Proxy Support [Solved]
Forum rules
Porteus Kiosk section of the forum is unmaintained now. Its kept in a 'read only' mode for archival purposes.
Please use the kiosk contact page for directing your queries: https://porteus-kiosk.org/contact.html
Porteus Kiosk section of the forum is unmaintained now. Its kept in a 'read only' mode for archival purposes.
Please use the kiosk contact page for directing your queries: https://porteus-kiosk.org/contact.html
-
- Black ninja
- Posts: 78
- Joined: 21 Mar 2013, 19:39
- Distribution: Linux Mint
- Location: Collinsville, OK
Re: Proxy Support
Currently, by default I guess, only the following are open:
From: /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
I guess I need to add an entry like this to allow connections on port 3128.
iptables -A OUTPUT -p tcp --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT
Also, when I ran the kiosk wizard, I did not see an option to disable the firewall.
From: /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall
iptables -A OUTPUT -p udp --dport 53 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
I guess I need to add an entry like this to allow connections on port 3128.
iptables -A OUTPUT -p tcp --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT
Also, when I ran the kiosk wizard, I did not see an option to disable the firewall.
Re: Proxy Support
Code: Select all
iptables -A OUTPUT -p tcp --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT
Code: Select all
chmod -x /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall
NjVFQzY2Rg==
-
- Black ninja
- Posts: 78
- Joined: 21 Mar 2013, 19:39
- Distribution: Linux Mint
- Location: Collinsville, OK
Re: Proxy Support
Sorry, I was in a meeting almost the whole day yesterday and didn't get to do much after my previous post. Hopefully, I can make some progress today.
-
- Black ninja
- Posts: 78
- Joined: 21 Mar 2013, 19:39
- Distribution: Linux Mint
- Location: Collinsville, OK
Re: Proxy Support
1. I've added the following line to /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall
iptables -A OUTPUT -p tcp --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT
2. I completely disabled the PKE firewall in:
/tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.M by placing a # in front of the following line: --- Is it okay to do it this way?
[ -x /etc/rc.d/rc.FireWall ] && sh /etc/rc.d/rc.FireWall &
3. I made the necessary changes to the /tmp/custom-kiosk/porteus/base/squashfs-root/home/guest/.mozilla/firefox/c3pp43bg.default/prefs.js file for Firefox to use a proxy server:
user_pref("network.proxy.ftp", "proxy.example.com");
user_pref("network.proxy.ftp_port", 3128);
user_pref("network.proxy.http", "proxy.example.com");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.ssl", "proxy.example.com");
user_pref("network.proxy.ssl_port", 3128);
user_pref("network.proxy.type", 1);
I am still unable to connect to the Internet through our proxy server using the name of the proxy server, i.e. proxy.example.com.
The next things I'm going to try:
1. With the firewall still disabled, use the IP address instead of the name.
2. Try the non-kiosk version of Porteus to see if it works.
Also, I've created a Google Doc with all of this information in it to help someone else in the future. I'll upload or share it when I'm finished with it.
iptables -A OUTPUT -p tcp --dport 3128 -m state --state NEW,ESTABLISHED -j ACCEPT
2. I completely disabled the PKE firewall in:
/tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.M by placing a # in front of the following line: --- Is it okay to do it this way?
[ -x /etc/rc.d/rc.FireWall ] && sh /etc/rc.d/rc.FireWall &
3. I made the necessary changes to the /tmp/custom-kiosk/porteus/base/squashfs-root/home/guest/.mozilla/firefox/c3pp43bg.default/prefs.js file for Firefox to use a proxy server:
user_pref("network.proxy.ftp", "proxy.example.com");
user_pref("network.proxy.ftp_port", 3128);
user_pref("network.proxy.http", "proxy.example.com");
user_pref("network.proxy.http_port", 3128);
user_pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1");
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.ssl", "proxy.example.com");
user_pref("network.proxy.ssl_port", 3128);
user_pref("network.proxy.type", 1);
I am still unable to connect to the Internet through our proxy server using the name of the proxy server, i.e. proxy.example.com.
The next things I'm going to try:
1. With the firewall still disabled, use the IP address instead of the name.
2. Try the non-kiosk version of Porteus to see if it works.
Also, I've created a Google Doc with all of this information in it to help someone else in the future. I'll upload or share it when I'm finished with it.
Last edited by jmalon on 27 Mar 2013, 19:35, edited 1 time in total.
-
- Black ninja
- Posts: 78
- Joined: 21 Mar 2013, 19:39
- Distribution: Linux Mint
- Location: Collinsville, OK
Re: Proxy Support
If I boot up the Porteus Standard Edition image (porteus-v2.0-i486.iso) in VirtualBox, login as root, start Firefox and place my proxy server settings in it (Edit > Preferences > Advanced > Network > Settings > Manual proxy configuration ...) I am then able to get to the Internet.
Is there a disconnect somewhere between PSE and PKE in their use of the Firefox proxy settings?
Is there a disconnect somewhere between PSE and PKE in their use of the Firefox proxy settings?
Re: Proxy Support
Maybe the famous built-in firewall in Firefox that fanthom reported us?
Maybe the Lockdown system has also locked outgoing proxy on certain ports. I am not sure.
Maybe the Lockdown system has also locked outgoing proxy on certain ports. I am not sure.
NjVFQzY2Rg==
-
- Black ninja
- Posts: 78
- Joined: 21 Mar 2013, 19:39
- Distribution: Linux Mint
- Location: Collinsville, OK
Re: Proxy Support
I've also tried using the IP address for the proxy server instead of the name. Still unable to get to the Internet.
-
- Black ninja
- Posts: 78
- Joined: 21 Mar 2013, 19:39
- Distribution: Linux Mint
- Location: Collinsville, OK
Re: Proxy Support
If there is no proxy configured, you can't get to the Internet on our network (without an exception in our pfSense firewall).
Re: Proxy Support
Had a quick look and it seems to our Lockdown system which is filtering outgoing connections is currently blocking your proxy. Must wait on devs answers.
Just to be sure, can you try with another proxy? Just setup a quick proxy on your host computer and run kiosk in Virtualbox to check if that is working or not.
Just to be sure, can you try with another proxy? Just setup a quick proxy on your host computer and run kiosk in Virtualbox to check if that is working or not.
NjVFQzY2Rg==
-
- Black ninja
- Posts: 78
- Joined: 21 Mar 2013, 19:39
- Distribution: Linux Mint
- Location: Collinsville, OK
Re: Proxy Support
I tried another proxy server and it still doesn't work.
I tried disabling the firewall in PKE using this command and it didn't make a difference.
sudo chmod -x /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall
I tried disabling the firewall in PKE using this command and it didn't make a difference.
sudo chmod -x /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.FireWall
Re: Proxy Support
Don't use sudo on Porteus. We're not on Debian-based distribution but on Slackware-based distribution.
Can you add into the /tmp/custom-kiosk/porteus/base/squashfs-root/etc/rc.d/rc.local file please and give it a try ?
Can you add
Code: Select all
/etc/rc.d/rc.FireWall stop
NjVFQzY2Rg==
-
- Black ninja
- Posts: 78
- Joined: 21 Mar 2013, 19:39
- Distribution: Linux Mint
- Location: Collinsville, OK
Re: Proxy Support
I'm doing all of my testing from a Linux Mint box.
I issued the command to prevent the firewall from being able to load when I create the customized ISO file.
I issued the command to prevent the firewall from being able to load when I create the customized ISO file.
Re: Proxy Support
Ok that must be something inside lockdown system but I am not sure where it can.
NjVFQzY2Rg==
- fanthom
- Moderator Team
- Posts: 5667
- Joined: 28 Dec 2010, 02:42
- Distribution: Porteus Kiosk
- Location: Poland
- Contact:
Re: Proxy Support
very good.If I boot up the Porteus Standard Edition image (porteus-v2.0-i486.iso) in VirtualBox, login as root, start Firefox and place my proxy server settings in it (Edit > Preferences > Advanced > Network > Settings > Manual proxy configuration ...) I am then able to get to the Internet.
while in vbox, please create tar archive from .mozilla directory and upload to host (could be through gmail) -> remaster 003-settings.xzm from kiosk and replace whole .mozilla directory with one from tarball (with modified proxy settings) -> make sure firewall is disabled -> create new kiosk ISO and try it in vbox.
make sure that /home/guest directory in 003-settings.xzm has 1000:1000 ownership so guest can read/write to it.
if you still wont get internet connection then please upload your custom ISO and i'll have a look on it tomorrow morning.
EDIT:\\
another idea:
use wizard to setup your own firefox password -> disable firewall manually -> launch custom kiosk ISO in vbox -> go to 'about:home' -> click on 'settings' -> type your password -> fill in proxy details and check net connection.
Please add [Solved] to your thread title if the solution was found.