On Tue, Mar 19, 2019 at 8:36 PM Michael Christopher Robinson < [email protected]> wrote:
> > Why are you using wireless on a server? > Because this server is a gateway/content filter for my lan out to the > Internet. I'm looking at reconfiguring the Spectrum Sagemcom wireless > router and adding another wired network port to the debian box, but I'd > prefer to turn the Sagemcom in as I don't particularly like it and I > may be dumping Spectrum because $70/month is a lot of money. Spectrum > doesn't offer content filtering and what they do offer requires > Microsoft Windows. Useless if you have a smartphone, computer, or > tablet that doesn't run Windows. There is a URL list in the Sagemcom, > but that is highly ineffective and not realistic if you need real > content filtering. I'm running e2guardian which is supported on 64 > bit AMD computers running Debian Stretch... my Pi 3 won't run > e2guardian. Wireless is needed by Android smartphones and a lot of > tablets that cannot make wired connections. > > > > 7 port USB2 hub not detecting at all. > It says made in China where I wasn't aware that USB 2.0 hubs require > special drivers in Linux. Doesn't even show up when I do lsusb. I > figure a powered hub that isn't made of metal will not block wifi > signals and it's powered so maybe the wifi signal will be stronger, > important if you are trying to create a hotspot. > They don't require a special driver. Something else is wrong. > > > The iptables rules are not loading at all at boot. > /etc/iptables/rules.v4 ... Is this the wrong place for that file? > Without masquerading in the nat table, there is no access at all > to the Internet for lan clients. Maybe I need squid, transparent > proxying, and no masquerading. > I don't use debian for routing anymore, so I'm useless here. I can, however, recite from memory the iptables rule for Masquerading: iptables -t nat -I POSTROUTING -o $WANIF -j MASQUERADE Where $WANIF is your wan interface (or whatever the outbound interface you want the network address translation to occur on, typically your WAN). > > > > isc-dhcp-server has to be restarted after wireless card brought up. > Because the driver for it taints the kernel, there are potential issues > with getting the wireless card up at all at boot time. Without dhcp, > you can't get an ip address on a smartphone/tablet trying to connect > via wifi. > Clients will normally renew a lease about half way through the lease time. Requesting a lease renewal is something the client is in charge of. > > > > Stuck plugging into server case front panel USB ports Linksys > > > wireless adapter which blocks the wifi signal because the case is > > > metal. > Because the USB hub doesn't work, this is a significant issue. See > above. > There are such things as USB extension cables. They can be up to 15 feet (or 5 meters), or longer if there is an active component to repeat the USB signal. > > > > Yubikey not set up. > I have a blue Yubikey security key that I want to require the presence > of if you want to log in as root and I want to disable ssh to root and > entering a mere password to get root. I'm hoping to implement a policy > of no access to root without the physical key. If you want to be root, > plug in and tap the Yubikey. > It sounds like you have one of the FIDO U2F yubikeys. I have no idea how to set that up. It would probably involve PAM (pluggable authentication modules). Maybe this would help: https://github.com/Yubico/yubico-pam ... no promises. > > > > No https proxy using sslbump. Though I am configuring lan clients > > > to use a local dns server which forwards from opendns, this may be > > > sufficient for filtering purposes. > OpenDNS is a service that supports answering dns requests based on > content type and filtering settings. If a site provides say bad > content, you get an IP pointing to a server that says bad content is > denied. > > > > > Wireless not filtered by squid proxy unless clients explicitly go > > > to the proxy. > This means clients can defeat having e2guardian filter them. Why set > up a content filter if people who are supposed to be going through it > can get around it? > > > > No transparent proxying. It has been a long time since I last set > > > this up where I'm concerned that e2guardian will block sites it > > > shouldn't and that there will be no administrative way around that. > Too bad I can't set up a web site on the server where an admin can log > in and type in URLS explicitly that are exceptional or that need to be > blocked. Even nicer, allow per user lists of explicitly allowed and > explicitly denied URLS. > I'm philosophically opposed to content filtering, and therefore not practiced in doing it and of no practical help, but also, if I did, I wouldn't tell you. > > > > Wireless hotspot is too weak and/or dhcp timing out in 2 hours. > My Linksys wireless N usb card requires third part driver that taints > the kernel. I either need a wireless access point that takes a wired > ethernet connection and another ethernet port on the server... Or, I > need a usb wireless card with high gain antenna that Debian Stretch > Linux supports natively. > > I need wifi so Android smartphones and tablets can go online. > > An option is to use my Raspberry pi 3 as a wireless hotspot, > but the wireless built in to the Pi 3 doesn't have a good antenna, > a major design flaw IMHO. > > Concerning the two hour timeout, that is the lease time for dhcp > leases. There should be a brief disruption as your lease is renewed > and your ip address changes, but not a long one. Should I increase the > lease time? > > michael@filter:~$ lsusb > Bus 009 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub > Bus 004 Device 003: ID 13b1:003f Linksys WUSB6300 802.11a/b/g/n/ac > Wireless Adapter [Realtek RTL8812AU] > Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub > Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub > Bus 007 Device 002: ID 1050:0120 Yubico.com Yubikey Touch U2F Security > Key > Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub > Bus 002 Device 002: ID 0b95:7720 ASIX Electronics Corp. AX88772 > Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub > Bus 006 Device 002: ID 046d:c52b Logitech, Inc. Unifying Receiver > Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub > Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub > Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub > Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub > michael@filter:~$ > > The Chinese 7 port USB 2 hub is plugged in, but it isn't showing. > Are you trying to use the USB wifi radio as an access point or a station? USB radios traditionally make lousy access points. I'd recommend finding a regular wifi router. You can configure them to work as a dumb AP (e.g. by turning their DHCP server off, setting a compatible static IP on the LAN network, connecting to them via the LAN port (putting a piece of tape over the WAN port to reduce confusion sometimes helps). > > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
