This is only tested on a fresh install of efw 2.1.2... System is a 1.3 GHz P3, via chipset, 512megs sdram, red is a Realtek 8139 100Mbps pci card, and green is an Intel PWLA8391GT 1000Mbps pci card. (The Realtek is cheap, and the Intel matches the gig switch. Also, I find using two different brands of nics helps prevent confusion when setting up green and red interfaces)
During these tests, whenever something stopped working or I wanted to make sure I was using default settings, I reinstalled efw from the CD without restoring a backup. I did this many times... I encountered many odd behaviors along the way. Some are explained below. Occasionally, while making the changes in the gui, I found that I couldn't browse the web. But I could ping www.google.com, etc. Using the gui, I had to toggle (uncheck/save then check/save) the Common Settings for the HTTP Proxy: Enabled, Transparent, Content filter, and AntiVirus. Then I could browse again. To install: Install from CD, set green ip address, and the system reboots. I set my PC’s tcp/ip address by hand, browse to the efw gui, and set options for the initial logon screen, (language, time zone, ACCEPT License, etc) and apply the settings. At this point I have to switch the patch cords to connect the red and green nics to the correct ports... For a while I can’t log in – takes about a minute before I can open the gui. When I reach the Home page, the status is yellow. The Connect checkbox is unchecked, and it’s saying Status: Connecting... main. I click the Connect checkbox to enable, and it changes to a red Stopped, Status: Idle screen. I click the Connect checkbox again, and it goes green and starts. I can now browse the web. Once, after a fresh install, I found that if I applied the settings and then waited a while before switching the patch cords, efw would beep and I would get a normal green, Status: Connected: main when I logged in. Continuing, top shows minimal cpu usage. With the gui I enable SSH. I don’t enable any services like DHCP, because they won’t be needed for this project. No changes are needed to be made to the Firewall settings, but I often disable it so it doesn’t prevent me from going to sites during the setup because some ports are blocked. Like any user would do, I open the Proxy>HTTP, and enable the HTTP proxy, Transparent, with antivirus & content filter. I click the Save button. Then I opened Proxy>HTTP>Content Filter and selected every possible option, set the Max. Score for phrases to 50, and click the save button at the bottom of the page. (These settings are just to test and will prevent your users from opening pretty much anything on the web – so don’t leave it this way) But now there’s a problem - I can open porn sites or google up mp3 sites, so dansguardian is not working. I switch back to the HTTP Proxy page, and click the Save and Restart button. Now, dansguardian suddenly starts taking up 99% cpu time for a few minutes. Afterwards, I can’t open a porn site or mp3 sites, but I can open newegg.com. Dansguardian is running. I log into an SSH console and... [EMAIL PROTECTED]:~ # Last login: Sun Oct 5 10:18:49 2008 [EMAIL PROTECTED]:~ # clamd -V ClamAV 0.90.1 [EMAIL PROTECTED]:~ # freshclam ClamAV update process started at Sun Oct 5 13:34:20 2008 Downloading main.cvd [100%] main.cvd updated (version: 48, sigs: 399264, f-level: 35, builder: sven) Downloading daily.cvd [100%] daily.cvd updated (version: 8376, sigs: 37641, f-level: 35, builder: guitar) Database updated (436905 signatures) from db.local.clamav.net (IP: 168.143.19.95) Clamd successfully notified about the update. Another problem - clamd/havp hits 99% cpu time and stays there with no network activity (so not downloading anything). Reboot and clamd is still hitting 99.9%. And dansguardian stops working. [EMAIL PROTECTED]:~ # havp -v Usage: havp [Options] HAVP Version 0.86 .... [EMAIL PROTECTED]:~ # havp -s Could not open config file: /etc/havp/havp.config Exiting... Here, havp is looking for /etc/havp/havp.config but it doesn’t exist. There is a /etc/havp/havp.conf file, so I give it what it wants: [EMAIL PROTECTED]:~ # cp /etc/havp/havp.conf etc/havp/havp.config [EMAIL PROTECTED]:~ # cp /etc/havp/havp.conf.tmpl etc/havp/havp.config.tmpl [EMAIL PROTECTED]:~ #reboot During the boot screen, efw hangs after Starting: squid .[OK], so I type control-c to continue the boot... Now: [EMAIL PROTECTED]:~ # havp -s # Using HAVP config: /etc/havp/havp.config ACCESSLOG=/var/log/havp/access.log ARCAVIRSOCKET=/var/run/arcavird.socket AVASTPORT=5036 AVASTSERVER= AVASTSOCKET=/var/run/avast4/local.sock AVESOCKET=/var/run/aveserver AVGPORT=55555 ...blah blah Seems to be working... Clamd is still eating up 99.9% cpu, but dansguardian is working again. I return to the gui and uncheck the ‘Antivirus enabled’ box on Proxy>HTTP Proxy, and clamd stops. Clamd does not like something about the /usr/share/clamav/main.cvd or daily.cvd files, and I don’t know how to fix this. Setting that aside, I move on: [EMAIL PROTECTED]:~ # spamd [5871] info: rules: meta test DIGEST_MULTIPLE has undefined dependency 'RAZOR2_CHECK' [5871] info: rules: meta test DIGEST_MULTIPLE has undefined dependency 'DCC_CHECK' [5871] info: spamd: server started on port 783/tcp (running version 3.1.8) [5871] info: spamd: server pid: 5871 [5871] info: spamd: server successfully spawned child process, pid 5874 [5871] info: spamd: server successfully spawned child process, pid 5875 [5871] info: prefork: child states: II I’d like to fix those undefined dependency errors, but I won’t go into that here... [EMAIL PROTECTED]:~ # spamd -V SpamAssassin Server version 3.1.8 running on Perl 5.8.5 [4411] error: Can't locate IO/Socket/SSL.pm in @INC (@INC contains: /lib /var/tmp/perl-Mail-SpamAssassin-buildroot/usr/lib/perl5/vendor_perl/5.8.5 /usr/lib/perl5/5.8.5/i386-linux-thread-multi /usr/lib/perl5/5.8.5 /usr/lib/perl5/site_perl/5.8.5/i386- ... blah blah I don’t like that ‘Can't locate IO/Socket/SSL.pm’ error, and it’s an easy fix: (this may not be useful but it makes me feel better) cd /var/tmp/ curl -L -O http://dag.wieers.com/rpm/packages/perl-IO-Socket-SSL/perl-IO-Socket-SSL-1.13-1.el4.rf.noarch.rpm curl -L -O http://dag.wieers.com/rpm/packages/perl-Net-SSLeay/perl-Net-SSLeay-1.32-1.el4.rf.i386.rpm rpm -Uvh perl-Net-SSLeay-1.32-1.el4.rf.i386.rpm rpm -Uvh perl-IO-Socket-SSL-1.13-1.el4.rf.noarch.rpm [EMAIL PROTECTED]:/ # spamd –V SpamAssassin Server version 3.1.9 running on Perl 5.8.5 with SSL support (IO::Socket::SSL 1.13) [EMAIL PROTECTED]:~ # dansguardian -v DansGuardian 2.8.0.6 [EMAIL PROTECTED]:~ # dansguardian -P Google 1.3.1.1 [EMAIL PROTECTED]:~ # dansguardian -s Parent DansGuardian pid:3508 No problems with dansguardian... [EMAIL PROTECTED]:~ # logwatch --print --detail High --archives --range All ################### Logwatch 7.3.1 (09/15/06) #################### Processing Initiated: Sun Oct 5 17:17:51 2008 Date Range Processed: all Detail Level of Output: 10 Type of Output: unformatted Logfiles for Host: efw-firewall.oncology ################################################################## --------------------- clam-update Begin ------------------------ ... blah blah Everything else seems working, so time to upgrade... I decided to upgrade almost everything newer at http://www.stellarcore.net/downloads/efw2-updates/ To see the versions of installed packages: [EMAIL PROTECTED]:~ # rpm -qa perl-Mail* etc. Note: I tried to upgrade dnsmasq but it wouldn't - ended up with both installed, so I don’t do that again: dnsmasq-2.38-2.endian0 dnsmasq-2.45-0.endian0 [EMAIL PROTECTED]:~ # nano upgrade.sh #! /bin/sh # # Only tested on fresh install of efw 2.1.2 # # Make sure the lines in this script dont have line # breaks from email formatting: make sure each curl # command and it's url are on one line. Watch for # errors, correct the errors, and run again. # # I found that using rpm to install from http source # wasnt working, so I d/l them instead... cp /etc/init.d/clamd /etc/init.d/clamd.old cd /var/tmp/ # or use /root/ mkdir update cd update curl -L -O http://www.stellarcore.net/downloads/efw2-updates/clamav-0.94-0.endian5.i386.rpm curl -L -O http://www.stellarcore.net/downloads/efw2-updates/clamav-db-0.94-0.endian5.i386.rpm curl -L -O http://www.stellarcore.net/downloads/efw2-updates/clamav-devel-0.94-0.endian5.i386.rpm curl -L -O http://www.stellarcore.net/downloads/efw2-updates/havp-0.89-1.endian8.i386.rpm curl -L -O http://www.stellarcore.net/downloads/efw2-updates/perl-Mail-Clamav-0.20-1.endian0.i386.rpm curl -L -O http://www.stellarcore.net/downloads/efw2-updates/perl-Mail-Clamav-extras-0.20-1.endian0.i386.rpm curl -L -O http://www.stellarcore.net/downloads/efw2-updates/perl-Mail-SpamAssassin-3.1.9-1.endian4.i386.rpm curl -L -O http://www.stellarcore.net/downloads/efw2-updates/perl-Mail-SpamAssassin-extras-3.1.9-1.endian4.i386.rpm curl -L -O http://www.stellarcore.net/downloads/efw2-updates/logwatch-7.3.6-2.endian4.noarch.rpm curl -L -O http://www.stellarcore.net/downloads/efw2-updates/logwatch-extras-7.3.6-2.endian4.noarch.rpm rpm -Uvh --nodeps *.rpm cp /etc/init.d/clamd.old /etc/init.d/clamd # Can delete the rpms afterwards... #end script----------------------------------------------------------------- [EMAIL PROTECTED]:~# chmod 744 upgrade.sh [EMAIL PROTECTED]:~# ./upgrade.sh .... Preparing... ########################################### [100%] 1:perl-Mail-SpamAssassin-########################################### [ 10%] 2:clamav warning: /etc/clamav/clamd.conf created as /etc/clamav/clamd.conf.rpmnew warning: /etc/clamav/freshclam.conf created as /etc/clamav/freshclam.conf.rpmnew ########################################### [ 20%] 3:clamav-db warning: /usr/share/clamav/daily.cvd created as /usr/share/clamav/daily.cvd.rpmnew ########################################### [ 30%] warning: /usr/share/clamav/main.cvd created as /usr/share/clamav/main.cvd.rpmnew 4:clamav-devel ########################################### [ 40%] 5:havp warning: /etc/havp/havp.config created as /etc/havp/havp.config.rpmnew ########################################### [ 50%] 6:logwatch ########################################### [ 60%] 7:logwatch-extras ########################################### [ 70%] 8:perl-Mail-Clamav ########################################### [ 80%] 9:perl-Mail-Clamav-extras########################################### [ 90%] 10:perl-Mail-SpamAssassin ########################################### [100%] [EMAIL PROTECTED]:~ # clamd ERROR: Parse error at line 24: Unknown option MailMaxRecursion. ERROR: Can't open/parse the config file /etc/clamav/clamd.conf Time to modify /etc/clamav/clamd.conf.tmpl: (thanks Claudio!) #------------------------ LogTime yes LogSyslog yes LogFacility LOG_LOCAL4 LogFileMaxSize 2M AllowSupplementaryGroups yes TemporaryDirectory /tmp LocalSocket /tmp/clamd FixStaleSocket yes TCPAddr 127.0.0.1 TCPSocket 3310 MaxConnectionQueueLength 30 StreamMaxLength 20M MaxThreads 10 SelfCheck 600 User clamav ScanPE yes DetectBrokenExecutables yes ScanOLE2 yes ScanMail yes ScanHTML yes ScanArchive yes #MailMaxRecursion 64 PhishingSignatures yes MaxFileSize ${ARCHIVE_MAXFILESIZE}M MaxRecursion ${ARCHIVE_MAXRECURSION} MaxFiles ${ARCHIVE_MAXFILES} PidFile /var/run/clamav/clamd.pid #if $ARCHIVE_BLOCK_ENCRYPTED == 'on' ArchiveBlockEncrypted True #end if ##--------------------------------------- Then expand the tmpl file(s), and test it all again: [EMAIL PROTECTED]:~ # /usr/local/bin/restart* scripts [EMAIL PROTECTED]:/var/tmp # clamd -V ClamAV 0.94/8377/Sun Oct 5 19:36:23 2008 [EMAIL PROTECTED]:~ # spamd -V SpamAssassin Server version 3.1.9 running on Perl 5.8.5 with SSL support (IO::Socket::SSL 1.13) [EMAIL PROTECTED]:~ # havp -V Usage: havp [Options] HAVP Version 0.89 ... [EMAIL PROTECTED]:~ # dansguardian -v DansGuardian 2.8.0.6 Now, I can enable Proxy>HTTP>antivirus, and clamd no longer pegs 99% cpu time. Top shows not much cpu time is being used. Reboots no longer hang after starting squid. That’s it for today. I’ll be taking this efw out and installing it for a customer in a day or two, and I’ll add any notes if something else doesn’t work. Have fun... -- View this message in context: http://www.nabble.com/How-to-install-efw-2.1.2-and-get-it-working...-tp19837233p19837233.html Sent from the efw-user mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
