Profile Details

Toggle Sidebar
Recent updates
  • Nick Howitt
    Nick Howitt replied to a discussion, Proxy Server Issue

    You can hand edit the file if you want - /etc/squid/squid_whitelists.conf

  • Nick Howitt
    Nick Howitt's reply was accepted as an answer

    Re: Proxy Server Issue

    Q1 - Is your WiFI part of a HotLAN. I don't believe that gets filtered by the proxy. Another thought is that you are using a router as a WAP but you have the router working as a router, i.e router WAN connected to ClearOS LAN. In this case, anyone authenticating on the router LAN will authenticate for everyone as all traffic will appear to the proxy to come from a single IP address - the router WAN IP. To get round this you should connect the router LAN to the ClearOS LAN and ignore the router WAN. Remember to turn off the router DHCP and give it an IP on your ClearOS LAN.

    Q2 - Anything you bypass in the proxy, you should also bypass in your browser settings.

    Q3 - How does the Youtube site say you should configure a proxy - but never set up an exception for a domain and a subdomain of the same site.

    This post is crossing with a reply coming in, but I'm posting anyway to see the reply.

  • Nick Howitt
    Nick Howitt replied to a discussion, Proxy Server Issue

    See what I said about authentication exception sites. If you have any overlap with the domains/subdomains, squid may refuse to start.

  • Nick Howitt
    Nick Howitt replied to a discussion, Proxy Server Issue

    Q1 - Is your WiFI part of a HotLAN. I don't believe that gets filtered by the proxy. Another thought is that you are using a router as a WAP but you have the router working as a router, i.e router WAN connected to ClearOS LAN. In this case, anyone authenticating on the router LAN will authenticate for everyone as all traffic will appear to the proxy to come from a single IP address - the router WAN IP. To get round this you should connect the router LAN to the ClearOS LAN and ignore the router WAN. Remember to turn off the router DHCP and give it an IP on your ClearOS LAN.

    Q2 - Anything you bypass in the proxy, you should also bypass in your browser settings.

    Q3 - How does the Youtube site say you should configure a proxy - but never set up an exception for a domain and a subdomain of the same site.

    This post is crossing with a reply coming in, but I'm posting anyway to see the reply.

  • Packages being updated to the Community tonight (20/10/2020)

    Tonight (20/10/20-21/10/20) the following updated packages are being released:


    • none

    * by the package name = the package is also being released to Business at the same time.

    Packages available for testing

    • app-network - Peter now has a build to test. It can be downloaded from Gitlab and installed manually. It should fix the upstream VLAN issue and a few other things. I would really appreciate some testing, even it is to say "no regressions found".

      • Now allows you to set up Wireless and Cellular interfaces. You will also need app-wireless or better, app-wireless-ap to configure a NIC as an access point. Otherwise manual configuration is then needed for WiFi and Cellular devices.
      • Kernel mode PPPoE (much faster and lower resources) becomes an option when configuring PPPoE.
      • Hides irrelevant interfaces from app-network-report such as docker0, veth* and ifb*.
      • Numerous other changes since last 2.6.0


    • app-wireless-ap - Community contribution to enable you to configure Wireless NIC's on your LAN. Includes 802.11ac support. You will also want the beta version of app-network to be able to see your WiFi NIC's in the IP Settings screen. There are bugs here!
    • app-dnsthingy - This is the same update as app-gateway-management but also includes a rebranding from DNSThingy to AdamOne. Update with:
    • app-gateway-management - update with:
    • adamone - this is the underlying package for the above beta versions of app-gateway-management/app-dnsthingy. If you have either of the above beta's installed, you can update with:Please restart GM afterwards.

    Unless detailed otherwise, packages available for testing can be installed with:

    Packages being worked on:

    • Unfortunately, mostly testing for the phone release.
    • app-print-server - this has been broken by an upstream update.
    • basics for app-sia v2. This will slow down app release. This is on pause for the moment waiting for upstream.
    • app-attack-detector to add a button beside each banned IP to you can unban it. This was being worked on by an external contributor. I'll see if I can pick it up.


    Previous updates notice

  • If you're into hacking, have a look at /usr/sbin/syswatch around lines 666 to 669. This is where it takes down and brings back up the interface. You can probably add a:I am not sure where they should appear in the sequence. It is something to play with.

  • Hi Marvin, I appreciate your follow-up. I don't really know syswatch or MultiWAN much so I have to defer to the experts. I think the routines for bringing an interface up (the ifup command) come from upstream but syswatch is ours. I believe you had Peter looking at this and I'll draw your reply to his attention.

  • I suspected printers.conf was OK. That makes it a bit easier. The main thing which needs to change, then is the event that updates the "listen" line, I think. So I'll need to:
    - install it to see what it does!
    - do a check for listen in cups.conf. If it does not exist, copy /etc/cups/cupsd.listen.conf into it and delete /etc/cups/cupsd.listen.conf
    - do a similar check and move for something for /etc/cups/cupsd.listen.conf and /etc/cups/cupsd.location.conf
    - update any events which set parameters in these files. I think "listen" is the only one.
    - update the default cups.conf

    I am somewhat time limited at the moment so I don't know how long it will take. Also, judging by the lack of noise, the app is not too popular!

  • If you do have your DNS server on 192.168.10.99 then you will have to have that set as your DNS server, but note that it clashes with the default PPTP settings. Do you have a WINS server there as well?

    For OpenVPN, have you looked at the app documentation - the sloping book icon at the top right of the screen? It gives you an idea of what the parameters do.

    Is ClearOS in staandalone or gateway mode? Are you using Gateway Management?

  • Deleting your duplicate post......

    I'm not sure why you've changed your subnets in the PPTP VPN. Local and remote IP's should be in the same subnet as your LAN ,but should normally be a subset of it, Normally 80-89 for local and 90-99 for remote, but the IP's are designed to be outside DHCP scope to they won't be double allocated.. However PPTP is best avoided as it is not very secure.

    In OpenVPN, why have you changed so much. Do you really have a DNS and WINS server on 192.168.10.99? In a basic ClearOS set up, they should be set to your ClearOS LAN IP which they are by default. In your additional settings you have everything enabled. What is the purpose of that? When connecting by OpenVPN, what is your local LAN subnet (not the OpenVPN subnet)?