WebContentControl

Conflict with Etherpad (http) server

Asked by Francisco Christophersen

Hi Zoidberg, i found a problem when running an Etherpad server (and probably other http servers as well). I can't connect to my own server using http://myfreednsaccount.no-ip.com/ (and neither can other internet users outside my lan), unless I shutdown Firehol. Although i can connect to http://127.0.0.1/ or http://localhost/. I tried adding "server http accept" in firehol.conf (in lan and internet interfaces), but it didn't work.

I also tried deleting this lines:
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "proxy root"
and I was able to connect to http://myfreednsaccount.no-ip.com/ with Firehol on, but as you probably guess that stopped dansguardian filter too!

Is there any way to use web content control and allow access to my web server at the same time?

This is my firehol.conf:
version 5
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "proxy root"

interface eth0 lan
 policy accept

interface pan0 internet
 policy drop
 protection strong
 server http accept
 client all accept

And here is some information about Etherpad server if you are interested:
http://pauleira.com/13/installing-etherpad/
http://lincolnloop.com/blog/2009/dec/18/running-your-own-self-hosted-etherpad-instance/
http://code.google.com/p/etherpad/wiki/Instructions
https://wiki.ubuntu.com/Etherpad

Thanks again for your time and hardwork!

Question information

Language:
English Edit question
Status:
Answered
For:
WebContentControl Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
KIAaze (zohn-joidberg) said : 		#1

Here's what you could try:
1) Turn off firehol
2) Make sure all services you need are running
3) Let firehol generate an example configuration file with:
/etc/init.d/firehol helpme >/tmp/firehol.conf
4) Add the lines:
====
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "proxy root"
====
to /tmp/firehol.conf and copy it into /etc/firehol/firehol.conf
5) Restart firehol and check if it works.

Note: I'm not really sure of where to put the dansguardian/tinyproxy related lines in firehol.conf actually.
But I think the example configuration file generated by firehol can help.

The firehol configuration is still one of the main problems with WCC and I'm not really a pro with firewalls. :/
I'm also afraid other firewall tools like ufw (which now comes by default) might complicate things.

Since you seem to have some experience, you might also want to check the firehol documentation:
http://firehol.sourceforge.net/

Revision history for this message
Francisco Christophersen (mecagoentuspam) said : 		#2

Hi, i tried your suggestion but i had no luck. I even tried with:

iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP
transparent_squid 8080 "proxy root"

interface any world
 policy accept
 server all accept
 client all accept

which should allow any incoming or outgoing connection, but it didn't work either. I think the problem is in the "iptables" and "transparent_squid" lines, because in every test i made, as soon as i remove them everything works just fine.
I'm no firewall pro either, so i guess i'll settle with disabling firehol every time i need to run Etherpad. I need it for group work at med school, but not very often, so that's not so terrible anyway.
Thanks for your answer Zoidberg, and greetings from Argentina!

Can you help with this problem?

Provide an answer of your own, or ask Francisco Christophersen for more information if necessary.

To post a message you must log in.