Proxy Support [Solved]

New features which should be implemented in Porteus Kiosk Edition and the kiosk wizard.
jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#16 by jmalon » 26 Mar 2013, 15:17

Currently, by default I guess, only the following are open:

From: /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT

I guess I need to add an entry like this to allow connections on port 3128.
iptables -A OUTPUT -p tcp --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT


Also, when I ran the kiosk wizard, I did not see an option to disable the firewall.

User avatar
Hamza
Warlord
Warlord
Posts: 1846
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Proxy Support

Post#17 by Hamza » 26 Mar 2013, 15:41

Code: Select all

iptables -A OUTPUT -p tcp --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT
Yes, it should looks like this. You can also executes this command in order to disable the firewall manually.

Code: Select all

chmod -x /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall
NjVFQzY2Rg==

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#18 by jmalon » 27 Mar 2013, 15:21

Sorry, I was in a meeting almost the whole day yesterday and didn't get to do much after my previous post. Hopefully, I can make some progress today.

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#19 by jmalon » 27 Mar 2013, 19:00

1. I've added the following line to /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall
iptables -A OUTPUT -p tcp --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT

2. I completely disabled the PKE firewall in:
/tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.M by placing a # in front of the following line: --- Is it okay to do it this way?
[ -x /etc/rc.d/rc.FireWall ] && sh /etc/rc.d/rc.FireWall &

3. I made the necessary changes to the /tmp/custom-kiosk/porteus/base/squashfs-root/home/guest/.mozilla/firefox/c3pp43bg.default/prefs.js file for Firefox to use a proxy server:
user_pref("network.proxy.ftp", "proxy.example.com");
user_pref("network.proxy.ftp_port", 3128);
user_pref("network.proxy.http", "proxy.example.com");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.ssl", "proxy.example.com");
user_pref("network.proxy.ssl_port", 3128);
user_pref("network.proxy.type", 1);

I am still unable to connect to the Internet through our proxy server using the name of the proxy server, i.e. proxy.example.com.

The next things I'm going to try:

1. With the firewall still disabled, use the IP address instead of the name.
2. Try the non-kiosk version of Porteus to see if it works.

Also, I've created a Google Doc with all of this information in it to help someone else in the future. I'll upload or share it when I'm finished with it.
Last edited by jmalon on 27 Mar 2013, 19:35, edited 1 time in total.

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#20 by jmalon » 27 Mar 2013, 19:33

If I boot up the Porteus Standard Edition image (porteus-v2.0-i486.iso) in VirtualBox, login as root, start Firefox and place my proxy server settings in it (Edit > Preferences > Advanced > Network > Settings > Manual proxy configuration ...) I am then able to get to the Internet.

Is there a disconnect somewhere between PSE and PKE in their use of the Firefox proxy settings?

User avatar
Hamza
Warlord
Warlord
Posts: 1846
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Proxy Support

Post#21 by Hamza » 27 Mar 2013, 20:30

Maybe the famous built-in firewall in Firefox that fanthom reported us?

Maybe the Lockdown system has also locked outgoing proxy on certain ports. I am not sure.
NjVFQzY2Rg==

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#22 by jmalon » 27 Mar 2013, 20:43

I've also tried using the IP address for the proxy server instead of the name. Still unable to get to the Internet.

User avatar
Hamza
Warlord
Warlord
Posts: 1846
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Proxy Support

Post#23 by Hamza » 27 Mar 2013, 20:47

What happens if there is no proxy configured?
NjVFQzY2Rg==

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#24 by jmalon » 27 Mar 2013, 20:51

If there is no proxy configured, you can't get to the Internet on our network (without an exception in our pfSense firewall).

User avatar
Hamza
Warlord
Warlord
Posts: 1846
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Proxy Support

Post#25 by Hamza » 27 Mar 2013, 21:06

Had a quick look and it seems to our Lockdown system which is filtering outgoing connections is currently blocking your proxy. Must wait on devs answers.

Just to be sure, can you try with another proxy? Just setup a quick proxy on your host computer and run kiosk in Virtualbox to check if that is working or not.
NjVFQzY2Rg==

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#26 by jmalon » 27 Mar 2013, 21:10

I tried another proxy server and it still doesn't work.

I tried disabling the firewall in PKE using this command and it didn't make a difference.
sudo chmod -x /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall

User avatar
Hamza
Warlord
Warlord
Posts: 1846
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Proxy Support

Post#27 by Hamza » 27 Mar 2013, 21:15

Don't use sudo on Porteus. We're not on Debian-based distribution but on Slackware-based distribution. :)

Can you add

Code: Select all

/etc/rc.d/rc.FireWall stop
into the /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.local file please and give it a try ?
NjVFQzY2Rg==

jmalon
Black ninja
Black ninja
Posts: 78
Joined: 21 Mar 2013, 19:39
Distribution: Linux Mint
Location: Collinsville, OK

Re: Proxy Support

Post#28 by jmalon » 27 Mar 2013, 21:18

I'm doing all of my testing from a Linux Mint box.

I issued the command to prevent the firewall from being able to load when I create the customized ISO file.

User avatar
Hamza
Warlord
Warlord
Posts: 1846
Joined: 28 Dec 2010, 07:41
Distribution: Porteus
Location: France

Re: Proxy Support

Post#29 by Hamza » 27 Mar 2013, 21:24

Ok that must be something inside lockdown system but I am not sure where it can.
NjVFQzY2Rg==

User avatar
fanthom
Site Admin
Site Admin
Posts: 4547
Joined: 28 Dec 2010, 02:42
Distribution: Porteus Kiosk
Location: Poland, currently - Cork, IE
Contact:

Re: Proxy Support

Post#30 by fanthom » 27 Mar 2013, 21:40

If I boot up the Porteus Standard Edition image (porteus-v2.0-i486.iso) in VirtualBox, login as root, start Firefox and place my proxy server settings in it (Edit > Preferences > Advanced > Network > Settings > Manual proxy configuration ...) I am then able to get to the Internet.
very good.
while in vbox, please create tar archive from .mozilla directory and upload to host (could be through gmail) -> remaster 003-settings.xzm from kiosk and replace whole .mozilla directory with one from tarball (with modified proxy settings) -> make sure firewall is disabled -> create new kiosk ISO and try it in vbox.
make sure that /home/guest directory in 003-settings.xzm has 1000:1000 ownership so guest can read/write to it.

if you still wont get internet connection then please upload your custom ISO and i'll have a look on it tomorrow morning.

EDIT:\\
another idea:
use wizard to setup your own firefox password -> disable firewall manually -> launch custom kiosk ISO in vbox -> go to 'about:home' -> click on 'settings' -> type your password -> fill in proxy details and check net connection.
Please add [Solved] to your thread title if the solution was found.

Post Reply