Trio3b

Used Coppernet with linux for almost a year. Good price, decent service and don't have to use any proprietary software like People PC or AOL. good luck

You say you are installing from the web - are you using apps that are packaged for your specific distro and kernel? I destroyed a pefectly good MDK 10 installation by trying to install an app that came with different versions of dependencies than thos erequired by my distro.

Thanks, had 'net sharing before, but when installed squid it went away until I set proxy in Firefox preferences. So I have it now. You are correct, webfiltering oof PC1 is next to keep the kids off the stoooopid sites. Unfortunately, will have to leave the PCs alone for a week or two due to other obligations. I'll be back. Thanks

I believe there is a way to save your Mandrake package selection and also build a Live CD with MDK LIVE, but would like bootable installable discs. I would like to build a custom set of bootable discs based on MDK 10.2 or 2006 to include some MDK default packages and also some other apps like OO2 or Abiword. Also would like to include flashplayer, Java (I know these are included in the commercial releases). Does this amount to Linux fron Scratch? any ideas? Thanks

Will try poking around config files for a while. Thanks to ianw1974. Unfortunately, documentation leaves out most basic information. Fortunately, users can help other users.

OK, making progress stopped squid and dansguardian on PC2 Just on a hunch under preferences>manual proxies, I filled in the http:// slot with this HTTP PROXY http://192.168.10.2 PORT 3128 Didn't work removed the http:// and I now have 'net connection to PC2. OK ssh is working and internet sharing is working. 1.As per last post am I correct in assuming squid.conf~ is a stripped down version of squid.conf? 2. Also noticed that starting squid via CL showed OK, but then viewing MCC services squid was not started . I guess MCC is a frontend for config files, but MCC GUI does not 'follow' files altered by CL? 3. Where does shorewall fit into all of this? 4. Next- Squidguard, Dansguardian, or GuardDog on PC1 or PC2? Thanks

Ok, could not start squid, but modified squid.conf~ to port3128 and here are results: Starting squid: . [ OK ] [root@****2 squid]# chkconfig --list squid squid 0:off 1:off 2:off 3:on 4:on 5:on 6:off [root@****2 squid]# netstat -na | grep 3128 tcp 0 0 0.0.0.0:3128 0.0.0.0:* LISTEN [root@****2 squid]# I know squid.conf~ is a backup but why does it look so different and what is the relationship. I thought maybe squid.conf~ is the file without all the commented instructions? hope this helps Thanks

On PC2 opened preferences in firefox>select connection settings>set to manual>set http:// to http;//192.168.10.1 port 3128 log onto home page>receive error message "proxy you have setup could not be found" Also on PC1 there are 2 squid.conf files, one with ~ on PC2 there is just one squid.conf any reason? Thanks

Thanks for reply. ....frustrated- I have been posting for weeks about this, you are the first person to even suggest using drakwizard. It had not been installed, but is now. Squid is running on PC1 and is set to port 3128 as per default. I had been reading about port8080 but this failed so went back to default. OK, squid on PC1 passes test. On PC2 do you mean connection settings in Mozilla preferences for proxy settings or in MCC ? There are several places to alter connection settings in MCC. My internet connection on PC2 is now gone. Sorry, I need very explicit advice, but we have already made progress - Thanks

Thank you for reply. I will try to be specific. If you could walk me through this it would be greatly appreciated. 1. Basically trying to use a web filter to protect a small home network from bad sites. Chose Dansguardian because it is default in MDK and read good reviews. But indicates it needs Squid to operate. 2. this is my setup: Both PCs running MDK 10.2 . internet -> DSL modem(this is NOT router but does have hdw firewall) <- > eth1 <-> PC1 <-> eth0 <-> hub <-> eth0 <-> PC2 PC1 eth1 was setup w/MCC using DHCP PC1 eth0 and PC2 eth0 were setup static w/MCC using 192.168.10.1 and 192.168.10.2 respectively PC1 setup as gateway in MCC wizards. I have internet sharing setup and ssh working between the two PCs. I have installed both squid and dansguardian on PC1 and PC2 but as per your advice have removed from PC2 and am ready to alter squid.conf on PC1, but really don't understand: 1. Some of the config choices seem contradictory 2. Where do iptables, shorewall and the DSL modem firewall fit into the picture? Notice many squid questions in several forums go unanswered. Maybe this topic is more complex than it appears. Hope you can help! thanks

Running MDK 10.2 on both PCs and also installed squid-2.5.stable9-1.5.102.mdk on both PCs. This is squid.conf from PC2 WELCOME TO SQUID 2 # ------------------ # # This is the default Squid configuration file. You may wish # to look at the Squid home page (http://www.squid-cache.org/) # for the FAQ and other documentation. # # The default Squid config file shows what the defaults for # various options happen to be. If you don't need to change the # default, you shouldn't uncomment the line. Doing so may cause # run-time problems. In some cases "none" refers to no default # setting at all, while in other cases it refers to a valid # option - the comments for that keyword indicate if this is the # case. # # NETWORK OPTIONS # ----------------------------------------------------------------------------- # TAG: http_port # Usage: port # hostname:port # 1.2.3.4:port # # The socket addresses where Squid will listen for HTTP client # requests. You may specify multiple socket addresses. # There are three forms: port alone, hostname with port, and # IP address with port. If you specify a hostname or IP # address, Squid binds the socket to that specific # address. This replaces the old 'tcp_incoming_address' # option. Most likely, you do not need to bind to a specific # address, so you can use the port number alone. # # The default port number is 3128. # # If you are running Squid in accelerator mode, you # probably want to listen on port 80 also, or instead. # # The -a command line option will override the *first* port # number listed here. That option will NOT override an IP # address, however. # # You may specify multiple socket addresses on multiple lines. # # If you run Squid on a dual-homed machine with an internal # and an external interface we recommend you to specify the # internal address:port in http_port. This way Squid will only be # visible on the internal address. # #Default: # http_port 3128 # TAG: https_port # Usage: [ip:]port cert=certificate.pem [key=key.pem] [options...] # # The socket address where Squid will listen for HTTPS client # requests. # # This is really only useful for situations where you are running # squid in accelerator mode and you want to do the SSL work at the # accelerator level. # # You may specify multiple socket addresses on multiple lines, # each with their own SSL certificate and/or options. # # Options: # # cert= Path to SSL certificate (PEM format) # # key= Path to SSL private key file (PEM format) # if not specified, the certificate file is # assumed to be a combined certificate and # key file # # version= The version of SSL/TLS supported # 1 automatic (default) # 2 SSLv2 only # 3 SSLv3 only # 4 TLSv1 only etc..........this goes on for three pages ________________________________________________________________________________ ____________________________________ this is squid.conf from PC1 [user@user2 squid]$ cat squid.conf http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_dir diskd /var/spool/squid 100 16 256 cache_store_log none auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 half_closed_clients off acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost acl mynetwork src 192.168.10.0/255.255.255.0 http_access allow mynetwork http_access allow localhost http_reply_access allow all icp_access allow all visible_hostname myfirewall@mydomain.com httpd_accel_host virtual httpd_accel_with_proxy on httpd_accel_uses_host_header on append_domain .gateway.2wire.net err_html_text admin@mydomain.com deny_info ERR_CUSTOM_ACCESS_DENIED all memory_pools off coredump_dir /var/spool/squid ie_refresh on What am I missing? Why different files? Have read almost all of the squid howtos but they all describe how to change three or four settings but don't explain squid usage in CONTEXT or in relation to hdwr modem firewall, shorewall, dansguardian. Do not describe how to run on network. All PCs? Just the gateway? etc. Sorry but it is very poor documentation. Would like to be able to understand these files but may have to start looking for a GUI solution. Any out there? Any help out there? Thanks

Sorry, how to determine version? thanks

This is the default 'virgin' Mandriva10.2 (2005LE) fstab and mtab before and after insertion of USB flashdrive. without flashdrive fstab: # This file is edited by fstab-sync - see 'man fstab-sync' for details /dev/hda6 / ext3 defaults 1 1 /dev/hda8 /home ext3 defaults 1 2 /dev/hdc /mnt/cdrom iso9660 user,iocharset=iso8859-1,noauto,ro,exec 0 0 none /mnt/floppy supermount dev=/dev/fd0,fs=ext2:vfat,--,umask=0,iocharset=iso8859-1,sync,codepage=850 0 0 /dev/hda1 /mnt/windows ntfs umask=0,nls=iso8859-1,ro 0 0 none /proc proc defaults 0 0 /dev/hda7 swap swap defaults 0 0 mtab: /dev/hda6 / ext3 rw 0 0 none /proc proc rw 0 0 none /proc/bus/usb usbfs rw 0 0 none /sys sysfs rw 0 0 /dev/hda8 /home ext3 rw 0 0 none /mnt/floppy supermount rw,sync,dev=/dev/fd0,fs=ext2:vfat,-- 0 0 /dev/hda1 /mnt/windows ntfs ro,umask=0,nls=iso8859-1 0 0 WITH flashdrive fstab: # This file is edited by fstab-sync - see 'man fstab-sync' for details /dev/hda6 / ext3 defaults 1 1 /dev/hda8 /home ext3 defaults 1 2 /dev/hdc /mnt/cdrom iso9660 user,iocharset=iso8859-1,noauto,ro,exec 0 0 none /mnt/floppy supermount dev=/dev/fd0,fs=ext2:vfat,--,umask=0,iocharset=iso8859-1,sync,codepage=850 0 0 /dev/hda1 /mnt/windows ntfs umask=0,nls=iso8859-1,ro 0 0 none /proc proc defaults 0 0 /dev/hda7 swap swap defaults 0 0 /dev/sda1 /mnt/removable vfat pamconsole,exec,noauto,noatime,sync,codepage=850,iocharset=iso8859-1,managed 0 0 mtab: /dev/hda6 / ext3 rw 0 0 none /proc proc rw 0 0 none /proc/bus/usb usbfs rw 0 0 none /sys sysfs rw 0 0 /dev/hda8 /home ext3 rw 0 0 none /mnt/floppy supermount rw,sync,dev=/dev/fd0,fs=ext2:vfat,-- 0 0 /dev/hda1 /mnt/windows ntfs ro,umask=0,nls=iso8859-1 0 0 /dev/sda1 /mnt/removable vfat rw,nosuid,nodev,sync,noatime,codepage=850,iocharset=iso8859-1,user=noah 0 0 MDV seems to be consistent about detecting insertion of the removable drive, but is inconsistent about placing an icon on the desktop. Eventually, fstab and mtab scripts become corrupted to point where there is a permanent entry in either file. I believe these entries should only be there when the drive is inserted and gone when it is removed. To fix this problem on the 2 'inoperative' PCs, deleted any reference to the USB_removable in both fstab and mtab, then made sure haldaemon and harddrake were both running. Then inserted the drive into each PC. Drive in both cases was detected, but in one PC, icon was placed on desktop but not on the other PC. Try inserting and removing USB flashdrive several times, waiting about 10 sec. between each action. Since this did not result in an icon consistently being placed on desktop, did next best thing: insert the drive right click on empty desktop select 'create new device' scroll to hard disk device select device tab scroll to and select /mnt/removable This gives a permanent USB flashdrive icon on desktop. If anyone can explain why USB drive entries get schmeared or why icon placement is inconsistent, please let us know. Thanks

2 separate PCs. Same problem with 2 separate USB flashdrives. Initially, insert drive and fstab is updated, mtab indicates when drive is in or out, and icon placed on desktop - all OK. As time wears on however, things deteriorate to the point where icon is no longer placed on desktop and must 'create" a link to device. Sometimes the link gives me the ability to select 'trash' or 'delete' the link from context menu. Sometimes it does not. Now MCC recognizes sda in hdwr list when pendrive is in, but not showing in mtab. Altering options in config tool in MCC seems to have no effect. This has happened on 2 diff PCs running MDV 10.2 and leads me to believe there is problem with udev? MDK 10.0 was rock solid about USB removeable. (mounted first time everytime). haldaemon is running Has anything changed ? Thanks

Anyone out there experienced with the above topics. Have read scads of tutorials but cannot find anything putting it all into context. Setup is MDV 10.2 on both PCs. PC1(192.168.10.1) -> eth0 -> hub <- eth0 (192.168.10.2) PC2 (auto DNS) ->eth1 -> DSL -> 'net. 1. Guessing modem (Yahoo 2 wire) is also a hdwr firewall. Haven't checked yet but will. 2. Am preparing to run squid and dansguardian on PC2. They are installed but not configured yet. 3. Have Internet sharing and ssh enabled. 4. Installed firestarter on PC2. All working except now ssh from PC1 to PC2 not working unless I shut off FS. (hope there are preferences to allow for this) SSH from PC2 to PC1 OK. 5. shorewall also running Have I got too much stuff going on , is it installed in the most effective way? Will firestarter and shorewall interfere with each other? I believe they both access iptables. If 2wire DSL modem has an internal hdwr firewall how does this affect a software firewall? Thanks

You got it. Freaked out because when I used the rescue mode, the windows part was fine but the linux partitions were listed as ext2 and am sure MDK 10.2 is ext3. I had been trying to format the hdb as ext2 and thought that the root and home partitions of hda had accidentally been "altered' , but don't know if rewriting an ext3 part as ext2 is possible or what problems this could cause. I think you can change ext2 into ext3. Anyway, for anyone caught in same situation, MDK rescue mode allows you to mount the damaged hd partitions under /mnt of the rescue mode. At the time did not understand why. Took hdb and installed into second MDK 10.2 PC. From there created new directory under /mnt and mounted the "damaged" hd. At that point was able to mount the /etc of the damaged drive and comment out the hdb entries. Then reinstalled this drive into original PC and voila!... had my system back. Now I see why Mandrake rescue offers the "mount filesystem under /mnt" option, although I took the scenic route. Still not sure why the hdb entries caused the problem other than that the hdb partitions never got formatted. I am absolutely positive that I was working on hdb tab of the MCC mount point utility and that the report was that the partition info was going to be written to hdb, but when I clicked on format, report was it was necessary to reboot. Any ideas on what went wrong? Thanks for your help

Thanks, Will check this weekend.

MDK 10.2 boot gets to files system check during boot, then this error: hda7 clean hda8 clean dev/'hdb1 The superblock could not be read because it does not describe a correct ext2 filesystem. dev/hdb2 same error fsck ext2...no such file while trying to open hdb1 fsck ext3...no such file while trying to open hdb2 failed to check filesystem do you want to repair errors. y/n? pressing y results in "there was an error in check" run fsck Hda is W2000/MDK 10.2 dualboot was working fine. Added hdb and used MCC to partition into 3 partitions-FAT32, ext2 and ext3. The FAT 32 was for shared audio files, etc. The ext2 and ext 3 was for experimentation. I noticed in the past that MCC partition usually notifies that the part table is going to be written to hdX, but this time didn't. It said you will have to reboot for changes to take effect. When I rebooted, I got the above. This was bound to happen from experimentation. I have pulled out hdb, but am still getting these errors. I have not fsck'ed before. Why is this affecting hda which checks out OK? Any help out there? Thanks

Have read the docs at squid, sourceforge and DG, but they don't reflect what I have in my configuration files. I have not altered these files since installing them. For example, squid is not installed into /usr as indicated by docs. Also, squid must be altered to allow users by uncommenting, but my file has everything commented/uncommented differently than I am used to so it (docs) are of no value. Is this peculiar to MDK? Any help out there? Thanks

Thanks, You are correct, the file returned to normal status after a reboot. Please suggest a good port scanner to let me know if my firewall and security settings are safe. Tried Shields Up. This indicates that packets were ignored, but ping requests were answered. I don't think I want this, do I? Thanks

Using MDk10.2 Tried to ignore ping requests by setting contents of file - /proc/sys/net/ipv4/icmp_echo_ignore_requests from 0 to 1. (this is all that's in the file) In the process of writing to the file, it got changed to an executable (green in console) How do I change it back? Have tried to CHMOD, delete as root, then replace with identical file from another MDK 10.2 PC. Won't allow. What happened? Thanks

Have enabled ACPI in MCC boot configuration , but no luck. Also removed and reinstalled ACPI package. Also, ACPI will not start in MCC services. Also 'start on boot' is ticked. Have not tried security setting, yet. Will try soon. Thanks

Dual boot W2k / MDK 10.2 . Am able to completely power off Compaq from W2k and also from MDK 10.2 console using 'shutdown -h now' as root, but PC only shuts down but not power off from logoff in MDK 10.2 GUI as user. Have tried different settings in MCC boot and KDE login mgr. option is modified with "acpi=ht" but doesn't work . Have read tons of posts on this but no help. Any help appreciated Thanks

Only message in MCC software manager as mentioned above is : Sorry, following package can't be selected: OpenOffice-1.1.4-7mdk Will try an install from console and check any errors. Was able to reinstall OO by luck. Removed an kdeOO lib package, then was able to proceed with OO install. Error message for urpmi kde-kghostview in console is "cannot install because they depend on packages older than the ones installed" (probably due to updating). Thanks

That would make sense except OO and Kghostview are not listed as installed apps. Only listed as Installable, but when I try I get the error. I think urpmi expects certain deps to EITHER be there or NOT be there and if my removal of gs only partially removed OO, the installer is freaking out when it sees a dep there that's NOT supposed to be. What do you think?