How to Allow LAN access
I just realized that WebContentControl was blocking my access to my home network shared drives. When it is disabled I have access and when enabled I don't. I thought I had screwed something else up and totally reinstalled Ubuntu 8.10.
How do I allow access to any shared drive within my home LAN?
Thanks
Question information
- Language:
- English Edit question
- Status:
- Answered
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Revision history for this message
|
#1 |
This may be caused by the firewall.
Try disabling FireHol only by clicking on the FireHol on/off button to see if it works.
Revision history for this message
|
#2 |
Yes, i did discover Firehol blocked it. when Firehol is disabled it worked. Is it possible to configure Firhol to allow it and still be active?
Revision history for this message
|
#3 |
Yes, but I can't tell you exactly how.
Normally, your firehol.conf should contain something like this:
=======
version 5
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner
! --uid-owner dansguardian -j DROP
transparent_squid 8080 "proxy root"
# Accept all client traffic on any interface
interface any world
policy drop
protection strong
client all accept
server cups accept
=======
Try removing the line "policy drop".
If that doesn't work, try removing the line "protection strong".
The file to edit is /etc/firehol/
You should be able to access it in the advanced settings tab by
clicking on "open main configuration files".
Make sure you save it and restart firehol for each test.
P.S: Merry Christmas! :)
On Wed, Dec 24, 2008 at 2:17 PM, Scott
<email address hidden> wrote:
> Question #55187 on WebContentControl changed:
> https:/
>
> Status: Answered => Open
>
> Scott is still having a problem:
> Yes, i did discover Firehol blocked it. when Firehol is disabled it
> worked. Is it possible to configure Firhol to allow it and still be
> active?
>
> --
> You received this question notification because you are a direct
> subscriber of the question.
>
--
Unlock your computing: http://
Revision history for this message
|
#4 |
Hi, my firehol.conf looked exactly as you wrote. So I added a # in front of policy drop, restarted, nothing. did the same to protection strong, restarted, nothing, so I deleted both lines, one at a time and restarted in between, no change.
It is certainly Firehol since when it is off I get access.
I tried reading the help files but they are complicated. Will try to reread but any help is appreciated. I do know my networked drive IP address if I can simply "allow" that IP address somehow instead of disabling other settings like policy drop or protection strong.
Thanks and Merry Christmas to you too!
Revision history for this message
|
#5 |
I am having a similar problem. I cannot access the Internet when firehol is activated. When it is deactivated, the Internet works but blocking does not work.
I tried your suggestions with firehol.conf with no affect.
Any other suggestions?
Nathan
Revision history for this message
|
#6 |
Temporary solution:
Lock the firefox proxy settings and stop firehol from running at startup (Advanced settings tab).
Note: I'll make a quick temporary release right now to make sure those functions are available. ;)
How do you connect to the internet?
Are all the pages blocked or do you get a normal connection error message?
Can you post the output of /var/log/
Have you tried removing all lines in firehol.conf except the following:
==========
version 5
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner
! --uid-owner dansguardian -j DROP
transparent_squid 8080 "proxy root"
==========
If you have some experience, you can try debugging firehol/iptables by adding lines like this in firehol.conf:
==========
iptables -I INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner proxy --dport 80 -j LOG --log-prefix "[PORT 80]" --log-uid --log-tcp-sequence --log-tcp-options --log-ip-options
iptables -t nat -A OUTPUT -p tcp -m owner ! --uid-owner proxy --dport 80 -j DROP
==========
The "-j LOG ..." part logs all matching packets in the "kernel ring buffer".
You can then view them by running "dmesg".
You can use --log-prefix "foobar" in the iptables line to filter the dmesg output with grep:
dmesg | grep foobar
Here is some more info about iptables usage and debugging:
https:/
Revision history for this message
|
#7 |
New release made as promised. (but still no firehol GUI config)
Revision history for this message
|
#8 |
Hi zoidberg,
I can access the Internet without any odd affects, only the pages I want to block are blocked. I only have problems accessing my WAN shared Windows drives.
I tried removing all lines in firehol.conf except those you suggested above without any change.
I read your other debugging suggestions but I do not understand enough to try any of them, I pretty new to Ubuntu.
I did set Firehol to default off when booted for now, so I will hope to find another solution until then so I can re-enable it.
Thanks
Revision history for this message
|
#9 |
Concerning your WAN shared windows drives, the problem may be related to ufw being installed by default since Hardy.
Please refer to what I posted here: https:/
I don't access my PC remotely, nor do I have shared drives over a LAN, so those problems are kind of hard for me to debug. :(
Revision history for this message
|
#10 |
Adding this at the end of firehol.conf might also help with network service problems:
============
servers="samba imap pop3 lpd portmap vncwebserver vnc "
for i in $servers;
do server $i accept
done
============
Thanks to Ricardo Guimarães for this.
I'll try adding this to webcontentcontrol as soon as I can.
Revision history for this message
|
#11 |
I have tried this command :
============
servers="samba imap pop3 lpd portmap vncwebserver vnc "
for i in $servers;
do server $i accept
done
============
I can't access the share printer... how to fix it??
thanks...
Revision history for this message
|
#12 |
Could you give me some details about your shared printer setup?
Especially which protocol is used?
Here is a list of the protocols supported by FireHol: http://
Do add a protocol, just add a line like this to firehol.conf:
server PROTOCOL accept
A simple thing to try first would be:
server all accept
Of course this would completely open the firewall, so it's not the best solution IMO.
Don't forget to restart FireHol after each change to firehol.conf!
Revision history for this message
|
#13 |
If you know which interface is used to access the LAN and which one to access the internet, you can do even better.
If eth0 is used for the LAN for example, you can use:
==========
interface eth0 home
server dns accept
server ftp accept
server samba accept
server squid accept
server dhcp accept
server http accept
server ssh accept
server icmp accept
==========
or more general:
==========
interface eth0 home
server all accept
==========
cf: http://
Revision history for this message
|
#14 |
You can also just try replacing "policy drop" by "policy accept", i.e. make firehol.conf look like this:
=======
version 5
iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner
! --uid-owner dansguardian -j DROP
transparent_squid 8080 "proxy root"
# Accept all client traffic on any interface
interface any world
policy accept
protection strong
client all accept
server cups accept
=======
I can't test any of this unfortunately, but if you get it working, please let me know how. :)
The firehol documentation should help you: http://
Revision history for this message
|
#15 |
Done,,
I have replaced "policy drop" to"policy accept".
I just want to block web contents, not samba or printer share..
Thanks
Revision history for this message
|
#16 |
Hi Zoidberg,
in my bannedsitelist, I tried to use time limiting syntax : #time: 8 30 16 30 01234.
its mean 8.30 am to 4.30 pm, Monday to Friday.
what if I want to open the access at 1pm to 2pm , before 1pm (8.30am - 1.00pm) and after 2pm (2pm - 4.30pm), access blocked again??
I have tried :
#time: 8 30 13 00 01234
#time: 14 00 16 30 01234
but its not working...
thanks.
Revision history for this message
|
#17 |
Fixed,,
I have changed the exceptionsitelist..
thanks..
Revision history for this message
|
#18 |
And how did you fix it?
I usually use this method for time control:
https:/
But using the one implemented in DG is a good solution too of course. :)
Revision history for this message
|
#19 |
this is the commands on bannedsitelist:
=============
#time: 8 30 16 30 01234
badboys.com
=============
and I put this command on exceptionsitelist :
=============
#time: 12 0 13 0 01234
badboys.com
=============
I cannot open the badboys.com on office hour but I can open it on lunch time..
thanks
Can you help with this problem?
Provide an answer of your own, or ask Scott for more information if necessary.