Thursday, December 3, 2009
Tuesday, September 15, 2009
IPCop with CopPlus Troubleshooting Guide
First off, you want to make sure that you have a backup of your dansguardian configuration files so that the restore part below works. To make a suitable backup:
1. SSH into the box as root (ssh -p 222 root@192.168.1.1)
2. tar -cf dansguardian.tar /etc/dansguardian
What to do if the internet stops working
Make sure it's not a fluke:
1. Log into the IPCop GUI by going to this address:
https://192.168.1.1:445
There will be some dumb security warning, click OK or Yes or whatever you need to be able to view it.
2. Click (System -> Shutdown).
3. You will be prompted for the username and password.
4. Click the Reboot button.
5. Wait 10 minutes (it takes this long to reboot!) and see if the internet is now working. If it is, great! If not, continue on.
Make sure that the Proxy server and Dansguardian are running.
1. Open the IPCop GUI as before.
2. Go to Status->System Status.
3. Make sure there is a green "Running" next to Web Proxy and DansGuardian Content Filter.
4. If they are both "Stopped" and red, start the web proxy up: Services->Proxy make sure the checkboxes next to Enabled on Green and Transparent on Green are checked and click Save.
4.1. See if there is green "Running" next to Web Proxy. If so, use the first procedure again to reboot the IPCop and begin at the top of this current procedure if internet does not start working.
5. If there is a green "Running" next to Web Proxy but not DansGuardian make sure you've waited a full 10 minutes and then proceed with the next sequence of instructions at *.
6. If there is a green "Running" next to both Web Proxy and DansGuardian and you still don't have internet access (or it is intermittent), try to find a misconfigured router plugged into the network with the IP address 192.168.1.1 that is causing an IP conflict.
7. If all else fails, proceed with the following:
Re-install Dansguardian (if the above has not fixed the problem)
1. Uninstall the CopPlus addon (IPCop GUI->Addons->Addons).
Mark CopPlus, click remove.
2. Stop the proxy server (IPCop GUI -> Services -> Proxy)
Uncheck Enabled on Green. Uncheck Transparent on Green. Click Save.
3. Reboot the IPCop (IPCop GUI -> System -> Shutdown -> Reboot
4. Enable the proxy server (IPCop GUI -> Services -> Proxy)
Check Enabled on Green. Check Transparent on Green. Click Save.
5. Verify proxy is running (Status->System Status) and access to internet websites.
6. Download file CopPlus V2.2 b3 at
http://softlayer.dl.sourceforge.net/project/firewalladdons/firewalladdons%20mods/COP%2B/Copplus-2.2-GUI-b3.tar.gz
7. Install CopPlus (Addons->Addons)
Bottom of the page, Upload addon file: Browse to where you downloaded the file and click Upload.
8. Reboot IPCop.
9. ssh into 192.168.1.1 as root (from the kiosk, bring up Accesories->Terminal, type ssh -p 222 root@192.168.1.1) or use putty IP: 192.168.1.1 Port: 222 User: root
10. type the following commands followed by the enter key
cd /
tar -xf ~/dansguardian.tar
logout
11. Restart Dansguardian (Services -> Content Filter) click the Restart button.
12. Check for internet access after 10 minutes (it takes a while for Dansguardian to start)
Some other command-line commands you may find useful:
arping -i eth0 192.168.1.1
cat /var/log/messages | grep dans
sh /etc/rc.d/dansguardian status
sh /etc/rc.d/dansguardian restart
1. SSH into the box as root (ssh -p 222 root@192.168.1.1)
2. tar -cf dansguardian.tar /etc/dansguardian
What to do if the internet stops working
Make sure it's not a fluke:
1. Log into the IPCop GUI by going to this address:
https://192.168.1.1:445
There will be some dumb security warning, click OK or Yes or whatever you need to be able to view it.
2. Click (System -> Shutdown).
3. You will be prompted for the username and password.
4. Click the Reboot button.
5. Wait 10 minutes (it takes this long to reboot!) and see if the internet is now working. If it is, great! If not, continue on.
Make sure that the Proxy server and Dansguardian are running.
1. Open the IPCop GUI as before.
2. Go to Status->System Status.
3. Make sure there is a green "Running" next to Web Proxy and DansGuardian Content Filter.
4. If they are both "Stopped" and red, start the web proxy up: Services->Proxy make sure the checkboxes next to Enabled on Green and Transparent on Green are checked and click Save.
4.1. See if there is green "Running" next to Web Proxy. If so, use the first procedure again to reboot the IPCop and begin at the top of this current procedure if internet does not start working.
5. If there is a green "Running" next to Web Proxy but not DansGuardian make sure you've waited a full 10 minutes and then proceed with the next sequence of instructions at *.
6. If there is a green "Running" next to both Web Proxy and DansGuardian and you still don't have internet access (or it is intermittent), try to find a misconfigured router plugged into the network with the IP address 192.168.1.1 that is causing an IP conflict.
7. If all else fails, proceed with the following:
Re-install Dansguardian (if the above has not fixed the problem)
1. Uninstall the CopPlus addon (IPCop GUI->Addons->Addons).
Mark CopPlus, click remove.
2. Stop the proxy server (IPCop GUI -> Services -> Proxy)
Uncheck Enabled on Green. Uncheck Transparent on Green. Click Save.
3. Reboot the IPCop (IPCop GUI -> System -> Shutdown -> Reboot
4. Enable the proxy server (IPCop GUI -> Services -> Proxy)
Check Enabled on Green. Check Transparent on Green. Click Save.
5. Verify proxy is running (Status->System Status) and access to internet websites.
6. Download file CopPlus V2.2 b3 at
http://softlayer.dl.sourceforge.net/project/firewalladdons/firewalladdons%20mods/COP%2B/Copplus-2.2-GUI-b3.tar.gz
7. Install CopPlus (Addons->Addons)
Bottom of the page, Upload addon file: Browse to where you downloaded the file and click Upload.
8. Reboot IPCop.
9. ssh into 192.168.1.1 as root (from the kiosk, bring up Accesories->Terminal, type ssh -p 222 root@192.168.1.1) or use putty IP: 192.168.1.1 Port: 222 User: root
10. type the following commands followed by the enter key
cd /
tar -xf ~/dansguardian.tar
logout
11. Restart Dansguardian (Services -> Content Filter) click the Restart button.
12. Check for internet access after 10 minutes (it takes a while for Dansguardian to start)
Some other command-line commands you may find useful:
arping -i eth0 192.168.1.1
cat /var/log/messages | grep dans
sh /etc/rc.d/dansguardian status
sh /etc/rc.d/dansguardian restart
Thursday, August 6, 2009
Friday, May 29, 2009
The Story of the Internet
You have a computer, any computer, that has an ethernet port. You connect a straight-through ethernet cable from the ethernet port on the computer to a switch or router. Your network card detects a connection and alerts the operating system. The operating system then instructs your computer to send a packet (a packet is nothing more than an electronic envelope containing electronic information...kinda like a letter in the postal system) that yells out to everyone on the network, "Hey! I'm here! Is there any one named Mr. DHCP out there?" (Mr. DHCP is the DHCP server, DHCP standing for Dynamic Host Client Protocol) The DHCP server running on the network (usually in a home network it is the internet router) sends a packet back saying, "Hello! Welcome to our network! I am Mr. DHCP! What can I do for you?" Your computer responds back with it's network card's God-given name. You see, every network card that is ever built has a programmed name, called the MAC address (Machine Access Control), that is dependent upon manufacturer. It looks something like 00:0C:41:C0:AB:23. As you can tell, that's a really long number. So your network card sends this God-given name to Mr. DHCP and Mr. DHCP responds with the nickname the network card will use on the network from now on, called the IP address (looks like 192.168.0.100). All further packets to and from your network card will be identified using this IP address. Mr. DHCP also responds with the nicknames of the DNS server and the gateway the network is using (along with the network net-mask--more about this in a bit). In a home network, the router actually also serves as the DNS server and the gateway, so these would be something like 192.168.0.1. So your computer now knows who the important guys are on the network: the gateway, the DNS server, and the DHCP server. These three guys control all of the information that your computer needs to access the internet.
Say you want to access a website. You type in to your computer browser, "http://www.google.com". Your computer, behind the scenes, contacts Mr. DNS server in a packet and says, "Hey, I need the IP address for www.google.com", and Mr. DNS responds in a packet with, "His nickname on the internet is 74.125.95.99". Now, your computer needs to talk to 74.125.95.99. Your computer knows that he's not on the local network, because the net-mask defines who is in the local network and who isn't. That is, the net-mask provides all the possible nicknames of guys who live inside the firewall. For example, if the net-mask is 255.255.255.0 and your computer has the IP address of 192.168.0.100, then the only computers that could possibly be behind the firewall with you have the nicknames 192.168.0.101-192.168.0.254. If the net-mask is 255.255.0.0, then the local computers also behind the firewall have only the nicknames 192.168.0.1 - 192.168.254.254. (254 is the highest number possible between the . .'s) So if your computer needs to talk to anyone having nicknames within that range, he can just talk with them. However, if the nickname of the computer that he needs to talk to is not in this range (such as www.google.com's nickname), he has to make a long-distance phone call using Mr. Gateway.
Mr. Gateway is very important. He makes sure all traffic able to get into the LAN was asked for. He doesn't allow packets from just anyone to make it in to the LAN. He is essentially the bouncer for the local area network. Mr. Gateway actually has two nicknames: he has one that he uses to talk with the guys on the LAN, and he has one that he uses to talk with the guys on the internet (or WAN). He can pass along messages from either side. Usually, he always passes information from the LAN to the WAN (so he always communicates on behalf of someone on the LAN if someone on the LAN wants packets to go out to someone on the internet). He will only pass packets from the internet into the LAN if those packets were asked for by someone on the LAN sending out a request. When you set a port forward on your router, you are actually telling Mr. Gateway to pass all packets coming in on port 22 to your server to deal with, instead of refusing them. Oh! ports! Ok, so ports are like multiple sorting bins for network traffic. Ports are used to distinguish packets used for different purposes. For example, port 80 is the standard HTTP port. All packets that are used for the HTTP (Hyper Text Transfer Protocol) are usually sent and received on port 80. Port 22 is SSH, port 23 is FTP. And that's about all I actually know off the top of my head. Now, these days, port numbers are not used as strictly as they once were. But they are still used in starting connections between clients and servers. When a packet arrives on port 80, though, your computer doesn't have to sit there an figure out, "ok, what kind of packet is this and where does it go?" It knows it is HTTP going to a browser. It simplifies things a little.
So! Back to trying to visit "http://www.google.com"! Your computer would send a packet containing a HTTP request on port 80 to the gateway with instructions to forward it on to 74.125.95.99. When the server 74.125.95.99 responds, your gateway knows it is for your computer and sends the response to you at 192.168.0.100. The server at google only ever sees your gateway. It does not know what your MAC address is of your actual computer. It provides some anonymity.
There is a lot more about routing and your actual router and ISP and such, but this is a good start toward understanding networking.
I hope all this makes sense! If not, ask me some questions and I'll hopefully be able to clarify them!
Say you want to access a website. You type in to your computer browser, "http://www.google.com". Your computer, behind the scenes, contacts Mr. DNS server in a packet and says, "Hey, I need the IP address for www.google.com", and Mr. DNS responds in a packet with, "His nickname on the internet is 74.125.95.99". Now, your computer needs to talk to 74.125.95.99. Your computer knows that he's not on the local network, because the net-mask defines who is in the local network and who isn't. That is, the net-mask provides all the possible nicknames of guys who live inside the firewall. For example, if the net-mask is 255.255.255.0 and your computer has the IP address of 192.168.0.100, then the only computers that could possibly be behind the firewall with you have the nicknames 192.168.0.101-192.168.0.254. If the net-mask is 255.255.0.0, then the local computers also behind the firewall have only the nicknames 192.168.0.1 - 192.168.254.254. (254 is the highest number possible between the . .'s) So if your computer needs to talk to anyone having nicknames within that range, he can just talk with them. However, if the nickname of the computer that he needs to talk to is not in this range (such as www.google.com's nickname), he has to make a long-distance phone call using Mr. Gateway.
Mr. Gateway is very important. He makes sure all traffic able to get into the LAN was asked for. He doesn't allow packets from just anyone to make it in to the LAN. He is essentially the bouncer for the local area network. Mr. Gateway actually has two nicknames: he has one that he uses to talk with the guys on the LAN, and he has one that he uses to talk with the guys on the internet (or WAN). He can pass along messages from either side. Usually, he always passes information from the LAN to the WAN (so he always communicates on behalf of someone on the LAN if someone on the LAN wants packets to go out to someone on the internet). He will only pass packets from the internet into the LAN if those packets were asked for by someone on the LAN sending out a request. When you set a port forward on your router, you are actually telling Mr. Gateway to pass all packets coming in on port 22 to your server to deal with, instead of refusing them. Oh! ports! Ok, so ports are like multiple sorting bins for network traffic. Ports are used to distinguish packets used for different purposes. For example, port 80 is the standard HTTP port. All packets that are used for the HTTP (Hyper Text Transfer Protocol) are usually sent and received on port 80. Port 22 is SSH, port 23 is FTP. And that's about all I actually know off the top of my head. Now, these days, port numbers are not used as strictly as they once were. But they are still used in starting connections between clients and servers. When a packet arrives on port 80, though, your computer doesn't have to sit there an figure out, "ok, what kind of packet is this and where does it go?" It knows it is HTTP going to a browser. It simplifies things a little.
So! Back to trying to visit "http://www.google.com"! Your computer would send a packet containing a HTTP request on port 80 to the gateway with instructions to forward it on to 74.125.95.99. When the server 74.125.95.99 responds, your gateway knows it is for your computer and sends the response to you at 192.168.0.100. The server at google only ever sees your gateway. It does not know what your MAC address is of your actual computer. It provides some anonymity.
There is a lot more about routing and your actual router and ISP and such, but this is a good start toward understanding networking.
I hope all this makes sense! If not, ask me some questions and I'll hopefully be able to clarify them!
Thursday, May 28, 2009
Friday, April 24, 2009
Wednesday, April 8, 2009
Story
My "big" addiction began in 8th grade. I was fat, as I may have told you earlier, and I wasn't very popular. But I did love technology. My family had recently gotten a Gateway 2000 computer along with dial-up internet access. Boy was that great! I learned so much about computers and the internet. But as I got bored (Google wasn't around then), I went to Altavista and started to search for images of sex. You see, my dad didn't exactly do a good job with "sex-ed", as he always just said, "If you have any questions just ask." Well, how is a 14-year-old boy supposed to be able to formulate questions then have the gumption to go and actually ask them? So I found my answers on the internet and go addicted to pornography. The "hard core" stuff. And so began a 4 1/2 year addiction to images, fake and emotionally empty. Hmm, I think in a way, both of us had (and have!) a desire to be liked and wanted in a group, even if that group is two people. I sought fulfillment of that in a fantasy world of images, while you actually did hang out with people. Perhaps what is most important about this desire is how we act when we are alone- or at least feel that way. Perhaps true wisdom is very rarely seen, as it plays itself out in decisions made in a feeling of emptiness or disconnection. For when such strong feelings arise, it is easy to find the "quick fix" that we already know in our minds will always let us down. So wisdom in that moment, fleeting as it is, displays itself invisibly in the conscious choice to reject the lie of the "quick fix" and to find real companionship and hope (and I'm not talking about the kind of hope most people refer to, or know of for that matter).
Wednesday, March 25, 2009
Monday, March 9, 2009
Thursday, March 5, 2009
Thursday, February 26, 2009
Thursday, February 19, 2009
Subscribe to:
Posts (Atom)