> Why are you using wireless on a server? Because this server is a gateway/content filter for my lan out to the Internet. I'm looking at reconfiguring the Spectrum Sagemcom wireless router and adding another wired network port to the debian box, but I'd prefer to turn the Sagemcom in as I don't particularly like it and I may be dumping Spectrum because $70/month is a lot of money. Spectrum doesn't offer content filtering and what they do offer requires Microsoft Windows. Useless if you have a smartphone, computer, or tablet that doesn't run Windows. There is a URL list in the Sagemcom, but that is highly ineffective and not realistic if you need real content filtering. I'm running e2guardian which is supported on 64 bit AMD computers running Debian Stretch... my Pi 3 won't run e2guardian. Wireless is needed by Android smartphones and a lot of tablets that cannot make wired connections.
> > 7 port USB2 hub not detecting at all. It says made in China where I wasn't aware that USB 2.0 hubs require special drivers in Linux. Doesn't even show up when I do lsusb. I figure a powered hub that isn't made of metal will not block wifi signals and it's powered so maybe the wifi signal will be stronger, important if you are trying to create a hotspot. > > The iptables rules are not loading at all at boot. /etc/iptables/rules.v4 ... Is this the wrong place for that file? Without masquerading in the nat table, there is no access at all to the Internet for lan clients. Maybe I need squid, transparent proxying, and no masquerading. > > isc-dhcp-server has to be restarted after wireless card brought up. Because the driver for it taints the kernel, there are potential issues with getting the wireless card up at all at boot time. Without dhcp, you can't get an ip address on a smartphone/tablet trying to connect via wifi. > > Stuck plugging into server case front panel USB ports Linksys > > wireless adapter which blocks the wifi signal because the case is > > metal. Because the USB hub doesn't work, this is a significant issue. See above. > > Yubikey not set up. I have a blue Yubikey security key that I want to require the presence of if you want to log in as root and I want to disable ssh to root and entering a mere password to get root. I'm hoping to implement a policy of no access to root without the physical key. If you want to be root, plug in and tap the Yubikey. > > No https proxy using sslbump. Though I am configuring lan clients > > to use a local dns server which forwards from opendns, this may be > > sufficient for filtering purposes. OpenDNS is a service that supports answering dns requests based on content type and filtering settings. If a site provides say bad content, you get an IP pointing to a server that says bad content is denied. > > Wireless not filtered by squid proxy unless clients explicitly go > > to the proxy. This means clients can defeat having e2guardian filter them. Why set up a content filter if people who are supposed to be going through it can get around it? > > No transparent proxying. It has been a long time since I last set > > this up where I'm concerned that e2guardian will block sites it > > shouldn't and that there will be no administrative way around that. Too bad I can't set up a web site on the server where an admin can log in and type in URLS explicitly that are exceptional or that need to be blocked. Even nicer, allow per user lists of explicitly allowed and explicitly denied URLS. > > Wireless hotspot is too weak and/or dhcp timing out in 2 hours. My Linksys wireless N usb card requires third part driver that taints the kernel. I either need a wireless access point that takes a wired ethernet connection and another ethernet port on the server... Or, I need a usb wireless card with high gain antenna that Debian Stretch Linux supports natively. I need wifi so Android smartphones and tablets can go online. An option is to use my Raspberry pi 3 as a wireless hotspot, but the wireless built in to the Pi 3 doesn't have a good antenna, a major design flaw IMHO. Concerning the two hour timeout, that is the lease time for dhcp leases. There should be a brief disruption as your lease is renewed and your ip address changes, but not a long one. Should I increase the lease time? michael@filter:~$ lsusb Bus 009 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 004 Device 003: ID 13b1:003f Linksys WUSB6300 802.11a/b/g/n/ac Wireless Adapter [Realtek RTL8812AU] Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 007 Device 002: ID 1050:0120 Yubico.com Yubikey Touch U2F Security Key Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 002 Device 002: ID 0b95:7720 ASIX Electronics Corp. AX88772 Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 006 Device 002: ID 046d:c52b Logitech, Inc. Unifying Receiver Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub michael@filter:~$ The Chinese 7 port USB 2 hub is plugged in, but it isn't showing. _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
