2019-09-07 - Re: Non HTTPS sites are not working

Header Data

From: christopher <me***e@pc-networking-services.com>
Message Hash: ba970886329b2d91c1bc8f0fcef168149be23e004a5c6de5cb7a747901f3d6f2
Message ID: <f4015448-f6ad-4fd0-a106-11040500cbfa@grasehotspot.org>
Reply To: <8cd401fe-2cbb-49c3-a8b3-75253704ab32@grasehotspot.org>
UTC Datetime: 2019-09-07 21:40:14 UTC
Raw Date: Sat, 07 Sep 2019 21:40:14 -0700

Raw message 

Hello,

I am glad that you managed to get it working.  I was just going through 
logical steps in a process of elimination.

For dnsmasq, I found the following, that even though the fix itself is not 
complete, they say how to fix the dnsmasq.service file:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774970

I do not get the problem, because when I installed debian on the server, I 
stripped out systemd altogether.  I will never use systemd in a server 
environment.

Regards,

Christopher.

On Sunday, 8 September 2019 06:30:56 UTC+12, SK NZ wrote:
>
> Hello,
> I guess *grase-conf-squid3-3.3* needs to update to work with 
> *squid3 3.4.8-6+deb8u8*. For now, I've edited *squid.conf.grase *file.
>
> http_port 3128 intercept 
>
> *   to*
>
>> http_port 3128 accel vhost allow-direct                                  
>>                                             
>
>
> Now I can browse *both* HTTP and HTTPS sites, and the admin panel is also 
> logging HTTP traffic. I'm facing another issue. I need to restart 
> *dnsmasq* after every boot, otherwise, captive portal is not working. Is 
> there any way to fix it? I tried to add *rc.local*, no luck!
>
>
>
> On Saturday, September 7, 2019 at 9:55:28 PM UTC+6, SK NZ wrote:
>>
>>
>> Thanks the help, really appreciating.  Here is iptables -vL
>>
>> [image: test.PNG]
>>
>>
>>
>> On Saturday, September 7, 2019 at 9:40:01 PM UTC+6, christopher wrote:
>>>
>>> Hello,
>>>
>>> Please provide the output of iptables -vL
>>>
>>> This shows the full chains.  I still think it is a problem with the 
>>> rules.  However with that output, at least Tim or someone else may see 
>>> something I have missed.  I need sleep, but will check your results later, 
>>> if someone does not beat me to it.
>>>
>>> Regards,
>>>
>>> Christopher.
>>>
>>> On Sunday, 8 September 2019 02:45:13 UTC+12, SK NZ wrote:
>>>>
>>>> Hello,
>>>> I replaced *AP* with *Computer* for testing. So now Grase Hotspot 
>>>> Server is directly wired to a Laptop. I tried to browse HTTP/HTTPS sites in 
>>>> the Windows 8 Laptop, HTTPS sites are loading fine, even I can browse 
>>>> IP:5500 site!  I cannot visit any HTTP site. This is clearly ruled out AP 
>>>> issue.  One the other hand, I can browse HTTP/HTTPS using LYNX in the Grase 
>>>> Hotspot Server.
>>>>
>>>> This could be a SQUID issue?
>>>>
>>>> I've two NIC, *eth0* configured for WAN(to router LAN port) and *eth1* 
>>>> configured for Grase Hotspot LAN(AP). 
>>>>
>>>> -P INPUT ACCEPT
>>>>> -P FORWARD ACCEPT
>>>>> -P OUTPUT ACCEPT
>>>>> -A INPUT -i eth1 -j DROP
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p icmp -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p udp -m udp --dport 53 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
>>>>> -A INPUT -d 255.255.255.255/32 -i tun0 -p udp -m udp --dport 67:68 -j 
>>>>> ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3128 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 53 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 2812 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 22 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 443 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 4990 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -j DROP
>>>>> -A FORWARD -i tun0 -o eth0 -j ACCEPT
>>>>> -A FORWARD -i tun0 ! -o eth0 -j DROP
>>>>> -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS 
>>>>> --clamp-mss-to-pmtu
>>>>> -A FORWARD -o tun0 -j ACCEPT
>>>>> -A FORWARD -i tun0 -j ACCEPT
>>>>> -A FORWARD -o eth1 -j DROP
>>>>> -A FORWARD -i eth1 -j DROP
>>>>
>>>>
>>>> and ifconfig
>>>>
>>>> eth0      Link encap:Ethernet  HWaddr d8:cb:8a:53:b5:ff
>>>>>           inet addr:192.168.0.100  Bcast:192.168.0.255  
>>>>> Mask:255.255.255.0
>>>>>           inet6 addr: fe80::dacb:8aff:fe53:b5ff/64 Scope:Link
>>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>>>           RX packets:36385 errors:0 dropped:0 overruns:0 frame:0
>>>>>           TX packets:21295 errors:0 dropped:0 overruns:0 carrier:0
>>>>>           collisions:0 txqueuelen:1000
>>>>>           RX bytes:20320392 (19.3 MiB)  TX bytes:3860264 (3.6 MiB)
>>>>> eth1      Link encap:Ethernet  HWaddr 00:e0:4c:53:44:58
>>>>>           inet6 addr: fe80::2e0:4cff:fe53:4458/64 Scope:Link
>>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>>>           RX packets:31776 errors:58 dropped:16 overruns:17 frame:87
>>>>>           TX packets:31316 errors:0 dropped:0 overruns:0 carrier:0
>>>>>           collisions:0 txqueuelen:1000
>>>>>           RX bytes:4663037 (4.4 MiB)  TX bytes:20131262 (19.1 MiB)
>>>>> lo        Link encap:Local Loopback
>>>>>           inet addr:127.0.0.1  Mask:255.0.0.0
>>>>>           inet6 addr: ::1/128 Scope:Host
>>>>>           UP LOOPBACK RUNNING  MTU:65536  Metric:1
>>>>>           RX packets:759 errors:0 dropped:0 overruns:0 frame:0
>>>>>           TX packets:759 errors:0 dropped:0 overruns:0 carrier:0
>>>>>           collisions:0 txqueuelen:0
>>>>>           RX bytes:154270 (150.6 KiB)  TX bytes:154270 (150.6 KiB)
>>>>> tun0      Link encap:UNSPEC  HWaddr 
>>>>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>>>>>           inet addr:10.1.0.1  P-t-P:10.1.0.1  Mask:255.255.255.0
>>>>>           UP POINTOPOINT RUNNING  MTU:1500  Metric:1
>>>>>           RX packets:23123 errors:0 dropped:0 overruns:0 frame:0
>>>>>           TX packets:29580 errors:0 dropped:0 overruns:0 carrier:0
>>>>>           collisions:0 txqueuelen:100
>>>>>           RX bytes:3592912 (3.4 MiB)  TX bytes:19552030 (18.6 MiB)
>>>>
>>>>
>>>>
>>>> Support Data : https://paste.grasehotspot.org/view/e56ddd33
>>>>
>>>>
>>>>
>>>>
>>>> On Saturday, September 7, 2019 at 6:23:49 PM UTC+6, christopher wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> Ack, I am running out of ideas here.  
>>>>>
>>>>> Go back to the iptable rules and make sure that the ethernet devices 
>>>>> match for the http and https.
>>>>>
>>>>> Also check in the admin panel of grase as administrator that the cards 
>>>>> are correct.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Christopher.
>>>>>
>>>>> On Saturday, 7 September 2019 22:21:38 UTC+12, SK NZ wrote:
>>>>>>
>>>>>> In a freshly installed Grase Hotspot server, I can connect to an AP. 
>>>>>> I can browse *https sites*... But *non-https sites* are not loading 
>>>>>> at all. I tried from different devices and different browsers. Any 
>>>>>> suggestions? 
>>>>>>
>>>>>> Support data : https://paste.grasehotspot.org/view/e56ddd33
>>>>>>
>>>>>

Thread