Porteus

Which method would you suggest for utilizing our DansGuardian proxy server in PKE? Modify the Mozilla preference file or use a global setting in something like /etc/profile? Thank you for your help.

When running the kiosk wizard, I see that /tmp/kiosk-creator/003/usr/lib/firefox-19.0.2/defaults/pref/pklock-settings.js is created. Can I add the following lines to pklock-settings.js to utilize the proxy server in Firefox?

user_pref("network.proxy.http", "proxy.example.com");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.ssl", "proxy.example.com");
user_pref("network.proxy.ssl_port", 3128);


Update Slackware Behind A Proxy
http://www.unixmen.com/update-slackewar ... d-a-proxy/


And then run /tmp/custom-kiosk/porteus/make_iso.sh to create the new ISO.

I think I'm a bit closer to getting this figured out using this post:

Firefox Add ons?
http://forum.porteus.org/viewtopic.php?f=102&t=1741

1. I've unsquashed the 003-settings.xzm file using unsquashfs 003-settings.xzm.
2. I've edited the /tmp/custom-kiosk/porteus/base/squashfs-root/home/guest/.mozilla/firefox/c3pp43bg.default/prefs.js file to add the proxy settings:

user_pref("network.proxy.ftp", "proxy.example.com");
user_pref("network.proxy.ftp_port", 3128);
user_pref("network.proxy.http", "proxy.example.com");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.ssl", "proxy.example.com");
user_pref("network.proxy.ssl_port", 3128);
user_pref("network.proxy.type", 1);

3. From within /tmp/custom-kiosk/porteus/base I've run sudo mksquashfs squashfs-root 003-settings.xzm -b 256K -Xbcj x86 -noappend to squash the file.

Problem: I'm receiving the message "mksquashfs: Unrecognised compressor option -Xbcj
mksquashfs: Did you forget to specify -comp, or specify it after the compressor specific option?"

I'm using Linux Mint 13 (maya) with kernel 3.2.0-39-generic.

Can I add the following lines to pklock-settings.js to utilize the proxy server in Firefox?

afaik this file should be encrypted by the wizard (brokenman implemented this feature so he will know better)

I've unsquashed the 003-settings.xzm file using unsquashfs 003-settings.xzm.

glad to see that you are learning fast
003-settings.xzm is crucial as whole /home/guest directory gets deleted after each firefox restart (to make sure we start clean) and essential files are unpacked from 003-settings.xzm. please have a look on /etc/xdg/openbox/autostart and you'll know everything.

Problem: I'm receiving the message "mksquashfs: Unrecognised compressor option -Xbcj

you can safely skip '-Xbcj x86' arguments. the only downside is that your module will be a bit bigger and slower to decompress.

btw: you could ask Mint devs to recompile kernel with: which will produce smaller and faster (for decompression) xz archives.

btw2: i believe that brokenman has proxy support on his TODO list. not sure when it'll be implemented so feel free to experiment with kiosk in the mean time

I tried it without -Xbcj x86. It squashed without any errors. I built the ISO, but the proxy settings don't seem to have taken effect. I'll keep working on it.

Thank you for your help!

I tried again after rebooting to clear out /tmp. I get the same result. I'm pretty sure I'm doing the steps correctly. Perhaps PKE doesn't recognize proxy.example.com, so I should use the IP address instead. I'll give it a try and post what I find.

I repeated the process using the IP address instead of proxy.example.com and have the same issue. Seems like it should work, but it doesn't. I'll keep working on it.

maybe firewall is blocking your proxy port?
please have a look at /etc/rc.d/rc.FireWall from 003-settings.xzm which ports are allowed.

btw: you can disable firewall completely through the wizard or manually be taking off exec bit from rc.FireWall script.

I've also tried adding proxy="http://xxx.xxx.xxx.xxx:3128" to the end of the append line in isolinux.cfg in /tmp/custom-kiosk/boot/isolinux and rebuilding the ISO file. Still no luck.

Just tried http_proxy="http://xxx.xxx.xxx.xxx:3128" too. No change.

You can add these settings to prefs.js and they should work. The lockdown file overrides anything in the pref.js file but there is nothing in there that would affect proxies. You can't add anything to the lockdown file as it is encrypted during the wizard process. Seeing port 3128 i agree with fanthom, probably the firewall.

Port 3128 is a proxy port used by Squid. An authentication is certainly needed.

Our pfSense firewall makes all our IP addresses (a few exceptions) go through the proxy server to filter "bad" sites. We don't use authentication on our proxy servers. These are the same settings I use on our Windows PCs and my Linux Mint box to get to the Internet through our proxy servers. Our proxy servers are DansGuardian and Squid3 on Ubuntu servers.

The settings below are ones that I took from my Linux Mint Firefox settings (prefs.js) that are working.

user_pref("network.proxy.ftp", "xxx.xxx.org");
user_pref("network.proxy.ftp_port", 3128);
user_pref("network.proxy.http", "xxx.xxx.org");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.socks", "xxx.xxx.org");
user_pref("network.proxy.socks_port", 3128);
user_pref("network.proxy.ssl", "xxx.xxx.org");
user_pref("network.proxy.ssl_port", 3128);
user_pref("network.proxy.type", 1);

Can you put these settings on a standard firefox running on a standard Porteus ISO and tell us if that works or not?

Will do. I'll try to do it first thing tomorrow. Have to get home to the wife and kids.

Thank you all again for your help on this!!!

@guys
Kiosk has internal firewall builtin so unless disabled wont let you connect to port 3128.
please read my previous post once again how to do it.

Sorry, I completely missed the firewall post. I'll try that today too.