Koozali.org: home of the SME Server
Obsolete Releases => SME 7.x Contribs => Topic started by: kevinb on May 21, 2009, 09:16:50 PM
-
Has anyone else had this issue?
When we yum update smeserver-dansguardian to 2.9-6 we can no longer access any https pages on the server or the internet from our internal network.
Removing portblocking "config delprop dansguardian portblocking" fixes that
problem but allows danguradian to be bypassed.
I opened a bug http://bugs.contribs.org/show_bug.cgi?id=5271 (http://bugs.contribs.org/show_bug.cgi?id=5271).
Thank you in advance for your help.
Kevin
-
That is problem with new smeserver-dansguardian-2.9-block443.patch !
Edit template /etc/e-smith/templates/etc/rc.d/init.d/masq/90local_chk40networks, and remowe 2 lines /sbin/iptables -A \$NEW_local_chk -s \$network -p tcp --destination-port 443 -j DROP
/sbin/iptables -A \$NEW_local_chk -d \$network -p tcp --destination-port 443 -j DROP.
Then expand template and restart dansguardian.
-
That is problem with new smeserver-dansguardian-2.9-block443.patch !
Edit template /etc/e-smith/templates/etc/rc.d/init.d/masq/90local_chk40networks, and remowe 2 lines /sbin/iptables -A \$NEW_local_chk -s \$network -p tcp --destination-port 443 -j DROP
/sbin/iptables -A \$NEW_local_chk -d \$network -p tcp --destination-port 443 -j DROP.
Then expand template and restart dansguardian.
vpurger, please don't give such a suggestion.. this is the wrong way.
you should copy /etc/e-smith/templates/etc/rc.d/init.d/masq/90local_chk40networks gragment to /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/ dir (create it if it doesn't exist), then edit the fragment and expand the template
you should also post this (corrected) suggestion in bugzilla (http://bugs.contribs.org/show_bug.cgi?id=5271)
finally, as you are a new member of the community, please take some time to read the documentation.
thank you
ciao
Stefano
-
Sorry Stefano, I just wanted help to Kevin. I have had the same problem two days ago.
This is actually returning to the version smeserver-dansguardian-2.9-5., and i could not suggest anything else, because i do not know the reason for changes.
* Wed Apr 30 2009 Stephen Noble <support@dungog.net> 2.9-6
- portblocking now blocks 443 as well as 3128
-
Thanks for the feedback!
I am pursuing this through the bug tracker.
Since port 443 is not blocked I think it would be good to add some instructions to the wiki explaining how to setup Dansguardian so that port 443 is redirected and usable. This is beyond my skill set at the moment (all though I am improving).
Kevin
-
I updated the BZ that caused this new any properly unwanted behavior. http://bugs.contribs.org/show_bug.cgi?id=4820
-
hi,
any update on this? It seems the work around seems to defeat the purpose of easy use of dansguardian.
And what is the work around for this. as for the momment we cannot access mail.yahoo.com and gmail.com?
thanks
-
mazkot
Just revert to the previous version of smeserver-dansguardian
something like this should do it
rpm -Uvh -f smeserver-dansguardian-oldversionnumber.rpm
Another suggestion, don't have the smecontribs repo enabled by default, and then your add on contribs will not automatically get upgraded when a normal system upgrade is done.
That prevents any unexpected surprises with apps being upgraded and behaving differently.
You can manually upgrade add on contribs one by one when and as necessary with
yum upgrade packagename --enablerepo=smecontribs