2019-09-07 - Re: Non HTTPS sites are not working

Header Data

From: christopher <me***e@pc-networking-services.com>
Message Hash: decc1a4c442e3c907db2bd4a041e20647ff1ac8bffea61a1129edc46934be293
Message ID: <c54e8c4e-b206-4ba3-8774-d8919f1b161a@grasehotspot.org>
Reply To: <8cd401fe-2cbb-49c3-a8b3-75253704ab32@grasehotspot.org>
UTC Datetime: 2019-09-07 21:58:36 UTC
Raw Date: Sat, 07 Sep 2019 21:58:36 -0700

Raw message

Hello,

I just had a thought.  Perhaps they have managed to fix the service file in 
later updates to jessie.  Try doing:

sudo apt-get update
sudo apt-get upgrade

That should pull in everything from the security channel as well as from 
the repositories.

There won't be any changes to the current version of grase, as Tim is in 
the process of re-writting the code so that it works on the latest versions 
of Ubuntu and Debian.  That is coming out sometime in the first half of 
next year.  He is doing it in his spare time.  A group of us have decided 
to donate money to the project so that it was not terminated.

Regards,

Christopher.

On Sunday, 8 September 2019 06:30:56 UTC+12, SK NZ wrote:
>
> Hello,
> I guess *grase-conf-squid3-3.3* needs to update to work with 
> *squid3 3.4.8-6+deb8u8*. For now, I've edited *squid.conf.grase *file.
>
> http_port 3128 intercept 
>
> *   to*
>
>> http_port 3128 accel vhost allow-direct                                  
>>                                             
>
>
> Now I can browse *both* HTTP and HTTPS sites, and the admin panel is also 
> logging HTTP traffic. I'm facing another issue. I need to restart 
> *dnsmasq* after every boot, otherwise, captive portal is not working. Is 
> there any way to fix it? I tried to add *rc.local*, no luck!
>
>
>
> On Saturday, September 7, 2019 at 9:55:28 PM UTC+6, SK NZ wrote:
>>
>>
>> Thanks the help, really appreciating.  Here is iptables -vL
>>
>> [image: test.PNG]
>>
>>
>>
>> On Saturday, September 7, 2019 at 9:40:01 PM UTC+6, christopher wrote:
>>>
>>> Hello,
>>>
>>> Please provide the output of iptables -vL
>>>
>>> This shows the full chains.  I still think it is a problem with the 
>>> rules.  However with that output, at least Tim or someone else may see 
>>> something I have missed.  I need sleep, but will check your results later, 
>>> if someone does not beat me to it.
>>>
>>> Regards,
>>>
>>> Christopher.
>>>
>>> On Sunday, 8 September 2019 02:45:13 UTC+12, SK NZ wrote:
>>>>
>>>> Hello,
>>>> I replaced *AP* with *Computer* for testing. So now Grase Hotspot 
>>>> Server is directly wired to a Laptop. I tried to browse HTTP/HTTPS sites in 
>>>> the Windows 8 Laptop, HTTPS sites are loading fine, even I can browse 
>>>> IP:5500 site!  I cannot visit any HTTP site. This is clearly ruled out AP 
>>>> issue.  One the other hand, I can browse HTTP/HTTPS using LYNX in the Grase 
>>>> Hotspot Server.
>>>>
>>>> This could be a SQUID issue?
>>>>
>>>> I've two NIC, *eth0* configured for WAN(to router LAN port) and *eth1* 
>>>> configured for Grase Hotspot LAN(AP). 
>>>>
>>>> -P INPUT ACCEPT
>>>>> -P FORWARD ACCEPT
>>>>> -P OUTPUT ACCEPT
>>>>> -A INPUT -i eth1 -j DROP
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p icmp -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p udp -m udp --dport 53 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p udp -m udp --dport 67:68 -j ACCEPT
>>>>> -A INPUT -d 255.255.255.255/32 -i tun0 -p udp -m udp --dport 67:68 -j 
>>>>> ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3128 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 53 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 2812 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 22 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 443 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 80 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 4990 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -p tcp -m tcp --dport 3990 -j ACCEPT
>>>>> -A INPUT -d 10.1.0.1/32 -i tun0 -j DROP
>>>>> -A FORWARD -i tun0 -o eth0 -j ACCEPT
>>>>> -A FORWARD -i tun0 ! -o eth0 -j DROP
>>>>> -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS 
>>>>> --clamp-mss-to-pmtu
>>>>> -A FORWARD -o tun0 -j ACCEPT
>>>>> -A FORWARD -i tun0 -j ACCEPT
>>>>> -A FORWARD -o eth1 -j DROP
>>>>> -A FORWARD -i eth1 -j DROP
>>>>
>>>>
>>>> and ifconfig
>>>>
>>>> eth0      Link encap:Ethernet  HWaddr d8:cb:8a:53:b5:ff
>>>>>           inet addr:192.168.0.100  Bcast:192.168.0.255  
>>>>> Mask:255.255.255.0
>>>>>           inet6 addr: fe80::dacb:8aff:fe53:b5ff/64 Scope:Link
>>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>>>           RX packets:36385 errors:0 dropped:0 overruns:0 frame:0
>>>>>           TX packets:21295 errors:0 dropped:0 overruns:0 carrier:0
>>>>>           collisions:0 txqueuelen:1000
>>>>>           RX bytes:20320392 (19.3 MiB)  TX bytes:3860264 (3.6 MiB)
>>>>> eth1      Link encap:Ethernet  HWaddr 00:e0:4c:53:44:58
>>>>>           inet6 addr: fe80::2e0:4cff:fe53:4458/64 Scope:Link
>>>>>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>>>>>           RX packets:31776 errors:58 dropped:16 overruns:17 frame:87
>>>>>           TX packets:31316 errors:0 dropped:0 overruns:0 carrier:0
>>>>>           collisions:0 txqueuelen:1000
>>>>>           RX bytes:4663037 (4.4 MiB)  TX bytes:20131262 (19.1 MiB)
>>>>> lo        Link encap:Local Loopback
>>>>>           inet addr:127.0.0.1  Mask:255.0.0.0
>>>>>           inet6 addr: ::1/128 Scope:Host
>>>>>           UP LOOPBACK RUNNING  MTU:65536  Metric:1
>>>>>           RX packets:759 errors:0 dropped:0 overruns:0 frame:0
>>>>>           TX packets:759 errors:0 dropped:0 overruns:0 carrier:0
>>>>>           collisions:0 txqueuelen:0
>>>>>           RX bytes:154270 (150.6 KiB)  TX bytes:154270 (150.6 KiB)
>>>>> tun0      Link encap:UNSPEC  HWaddr 
>>>>> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
>>>>>           inet addr:10.1.0.1  P-t-P:10.1.0.1  Mask:255.255.255.0
>>>>>           UP POINTOPOINT RUNNING  MTU:1500  Metric:1
>>>>>           RX packets:23123 errors:0 dropped:0 overruns:0 frame:0
>>>>>           TX packets:29580 errors:0 dropped:0 overruns:0 carrier:0
>>>>>           collisions:0 txqueuelen:100
>>>>>           RX bytes:3592912 (3.4 MiB)  TX bytes:19552030 (18.6 MiB)
>>>>
>>>>
>>>>
>>>> Support Data : https://paste.grasehotspot.org/view/e56ddd33
>>>>
>>>>
>>>>
>>>>
>>>> On Saturday, September 7, 2019 at 6:23:49 PM UTC+6, christopher wrote:
>>>>>
>>>>> Hello,
>>>>>
>>>>> Ack, I am running out of ideas here.  
>>>>>
>>>>> Go back to the iptable rules and make sure that the ethernet devices 
>>>>> match for the http and https.
>>>>>
>>>>> Also check in the admin panel of grase as administrator that the cards 
>>>>> are correct.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Christopher.
>>>>>
>>>>> On Saturday, 7 September 2019 22:21:38 UTC+12, SK NZ wrote:
>>>>>>
>>>>>> In a freshly installed Grase Hotspot server, I can connect to an AP. 
>>>>>> I can browse *https sites*... But *non-https sites* are not loading 
>>>>>> at all. I tried from different devices and different browsers. Any 
>>>>>> suggestions? 
>>>>>>
>>>>>> Support data : https://paste.grasehotspot.org/view/e56ddd33
>>>>>>
>>>>>

Thread