2019-09-07 - Re: Non HTTPS sites are not working

Header Data

From: SK NZ <sa***m@gmail.com>
Message Hash: 41e562b73e15e645c8f15af07750c281954fc7598e77694d62db045e82a9346c
Message ID: <e7a2cfbb-1877-4acd-8f77-9c7713cd1633@grasehotspot.org>
Reply To: <f4015448-f6ad-4fd0-a106-11040500cbfa@grasehotspot.org>
UTC Datetime: 2019-09-07 21:58:50 UTC
Raw Date: Sat, 07 Sep 2019 21:58:50 -0700

Raw message

Hello,
That editing service file solution doesn't work for me. So I solved it 
using crontab.

sudo crontab -e
> @reboot sleep 60 && /etc/init.d/dnsmasq restart



Thanks for helping me out. :) 




On Sunday, September 8, 2019 at 10:40:14 AM UTC+6, christopher wrote:
>
> Hello,
>
> I am glad that you managed to get it working.  I was just going through 
> logical steps in a process of elimination.
>
> For dnsmasq, I found the following, that even though the fix itself is not 
> complete, they say how to fix the dnsmasq.service file:
>
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774970
>
> I do not get the problem, because when I installed debian on the server, I 
> stripped out systemd altogether.  I will never use systemd in a server 
> environment.
>
> Regards,
>
> Christopher.
>
> On Sunday, 8 September 2019 06:30:56 UTC+12, SK NZ wrote:
>>
>> Hello,
>> I guess *grase-conf-squid3-3.3* needs to update to work with 
>> *squid3 3.4.8-6+deb8u8*. For now, I've edited *squid.conf.grase *file.
>>
>> http_port 3128 intercept 
>>
>> *   to*
>>
>>> http_port 3128 accel vhost allow-direct                                
>>>                                               
>>
>>
>> Now I can browse *both* HTTP and HTTPS sites, and the admin panel is 
>> also logging HTTP traffic. I'm facing another issue. I need to restart 
>> *dnsmasq* after every boot, otherwise, captive portal is not working. Is 
>> there any way to fix it? I tried to add *rc.local*, no luck!
>>
>>
>>
>> On Saturday, September 7, 2019 at 9:55:28 PM UTC+6, SK NZ wrote:
>>>
>>>
>>> Thanks the help, really appreciating.  Here is iptables -vL
>>>
>>> [image: test.PNG]
>>>
>>>
>>>
>>> On Saturday, September 7, 2019 at 9:40:01 PM UTC+6, christopher wrote:
>>>>
>>>> Hello,
>>>>
>>>> Please provide the output of iptables -vL
>>>>
>>>> This shows the full chains.  I still think it is a problem with the 
>>>> rules.  However with that output, at least Tim or someone else may see 
>>>> something I have missed.  I need sleep, but will check your results later, 
>>>> if someone does not beat me to it.
>>>>
>>>> Regards,
>>>>
>>>> Christopher.
>>>>
>>>> On Sunday, 8 September 2019 02:45:13 UTC+12, SK NZ wrote:
>>>>>
>>>>> Hello,
>>>>> I replaced *AP* with *Computer* for testing. So now Grase Hotspot 
>>>>> Server is directly wired to a Laptop. I tried to browse HTTP/HTTPS sites in 
>>>>> the Windows 8 Laptop, HTTPS sites are loading fine, even I can browse 
>>>>> IP:5500 site!  I cannot visit any HTTP site. This is clearly ruled out AP 
>>>>> issue.  One the other hand, I can browse HTTP/HTTPS using LYNX in the Grase 
>>>>> Hotspot Server.
>>>>>
>>>>> This could be a SQUID issue?
>>>>>
>>>>> I've two NIC, *eth0* configured for WAN(to router LAN port) and *eth1* 
>>>>> configured for Grase Hotspot LAN(AP). 
>>>>>
>>>>> -P INPUT ACCEPT
>>>>>> -P FORWARD ACCEPT
>>>>>> -P OUTPUT ACCEPT
>>>>>> -A INPUT -i eth1 -j DROP
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p icmp -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p udp -m udp --dport 53 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
>>>>>> -A INPUT -d 255.255.255.255/32 -i tun0 -p udp -m udp --dport 67:68 
>>>>>> -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3128 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 53 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 2812 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 22 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 443 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 4990 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -j DROP
>>>>>> -A FORWARD -i tun0 -o eth0 -j ACCEPT
>>>>>> -A FORWARD -i tun0 ! -o eth0 -j DROP
>>>>>> -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS 
>>>>>> --clamp-mss-to-pmtu
>>>>>> -A FORWARD -o tun0 -j ACCEPT
>>>>>> -A FORWARD -i tun0 -j ACCEPT
>>>>>> -A FORWARD -o eth1 -j DROP
>>>>>> -A FORWARD -i eth1 -j DROP
>>>>>
>>>>>
>>>>> and ifconfig
>>>>>
>>>>> eth0      Link encap:Ethernet  HWaddr d8:cb:8a:53:b5:ff
>>>>>>           inet addr:192.168.0.100  Bcast:192.168.0.255  
>>>>>> Mask:255.255.255.0
>>>>>>           inet6 addr: fe80::dacb:8aff:fe53:b5ff/64 Scope:Link
>>>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>>>>           RX packets:36385 errors:0 dropped:0 overruns:0 frame:0
>>>>>>           TX packets:21295 errors:0 dropped:0 overruns:0 carrier:0
>>>>>>           collisions:0 txqueuelen:1000
>>>>>>           RX bytes:20320392 (19.3 MiB)  TX bytes:3860264 (3.6 MiB)
>>>>>> eth1      Link encap:Ethernet  HWaddr 00:e0:4c:53:44:58
>>>>>>           inet6 addr: fe80::2e0:4cff:fe53:4458/64 Scope:Link
>>>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>>>>           RX packets:31776 errors:58 dropped:16 overruns:17 frame:87
>>>>>>           TX packets:31316 errors:0 dropped:0 overruns:0 carrier:0
>>>>>>           collisions:0 txqueuelen:1000
>>>>>>           RX bytes:4663037 (4.4 MiB)  TX bytes:20131262 (19.1 MiB)
>>>>>> lo        Link encap:Local Loopback
>>>>>>           inet addr:127.0.0.1  Mask:255.0.0.0
>>>>>>           inet6 addr: ::1/128 Scope:Host
>>>>>>           UP LOOPBACK RUNNING  MTU:65536  Metric:1
>>>>>>           RX packets:759 errors:0 dropped:0 overruns:0 frame:0
>>>>>>           TX packets:759 errors:0 dropped:0 overruns:0 carrier:0
>>>>>>           collisions:0 txqueuelen:0
>>>>>>           RX bytes:154270 (150.6 KiB)  TX bytes:154270 (150.6 KiB)
>>>>>> tun0      Link encap:UNSPEC  HWaddr 
>>>>>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>>>>>>           inet addr:10.1.0.1  P-t-P:10.1.0.1  Mask:255.255.255.0
>>>>>>           UP POINTOPOINT RUNNING  MTU:1500  Metric:1
>>>>>>           RX packets:23123 errors:0 dropped:0 overruns:0 frame:0
>>>>>>           TX packets:29580 errors:0 dropped:0 overruns:0 carrier:0
>>>>>>           collisions:0 txqueuelen:100
>>>>>>           RX bytes:3592912 (3.4 MiB)  TX bytes:19552030 (18.6 MiB)
>>>>>
>>>>>
>>>>>
>>>>> Support Data : https://paste.grasehotspot.org/view/e56ddd33
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Saturday, September 7, 2019 at 6:23:49 PM UTC+6, christopher wrote:
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> Ack, I am running out of ideas here.  
>>>>>>
>>>>>> Go back to the iptable rules and make sure that the ethernet devices 
>>>>>> match for the http and https.
>>>>>>
>>>>>> Also check in the admin panel of grase as administrator that the 
>>>>>> cards are correct.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Christopher.
>>>>>>
>>>>>> On Saturday, 7 September 2019 22:21:38 UTC+12, SK NZ wrote:
>>>>>>>
>>>>>>> In a freshly installed Grase Hotspot server, I can connect to an AP. 
>>>>>>> I can browse *https sites*... But *non-https sites* are not loading 
>>>>>>> at all. I tried from different devices and different browsers. Any 
>>>>>>> suggestions? 
>>>>>>>
>>>>>>> Support data : https://paste.grasehotspot.org/view/e56ddd33
>>>>>>>
>>>>>>

Thread