Re: [Server-devel] Transparent proxy
2009/11/28 Henry Vélez Molina henry.lap...@gmail.com: We want to prevent strangers in our network. Ok. Then we need something else I think. The proxy stuff won't help there. Short term options: A - Use WPA with PSK. You can add the password by hand on each XO, or add (again by hand) a networks.cfg file that contains the password. B - Whitelist the prefix of the MAC addresses of the XOs. They all start with the same prefix. Can even do it from the XS firewalling rules (rather than the AP). Mid-term options C - Teach idmgr and Moodle to capture the MAC address for whitelisting + a script that adds the MAC address to a firewall whitelist. cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Proxy auto-configuration
On Mon, Nov 30, 2009 at 09:52, Martin Langhoff martin.langh...@gmail.com wrote: On Sun, Nov 29, 2009 at 12:15 AM, Andrew McMillan and...@morphoss.com wrote: I run WPAD here with Mozilla, and it works well. It will generally be through DNS since that's the more reliable way of finding it, but it does require the browser to make a check for it. Looks like we need some investigation into how to get Browse.xo to do it... :-) then perhaps a post DHCP hook could request the WPAD file, crudely parse it for the real proxy address and stuff that into the Browse.xo configuration. Probably worth trying the right fix before the crude one. If Browse.xo can DTRT with WPAD, a sideeffect will be that it'll work in proxied+WPADded networks. Yes, please don't treat Browse as a black box, it's python and uses mozilla's XPCOM, which for all its faults should make all these customizations very easy. What may need to be done in order of likeness: - configure the XS in the same way as Firefox needs, - tweak some of Browse's configuration ( ~/.sugar/default/org.laptop.WebActivity/data/gecko/prefs.js ), - call some method in a XPCOM component, such as: http://mxr.mozilla.org/mozilla1.9.1/source/netwerk/base/public/nsIProtocolProxyService.idl#220 Regards, Tomeu And if the XS does the conventional WPAD thing, other browsers that know how to do WPAD will be able to connect... m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff -- «Sugar Labs is anyone who participates in improving and using Sugar. What Sugar Labs does is determined by the participants.» - David Farning ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Proxy auto-configuration
On Sat, Nov 28, 2009 at 02:35:17PM +0100, Martin Langhoff wrote: IIRC, Pia had found that if she got dhcpd to serve the PAC file URL (in WPAD-style), then the browser on the XO would DTRT. Now, I cannot recall if she was using Browse.xo or one of the Firefox-on-Sugar incarnations. Interesting, so I'm at least on the right track. Did she do any kind of configuration on the XO? Because I can't see Iceweasel sending out any packet (other than directly to the target host), so it cannot possibly auto-discover anything... :-/ CU Sascha -- http://sascha.silbe.org/ http://www.infra-silbe.de/ signature.asc Description: Digital signature ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Proxy auto-configuration
On Sat, Nov 28, 2009 at 03:41:22PM +0100, Martin Langhoff wrote: - The DHCP payload must contain a url to the PAC file - this is the WPAD protocol, and what Pia was playing with. Sure, but for that the browser must send a DHCP request, which it doesn't seem to do. Or does Fedora contain any support for that in the DHCP client (for Debian, I don't see it)? I did find an old email that indicated that she was using Firefox, not Browse.xo. OK, so it should work with Iceweasel. Either it got disabled (upstream? Debian?) or there was some kind of configuration (dhclient? Firefox?) to enable it... CU Sascha -- http://sascha.silbe.org/ http://www.infra-silbe.de/ signature.asc Description: Digital signature ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Proxy auto-configuration
On Sat, Nov 28, 2009 at 03:47:17PM +, Tomeu Vizoso wrote: OK, so it should work with Iceweasel. Either it got disabled (upstream? Debian?) or there was some kind of configuration (dhclient? Firefox?) to enable it... From these links, looks like Mozilla uses WPAD through DNS (and not DHCP): http://mxr.mozilla.org/mozilla-central/search?string=wpadfind=findi=filter=^[^\0]*%24hitlimit=tree=mozilla-central Thanks, that got me going. Iceweasel needs to be explicitly configured to Auto-detect proxy settings for this network. Default is Use system proxy settings, whatever that means on Linux - the help document only talks about proxy settings configured for you [sic] operating system which might be about everything (environment variables, some Mozilla config in /etc, Gnome settings, KDE settings, ...). I guess there's some Javascript magic I could throw somewhere in /etc to tell Iceweasel to do that by default... CU Sascha -- http://sascha.silbe.org/ http://www.infra-silbe.de/ signature.asc Description: Digital signature ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Fresh install of XS 0.6 -- Moodle is disabled at the moment.
Hi Martin, Thanks for checking in .. I took a break from this for a few days .. Will give it another attempt sometime tomorrow and update. -Ben On Fri, Nov 27, 2009 at 3:34 AM, Martin Langhoff martin.langh...@gmail.comwrote: On Tue, Nov 24, 2009 at 4:17 PM, Martin Langhoff martin.langh...@gmail.com wrote: drwx-- 3 postgres postgres 1024 2009-11-22 13:49 data-8.3 So it exists... and is mounted correctly! What happens if you try to start pgsql-xs service? Does it still complain? With this, and your logs looking normal, I can only think of a timing thing -- PostgreSQL startup might be slow and Moodle is starting right after and not finding it? Bump! Did you retry? Is it working? m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
