Showing posts with label smoothwall. Show all posts
Showing posts with label smoothwall. Show all posts

Friday, April 16, 2010

Replace Dansguardian 2.8.0.6 binary for SmoothWall Express 3

To fix the iTunes 9.1/dansguardian bug (at your own risk, though I don't think it should break anything. If it does, you have the dansguardian backup file, right?):

Assuming you have already installed http://smoothwallmods.googlecode.com/files/DGAV-SW3-2.8.0.6-6.4.4.2-i686-b012.tgz in SmoothWall Express 3.0
  1. Back up /usr/sbin/dansguardian
  2. obtain http://www.gwy.org/dansguardian
  3. replace /usr/sbin/dansguardian
  4. chmod +x /usr/sbin/dansguardian
  5. at the minimum, you could dansguardian -q; dansguardian
now the malformed URL issue won't show up and iTunes 9.1 will work with dansguardian 2.8.0.6.

If you want 2.10, you'll have to compile it yourself.
Posted by at No comments:
Labels: , , , ,

Friday, December 18, 2009

Bypass transparent squid proxy smoothwall

vi /etc/rc.d/rc.firewall.up

find #squid
before #squid, use the following (all one line, ie RETURN is after -j on the same line):

/sbin/iptables -t nat -A PREROUTING -i $GREEN_DEV -p tcp --dport 80 -d yourBypassProxyDomainHere.com -j RETURN

save and exit

Run this to restart iptables

/etc/rc.d/rc.netaddress.down; /etc/rc.d/rc.netaddress.up

done.

OK, *I* wasn't done, because I'm using Full Firewall Control addon, which basically negates anything done in rc.firewall.up (the source code for FFC itself says flush iptables before parsing FFC list.)
So, to bypass proxy for specific addresses in smoothwall via Full Firewall Control, ping the [domain to bypass dansguardian] to get the ip, and set it up as GREEN from anywhere, port 80, to RED (ip address of bypass domain) method TCP Allow. Funny, that seems easier than I'd have thought.
Posted by at No comments:
Labels: , , , , ,

Friday, September 18, 2009

Smoothwall/Firewall check for spambot on lan

More or less, this is a placeholder until I get more information.

You have smoothwall or other linux based firewall proxy.
type this
tcpdump -qt port 25
on the proxy server.
ctrl-c to abort
Posted by at No comments:
Labels: , , , , ,

Wednesday, March 25, 2009

Dansguardian schedule an exception during the day.

So, you're using dansguardian and would like to schedule an exception...

I created two scripts:
_start_.sh

cp /etc/dansguardian/exceptionsitenoon.noon /etc/dansguardian/exceptionsitenoon
/usr/sbin/dansguardian -g


_stop_.sh

cp /etc/dansguardian/exceptionsitenoon.normal /etc/dansguardian/exceptionsitenoon
/usr/sbin/dansguardian -g


And added this line in /etc/dansguardian/exceptionsitelist:

.Include </etc/dansguardian/exceptionsitenoon>


Then, crontab -e

min hr * * * /path/to/_start_.sh
min hr * * * /path/to/_stop_.sh


And, of course, made a file /etc/dansguardian/exceptionsitenoon.noon that had a list of the domains I wanted to allow (for my case, at noon) and another /etc/dansguardian/exceptionsitenoon.normal that was empty. The reason I used the .Include option was that I wanted to keep the permanent exceptions separate and manageable from the temporary exceptions -- If not, I'd have to make updates to both "noon" and "normal" lists every time I needed to make a permanent exclusion.
Posted by at No comments:
Labels: , , , ,
Subscribe to: Posts (Atom)

Blog Archive