Re: [Cooker] Latest SNF cooker comments.
Randy Welch wrote: I'll double check tonight, but I looked in the logs and didn't see anything in there. ( the only log I haven't loked in is squid/store.log Ok... blocking by *domain* seems to work, but keyword and url blocking seems not to work. ( This through the banned destination urls sections of the web proxy filtering urls section.) I'd really like keywords to work... I think I know *why* keywords (expressions) don't work quite as expected. squid guard apparently checks only the *first* word in the keyword list provided by a web page. If the *first keyword* matches anything in the expression list then the page is rejected. If the first keyword is not matched then the page is let through even though there might be additional keywords provided that would match the list. For example: using www.linux-mandrake.com/en as an example. configure the expressions file in /usr/share/squidGuard-1.2.0/db/banneddestination/expressions with just (download) restart squid and load the page back up. The page is accepted, even though download is in the expression list. Hmm not good. Now if you change the expresions to (linux) or just add linux to the list and restart squid the page will be rejected, because the first keyword on the page is linux. This looks like a defect if you ask me... -randy
Re: [Cooker] Latest SNF cooker comments.
[EMAIL PROTECTED] (Randy Welch) writes: Hello, 1. httpd is still selected as a default started service. I'm not sure I understand what you're saying here ... 2. You can't login to the admin interface without clearing shorewall first. True enough, the solution is not to start shorewall (in expert mode install) after boot so you can login on the httpd-naat web interface. Then, when the configuration is done, shorewall will be restarted by the backend anyway. 3. Can it get the time settings from system config like it does with the ethernet and other networking configs. Ok, I'll add this today then. 4. Shouldn't it install the caching name server by default since you can configure it? you mean in the require packages ? I'll check that 5. In the network configuration if a network is set to a private net address could it automatically tag that one as LAN and the other interface ( if a 2 interface machine ) set to LAN. I'm not sure this is a good solution. One could have one private IP network for the LAN and one private IP network for the DMZ ... 2. Does any of the filtering in squidGuard work? It doesn't seem to catch anyting on either keyword or url. yes, you should remove the .db files in /usr/share/squidGuard-1.2.0/db/banneddestination/ and restart squid and try if this works for you ... -- Florin http://www.mandrakesoft.com
Re: [Cooker] Latest SNF cooker comments.
[EMAIL PROTECTED] (Marc Lijour) writes: Hi, do you plan to include IPSec and VPN capabilities in the future? yes, by the end of the week ... You may know what's happening there : www.coyotelinux.org it's www.coyotelinux.com I presume ... have a nice day, -- Florin http://www.mandrakesoft.com
Re: [Cooker] Latest SNF cooker comments.
Florin wrote: [EMAIL PROTECTED] (Randy Welch) writes: Hello, 1. httpd is still selected as a default started service. I'm not sure I understand what you're saying here ... Httpd is selected by default to start. Perhaps not a good thing for a firewall. I deselect it. 4. Shouldn't it install the caching name server by default since you can configure it? you mean in the require packages ? I'll check that Yes. 5. In the network configuration if a network is set to a private net address could it automatically tag that one as LAN and the other interface ( if a 2 interface machine ) set to LAN. I'm not sure this is a good solution. One could have one private IP network for the LAN and one private IP network for the DMZ ... Ok. 2. Does any of the filtering in squidGuard work? It doesn't seem to catch anyting on either keyword or url. yes, you should remove the .db files in /usr/share/squidGuard-1.2.0/db/banneddestination/ and restart squid and try if this works for you ... Nope... -randy
Re: [Cooker] Latest SNF cooker comments.
[EMAIL PROTECTED] (Randy Welch) writes: Httpd is selected by default to start. Perhaps not a good thing for a firewall. I deselect it. ok 4. Shouldn't it install the caching name server by default since you can configure it? you mean in the require packages ? I'll check that ok, it's done in the cvs ... 2. Does any of the filtering in squidGuard work? It doesn't seem to catch anyting on either keyword or url. yes, you should remove the .db files in /usr/share/squidGuard-1.2.0/db/banneddestination/ and restart squid and try if this works for you ... Nope... any error messages ? tail -f /var/log/squidGuard/squidGuard.log tail -f /var/log/messages tail -f /var/log/squid/store.log -- Florin http://www.mandrakesoft.com
Re: [Cooker] Latest SNF cooker comments.
Le Mars 11, 2002 06:29 AM, vous avez écrit : [EMAIL PROTECTED] (Marc Lijour) writes: Hi, do you plan to include IPSec and VPN capabilities in the future? yes, by the end of the week ... You may know what's happening there : www.coyotelinux.org it's www.coyotelinux.com I presume ... have a nice day, Thank you, it was very late at night :)
Re: [Cooker] Latest SNF cooker comments.
Where could I find more info about development on SNF? I had a good time with coyote. I may help in something, or just learn a lot :) Marc Le Mars 11, 2002 06:29 AM, vous avez écrit : [EMAIL PROTECTED] (Marc Lijour) writes: Hi, do you plan to include IPSec and VPN capabilities in the future? yes, by the end of the week ... You may know what's happening there : www.coyotelinux.org it's www.coyotelinux.com I presume ... have a nice day,
Re: [Cooker] Latest SNF cooker comments.
2. Does any of the filtering in squidGuard work? It doesn't seem to catch anyting on either keyword or url. yes, you should remove the .db files in /usr/share/squidGuard-1.2.0/db/banneddestination/ and restart squid and try if this works for you ... Nope... any error messages ? tail -f /var/log/squidGuard/squidGuard.log tail -f /var/log/messages tail -f /var/log/squid/store.log I'll double check tonight, but I looked in the logs and didn't see anything in there. ( the only log I haven't loked in is squid/store.log -randy
Re: [Cooker] Latest SNF cooker comments.
I had similar problems on 8.2RC1 and found the following by running
squidGuard on testfiles.
squidGuard -c /etc/squid/squidGuard.conf test.pass
1) The logdir directive
logdir /var/log/squidGuard
wants to create
/var/log/squidGuard/log/squidGuard.log
2002-03-11 15:07:01 [8237] squidGuard: can't write to logfile
/var/log/squidGuard/log/squidGuard.log
When I created that subdirectory squidGuard would log.
2) an empty rewrite section would cause errors. When commented out
#rewrite {}
squidGuard would initialize normally
2002-03-11 15:07:01 [8237] parse error in configfile
/etc/squid/squidGuard.conf line 148
had the empty rewrite
Restarting squid - blocking started to work.
The cgi-scripts generate unsuitable output but the system dows block.
Tons more testing to do before this looks serviceable but I am encouraged.
Jim Tarvid
On Monday 11 March 2002 07:53 pm, you wrote:
2. Does any of the filtering in squidGuard work? It
doesn't seem to catch anyting on either keyword or url.
yes, you should remove the .db files in
/usr/share/squidGuard-1.2.0/db/banneddestination/ and restart squid and
try if this works for you ...
Nope...
any error messages ?
tail -f /var/log/squidGuard/squidGuard.log
tail -f /var/log/messages
tail -f /var/log/squid/store.log
I'll double check tonight, but I looked in the logs and
didn't see anything in there. ( the only log I haven't
loked in is squid/store.log
-randy
Re: [Cooker] Latest SNF cooker comments.
tarvid wrote:
I had similar problems on 8.2RC1 and found the following by running
squidGuard on testfiles.
squidGuard -c /etc/squid/squidGuard.conf test.pass
1) The logdir directive
logdir /var/log/squidGuard
wants to create
/var/log/squidGuard/log/squidGuard.log
2002-03-11 15:07:01 [8237] squidGuard: can't write to logfile
/var/log/squidGuard/log/squidGuard.log
When I created that subdirectory squidGuard would log.
2) an empty rewrite section would cause errors. When commented out
#rewrite {}
squidGuard would initialize normally
2002-03-11 15:07:01 [8237] parse error in configfile
/etc/squid/squidGuard.conf line 148
had the empty rewrite
Restarting squid - blocking started to work.
What's in your test.pass file?
Hmm... I'll have to check on this tonight.
-randy
Re: [Cooker] Latest SNF cooker comments.
On Monday 11 March 2002 08:45 pm, you wrote:
tarvid wrote:
I had similar problems on 8.2RC1 and found the following by running
squidGuard on testfiles.
squidGuard -c /etc/squid/squidGuard.conf test.pass
1) The logdir directive
logdir /var/log/squidGuard
wants to create
/var/log/squidGuard/log/squidGuard.log
2002-03-11 15:07:01 [8237] squidGuard: can't write to logfile
/var/log/squidGuard/log/squidGuard.log
When I created that subdirectory squidGuard would log.
2) an empty rewrite section would cause errors. When commented out
#rewrite {}
squidGuard would initialize normally
2002-03-11 15:07:01 [8237] parse error in configfile
/etc/squid/squidGuard.conf line 148
had the empty rewrite
Restarting squid - blocking started to work.
What's in your test.pass file?
http://www.ls.net/ 206.105.202.3/horace.ls.net - GET
http://mail.ls.net/ 206.105.202.26/corinna.ls.net - GET
I am using the blocklists downloaded from squiguard - the results are
laughable.
Still there is application for commercial use. I am going to look into the
Multnomah list.
Jim Tarvid
Hmm... I'll have to check on this tonight.
-randy
Re: [Cooker] Latest SNF cooker comments.
any error messages ? tail -f /var/log/squidGuard/squidGuard.log tail -f /var/log/messages tail -f /var/log/squid/store.log No error messages of any sort just startup and items being cached -randy
Re: [Cooker] Latest SNF cooker comments.
I'll double check tonight, but I looked in the logs and didn't see anything in there. ( the only log I haven't loked in is squid/store.log Ok... blocking by *domain* seems to work, but keyword and url blocking seems not to work. ( This through the banned destination urls sections of the web proxy filtering urls section.) I'd really like keywords to work... -randy
Re: [Cooker] Latest SNF cooker comments.
Randy Welch wrote: Well I'm further along this time! I've got 2 issues at the moment... 1. It's not allowing connections from inside to the caching DNS server. I can directly contact my ISP's server, but not my internal one. Odd. I'm guessing there is another rule needed? Yes there is another rule needed! there needs to be a rule from lan-fw for port 53 ( I did udp+tcp ) -randy
Re: [Cooker] Latest SNF cooker comments.
Hi, do you plan to include IPSec and VPN capabilities in the future? You may know what's happening there : www.coyotelinux.org marc Le Mars 11, 2002 01:31 AM, vous avez écrit : Well I'm further along this time! Here's some comments and issues. 1. httpd is still selected as a default started service. 2. You can't login to the admin interface without clearing shorewall first. 3. Can it get the time settings from system config like it does with the ethernet and other networking configs. 4. Shouldn't it install the caching name server by default since you can configure it? 5. In the network configuration if a network is set to a private net address could it automatically tag that one as LAN and the other interface ( if a 2 interface machine ) set to LAN. I've got 2 issues at the moment... 1. It's not allowing connections from inside to the caching DNS server. I can directly contact my ISP's server, but not my internal one. Odd. I'm guessing there is another rule needed? 2. Does any of the filtering in squidGuard work? It doesn't seem to catch anyting on either keyword or url. -randy'
Re: [Cooker] Latest SNF cooker comments.
Ok let's add one more item... When adding a rule through the GUI it seems to want to change the source/dest zones away from what the user specifies. I tried adding a rule for NNTP which went from lan - wan. The gui goes off and changes source and destination zones. I finally got it working by changing the rules manually and manually reloading shorewall. -randy
