6 hours to get my NetGear WG511T up and running...it didn't work.
I followed 3 different procedures on line, and worked at it from all 3 different angles for several hours each...
So, I have come to the conclusion that I need a different wireless card, or reinstall Windows XP Pro on my wife's machine.
I tried MadWiFi, NDISWrapper, and AntLinux's solutions. None of them worked.
So...any suggestions?
I will let you know how it ends up...but for now, it looks like I hardwire it for a while.
>>>UPDATE<<<
I have another Wireless Card, the WMP300N from LinkSys. I installed NDISWrapper and it was recognized using the windows drivers. Then I had to get WPA_Supplicant, which installed and gave no issues, but I cannot get it to run.
It seems that, without native drivers, wireless just does not seem to want to run on Linux.
I have been talking to LinkSys, but they are incredibly slow, to see if they can provide any linux drivers, after all, they use linux in their firmware and NAT routers...
I will let you know how it pans out.
Another Update:
Nothing from LinkSys...