2019-09-07 - Re: Non HTTPS sites are not working
Header Data
From: SK NZ <sa***m@gmail.com>
Message Hash: 6a78da4c40a59c6699105169966e1634ac447ec0bd8d8480fa4e11c88931e806
Message ID: <f4230472-46ce-4c5e-8458-daa4fdb21395@grasehotspot.org>
Reply To: <c54e8c4e-b206-4ba3-8774-d8919f1b161a@grasehotspot.org>
UTC Datetime: 2019-09-07 22:16:58 UTC
Raw Date: Sat, 07 Sep 2019 22:16:58 -0700
Raw message
Hello,
Yes, they could. I've run *apt-get upgrade*, no luck!
Tim have done wonderful job so far. He really deserves that boost up from
us. I'm going to rewrite some part of UAM captive portal, as in I need to
make it work with my OTP server. Is there anyone implemented it for grase
yet?
Now HTTP and HTTPS sites are working perfectly, and HTTP traffic logging is
also working. Though nowadays almost every site implemented HTTPS in their
end, so this logging is a bit useless. Maybe it will log 5% of total
traffic. So I was wondering if we can log HTTPS traffic without
intercepting, so that client won't need to install a certificate and found
this wonderful
article: http://blog.manty.net/2014/12/squid-proxy-being-transparent-also-for.html
I believe I'm gonna give a try to implement this for grase, what do you
think? I may need some help with IPTABLE. :(
On Sunday, September 8, 2019 at 10:58:36 AM UTC+6, christopher wrote:
>
> Hello,
>
> I just had a thought. Perhaps they have managed to fix the service file
> in later updates to jessie. Try doing:
>
> sudo apt-get update
> sudo apt-get upgrade
>
> That should pull in everything from the security channel as well as from
> the repositories.
>
> There won't be any changes to the current version of grase, as Tim is in
> the process of re-writting the code so that it works on the latest versions
> of Ubuntu and Debian. That is coming out sometime in the first half of
> next year. He is doing it in his spare time. A group of us have decided
> to donate money to the project so that it was not terminated.
>
> Regards,
>
> Christopher.
>
> On Sunday, 8 September 2019 06:30:56 UTC+12, SK NZ wrote:
>>
>> Hello,
>> I guess *grase-conf-squid3-3.3* needs to update to work with
>> *squid3 3.4.8-6+deb8u8*. For now, I've edited *squid.conf.grase *file.
>>
>> http_port 3128 intercept
>>
>> * to*
>>
>>> http_port 3128 accel vhost allow-direct
>>>
>>
>>
>> Now I can browse *both* HTTP and HTTPS sites, and the admin panel is
>> also logging HTTP traffic. I'm facing another issue. I need to restart
>> *dnsmasq* after every boot, otherwise, captive portal is not working. Is
>> there any way to fix it? I tried to add *rc.local*, no luck!
>>
>>
>>
>> On Saturday, September 7, 2019 at 9:55:28 PM UTC+6, SK NZ wrote:
>>>
>>>
>>> Thanks the help, really appreciating. Here is iptables -vL
>>>
>>> [image: test.PNG]
>>>
>>>
>>>
>>> On Saturday, September 7, 2019 at 9:40:01 PM UTC+6, christopher wrote:
>>>>
>>>> Hello,
>>>>
>>>> Please provide the output of iptables -vL
>>>>
>>>> This shows the full chains. I still think it is a problem with the
>>>> rules. However with that output, at least Tim or someone else may see
>>>> something I have missed. I need sleep, but will check your results later,
>>>> if someone does not beat me to it.
>>>>
>>>> Regards,
>>>>
>>>> Christopher.
>>>>
>>>> On Sunday, 8 September 2019 02:45:13 UTC+12, SK NZ wrote:
>>>>>
>>>>> Hello,
>>>>> I replaced *AP* with *Computer* for testing. So now Grase Hotspot
>>>>> Server is directly wired to a Laptop. I tried to browse HTTP/HTTPS sites in
>>>>> the Windows 8 Laptop, HTTPS sites are loading fine, even I can browse
>>>>> IP:5500 site! I cannot visit any HTTP site. This is clearly ruled out AP
>>>>> issue. One the other hand, I can browse HTTP/HTTPS using LYNX in the Grase
>>>>> Hotspot Server.
>>>>>
>>>>> This could be a SQUID issue?
>>>>>
>>>>> I've two NIC, *eth0* configured for WAN(to router LAN port) and *eth1*
>>>>> configured for Grase Hotspot LAN(AP).
>>>>>
>>>>> -P INPUT ACCEPT
>>>>>> -P FORWARD ACCEPT
>>>>>> -P OUTPUT ACCEPT
>>>>>> -A INPUT -i eth1 -j DROP
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p icmp -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p udp -m udp --dport 53 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
>>>>>> -A INPUT -d 255.255.255.255/32 -i tun0 -p udp -m udp --dport 67:68
>>>>>> -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3128 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 53 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 2812 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 22 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 443 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 4990 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
>>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -j DROP
>>>>>> -A FORWARD -i tun0 -o eth0 -j ACCEPT
>>>>>> -A FORWARD -i tun0 ! -o eth0 -j DROP
>>>>>> -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS
>>>>>> --clamp-mss-to-pmtu
>>>>>> -A FORWARD -o tun0 -j ACCEPT
>>>>>> -A FORWARD -i tun0 -j ACCEPT
>>>>>> -A FORWARD -o eth1 -j DROP
>>>>>> -A FORWARD -i eth1 -j DROP
>>>>>
>>>>>
>>>>> and ifconfig
>>>>>
>>>>> eth0 Link encap:Ethernet HWaddr d8:cb:8a:53:b5:ff
>>>>>> inet addr:192.168.0.100 Bcast:192.168.0.255
>>>>>> Mask:255.255.255.0
>>>>>> inet6 addr: fe80::dacb:8aff:fe53:b5ff/64 Scope:Link
>>>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>>>> RX packets:36385 errors:0 dropped:0 overruns:0 frame:0
>>>>>> TX packets:21295 errors:0 dropped:0 overruns:0 carrier:0
>>>>>> collisions:0 txqueuelen:1000
>>>>>> RX bytes:20320392 (19.3 MiB) TX bytes:3860264 (3.6 MiB)
>>>>>> eth1 Link encap:Ethernet HWaddr 00:e0:4c:53:44:58
>>>>>> inet6 addr: fe80::2e0:4cff:fe53:4458/64 Scope:Link
>>>>>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>>>>> RX packets:31776 errors:58 dropped:16 overruns:17 frame:87
>>>>>> TX packets:31316 errors:0 dropped:0 overruns:0 carrier:0
>>>>>> collisions:0 txqueuelen:1000
>>>>>> RX bytes:4663037 (4.4 MiB) TX bytes:20131262 (19.1 MiB)
>>>>>> lo Link encap:Local Loopback
>>>>>> inet addr:127.0.0.1 Mask:255.0.0.0
>>>>>> inet6 addr: ::1/128 Scope:Host
>>>>>> UP LOOPBACK RUNNING MTU:65536 Metric:1
>>>>>> RX packets:759 errors:0 dropped:0 overruns:0 frame:0
>>>>>> TX packets:759 errors:0 dropped:0 overruns:0 carrier:0
>>>>>> collisions:0 txqueuelen:0
>>>>>> RX bytes:154270 (150.6 KiB) TX bytes:154270 (150.6 KiB)
>>>>>> tun0 Link encap:UNSPEC HWaddr
>>>>>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>>>>>> inet addr:10.1.0.1 P-t-P:10.1.0.1 Mask:255.255.255.0
>>>>>> UP POINTOPOINT RUNNING MTU:1500 Metric:1
>>>>>> RX packets:23123 errors:0 dropped:0 overruns:0 frame:0
>>>>>> TX packets:29580 errors:0 dropped:0 overruns:0 carrier:0
>>>>>> collisions:0 txqueuelen:100
>>>>>> RX bytes:3592912 (3.4 MiB) TX bytes:19552030 (18.6 MiB)
>>>>>
>>>>>
>>>>>
>>>>> Support Data : https://paste.grasehotspot.org/view/e56ddd33
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Saturday, September 7, 2019 at 6:23:49 PM UTC+6, christopher wrote:
>>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> Ack, I am running out of ideas here.
>>>>>>
>>>>>> Go back to the iptable rules and make sure that the ethernet devices
>>>>>> match for the http and https.
>>>>>>
>>>>>> Also check in the admin panel of grase as administrator that the
>>>>>> cards are correct.
>>>>>>
>>>>>> Regards,
>>>>>>
>>>>>> Christopher.
>>>>>>
>>>>>> On Saturday, 7 September 2019 22:21:38 UTC+12, SK NZ wrote:
>>>>>>>
>>>>>>> In a freshly installed Grase Hotspot server, I can connect to an AP.
>>>>>>> I can browse *https sites*... But *non-https sites* are not loading
>>>>>>> at all. I tried from different devices and different browsers. Any
>>>>>>> suggestions?
>>>>>>>
>>>>>>> Support data : https://paste.grasehotspot.org/view/e56ddd33
>>>>>>>
>>>>>>
Thread
-
Return to September 2019
- Return to “christopher <me***e@pc-networking-services.com>”
-
Return to “SK NZ <sa***m@gmail.com>”
- 2019-09-07 (Sat, 07 Sep 2019 03:21:38 -0700) - Non HTTPS sites are not working - SK NZ <sa***m@gmail.com>
- 2019-09-07 (Sat, 07 Sep 2019 03:43:48 -0700) - Re: Non HTTPS sites are not working - christopher <me***e@pc-networking-services.com>
- 2019-09-07 (Sat, 07 Sep 2019 04:17:23 -0700) - Re: Non HTTPS sites are not working - SK NZ <sa***m@gmail.com>
- 2019-09-07 (Sat, 07 Sep 2019 04:24:00 -0700) - Re: Non HTTPS sites are not working - christopher <me***e@pc-networking-services.com>
- 2019-09-07 (Sat, 07 Sep 2019 04:45:28 -0700) - Re: Non HTTPS sites are not working - SK NZ <sa***m@gmail.com>
- 2019-09-07 (Sat, 07 Sep 2019 04:51:25 -0700) - Re: Non HTTPS sites are not working - christopher <me***e@pc-networking-services.com>
- 2019-09-07 (Sat, 07 Sep 2019 05:18:46 -0700) - Re: Non HTTPS sites are not working - SK NZ <sa***m@gmail.com>
- 2019-09-07 (Sat, 07 Sep 2019 05:23:49 -0700) - Re: Non HTTPS sites are not working - christopher <me***e@pc-networking-services.com>
- 2019-09-07 (Sat, 07 Sep 2019 07:45:13 -0700) - Re: Non HTTPS sites are not working - SK NZ <sa***m@gmail.com>
- 2019-09-07 (Sat, 07 Sep 2019 08:40:01 -0700) - Re: Non HTTPS sites are not working - christopher <me***e@pc-networking-services.com>
- 2019-09-07 (Sat, 07 Sep 2019 08:55:27 -0700) - Re: Non HTTPS sites are not working - SK NZ <sa***m@gmail.com>
- 2019-09-07 (Sat, 07 Sep 2019 11:30:56 -0700) - Re: Non HTTPS sites are not working - SK NZ <sa***m@gmail.com>
- 2019-09-07 (Sat, 07 Sep 2019 21:40:14 -0700) - Re: Non HTTPS sites are not working - christopher <me***e@pc-networking-services.com>
- 2019-09-07 (Sat, 07 Sep 2019 21:58:50 -0700) - Re: Non HTTPS sites are not working - SK NZ <sa***m@gmail.com>
- 2019-09-07 (Sat, 07 Sep 2019 21:58:36 -0700) - Re: Non HTTPS sites are not working - christopher <me***e@pc-networking-services.com>
- 2019-09-07 (Sat, 07 Sep 2019 22:16:58 -0700) - Re: Non HTTPS sites are not working - SK NZ <sa***m@gmail.com>
- 2019-09-07 (Sat, 07 Sep 2019 21:40:14 -0700) - Re: Non HTTPS sites are not working - christopher <me***e@pc-networking-services.com>
- 2019-09-07 (Sat, 07 Sep 2019 11:30:56 -0700) - Re: Non HTTPS sites are not working - SK NZ <sa***m@gmail.com>
- 2019-09-07 (Sat, 07 Sep 2019 08:55:27 -0700) - Re: Non HTTPS sites are not working - SK NZ <sa***m@gmail.com>
- 2019-09-07 (Sat, 07 Sep 2019 08:40:01 -0700) - Re: Non HTTPS sites are not working - christopher <me***e@pc-networking-services.com>
- 2019-09-07 (Sat, 07 Sep 2019 07:45:13 -0700) - Re: Non HTTPS sites are not working - SK NZ <sa***m@gmail.com>
- 2019-09-07 (Sat, 07 Sep 2019 03:43:48 -0700) - Re: Non HTTPS sites are not working - christopher <me***e@pc-networking-services.com>