Porteus

Currently, by default I guess, only the following are open:

From: /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT

I guess I need to add an entry like this to allow connections on port 3128.
iptables -A OUTPUT -p tcp --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT


Also, when I ran the kiosk wizard, I did not see an option to disable the firewall.

Yes, it should looks like this. You can also executes this command in order to disable the firewall manually.

Sorry, I was in a meeting almost the whole day yesterday and didn't get to do much after my previous post. Hopefully, I can make some progress today.

1. I've added the following line to /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall
iptables -A OUTPUT -p tcp --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT

2. I completely disabled the PKE firewall in:
/tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.M by placing a # in front of the following line: --- Is it okay to do it this way?
[ -x /etc/rc.d/rc.FireWall ] && sh /etc/rc.d/rc.FireWall &

3. I made the necessary changes to the /tmp/custom-kiosk/porteus/base/squashfs-root/home/guest/.mozilla/firefox/c3pp43bg.default/prefs.js file for Firefox to use a proxy server:
user_pref("network.proxy.ftp", "proxy.example.com");
user_pref("network.proxy.ftp_port", 3128);
user_pref("network.proxy.http", "proxy.example.com");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.ssl", "proxy.example.com");
user_pref("network.proxy.ssl_port", 3128);
user_pref("network.proxy.type", 1);

I am still unable to connect to the Internet through our proxy server using the name of the proxy server, i.e. proxy.example.com.

The next things I'm going to try:

1. With the firewall still disabled, use the IP address instead of the name.
2. Try the non-kiosk version of Porteus to see if it works.

Also, I've created a Google Doc with all of this information in it to help someone else in the future. I'll upload or share it when I'm finished with it.

If I boot up the Porteus Standard Edition image (porteus-v2.0-i486.iso) in VirtualBox, login as root, start Firefox and place my proxy server settings in it (Edit > Preferences > Advanced > Network > Settings > Manual proxy configuration ...) I am then able to get to the Internet.

Is there a disconnect somewhere between PSE and PKE in their use of the Firefox proxy settings?

Maybe the famous built-in firewall in Firefox that fanthom reported us?

Maybe the Lockdown system has also locked outgoing proxy on certain ports. I am not sure.

I've also tried using the IP address for the proxy server instead of the name. Still unable to get to the Internet.

What happens if there is no proxy configured?

If there is no proxy configured, you can't get to the Internet on our network (without an exception in our pfSense firewall).

Had a quick look and it seems to our Lockdown system which is filtering outgoing connections is currently blocking your proxy. Must wait on devs answers.

Just to be sure, can you try with another proxy? Just setup a quick proxy on your host computer and run kiosk in Virtualbox to check if that is working or not.

I tried another proxy server and it still doesn't work.

I tried disabling the firewall in PKE using this command and it didn't make a difference.
sudo chmod -x /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall

Don't use sudo on Porteus. We're not on Debian-based distribution but on Slackware-based distribution.

Can you add into the /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.local file please and give it a try ?

I'm doing all of my testing from a Linux Mint box.

I issued the command to prevent the firewall from being able to load when I create the customized ISO file.

Ok that must be something inside lockdown system but I am not sure where it can.

If I boot up the Porteus Standard Edition image (porteus-v2.0-i486.iso) in VirtualBox, login as root, start Firefox and place my proxy server settings in it (Edit > Preferences > Advanced > Network > Settings > Manual proxy configuration ...) I am then able to get to the Internet.

very good.
while in vbox, please create tar archive from .mozilla directory and upload to host (could be through gmail) -> remaster 003-settings.xzm from kiosk and replace whole .mozilla directory with one from tarball (with modified proxy settings) -> make sure firewall is disabled -> create new kiosk ISO and try it in vbox.
make sure that /home/guest directory in 003-settings.xzm has 1000:1000 ownership so guest can read/write to it.

if you still wont get internet connection then please upload your custom ISO and i'll have a look on it tomorrow morning.

EDIT:\\
another idea:
use wizard to setup your own firefox password -> disable firewall manually -> launch custom kiosk ISO in vbox -> go to 'about:home' -> click on 'settings' -> type your password -> fill in proxy details and check net connection.