You are not logged in.

Pages: 1

#1 2015-04-05 08:13:59

trapangle
Member
Registered: 2015-04-05
Posts: 3

Parental control firehol+tinyproxy

Hello,

I'm trying to use wiki.archlinux.org/index.php/Parental_Control (Whitelist with Tinyproxy and Firehol) but it's not working as it should.

When I start Firehol, I get this error:

[alain@earth firehol]$ sudo firehol start
FireHOL: Saving your old firewall to a temporary file: OK
FireHOL: Processing file /etc/firehol/firehol.conf: OK
FireHOL: Activating new firewall (59 rules):

--------------------------------------------------------------------------------
ERROR   : # 1.
WHAT    : A runtime command failed to execute (returned error 2).
SOURCE  : line 15 of /etc/firehol/firehol.conf
COMMAND : /usr/bin/ip6tables -t nat -A out_trproxy.1 -d 127.0.0.1 -j RETURN 
OUTPUT  : 

ip6tables v1.4.21: host/network `127.0.0.1' not found
Try `ip6tables -h' or 'ip6tables --help' for more information.

 FAILED


FireHOL: Restoring old firewall: OK

Broadcast message from systemd-journald@earth (Sun 2015-03-15 20:04:35 CET):

FireHOL[25593]: FAILED to activate the firewall from /etc/firehol/firehol.conf. Last good firewall restoration: OK.

I guess the problem comes from IPv6 and 127.0.0.1 and I'd need to replace this IP with ::1, but I can't find in which file Firehol or ip6tables fetches the IP.

This is my /etc/firehol/firehol.conf:

[alain@earth firehol]$ more firehol.conf
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

version 6

# Parental Control - Fwd to TinyProxy
# Added by alain
transparent_proxy "80 443" 8888 "nobody root bin alain"

# Accept all client traffic on any interface
interface any world
   client all accept

Now, Firehol seems to work all right, because user alain doesn't have any restriction and Tinyproxy gets requests for another user, but when this other user tries to go to an allowed URL, the response never comes back (the browser remains in waiting state). When this other user tries to go to a disallowed (not on the white list) URL, he gets a 403 Forbidden as expected. It looks like the problem is in Tinyproxy, but maybe the response needs to come back through Firehol and the error I get when starting Firehol is the reason why it's not working?

Sorry for my bad English, I first asked this question on the French Archlinux forums, but I didn't get any reply...

Offline

Pages: 1

Board footer

Powered by FluxBB