Build web filter modules for ARM

Small steps lead to big changes :slight_smile: Happy to see you jumping into the action :slight_smile:
@mark_nl will be more than happy to have you into the @arm_team

thanks to the great work of @denis.robel and @mark_nl , i’ve updated the wiki and some packages of NS7 on Raspberry…

if someone want to test it, this should be the howto to install ns7+hostapd+Proxy on rpi3 based on @denis.robel work, but in an easier way

install centos7 and nethserver as per wiki page (new one)
http://wiki.nethserver.org/doku.php?id=ns7_rasp

then configure the hostapd+proxy:

optional:
change CPU frequency to 1000 Mhz - for faster compiling
vi /boot/config.txt
systemctl reboot

  1. Enable wifi as decribed in /root/README

curl --location https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm/brcmfmac43430-sdio.bin > /usr/lib/firmware/brcm/brcmfmac43430-sdio.bin
curl --location https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm/brcmfmac43430-sdio.txt > /usr/lib/firmware/brcm/brcmfmac43430-sdio.txt

systemctl reboot

  1. Install Hostapd:

yum install hostapd
edit /etc/hostapd/hostapd.conf

########################################################################################################### begin hostapd.conf 
#
# This will give you a minimal, insecure wireless network.
# 
# DO NOT BE SATISFIED WITH THAT!!!
#
# A complete, well commented example configuration file is
# available here:
#
#       /usr/share/doc/hostapd/hostapd.conf
#
# For more information, look here:
#
#       http://wireless.kernel.org/en/users/Documentation/hostapd
#
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
# Some usable default settings...
macaddr_acl=0        # macaddr_acl will be managed from dhcp ...
auth_algs=1
ignore_broadcast_ssid=0
# Uncomment these for base WPA & WPA2 support with a pre-shared key
wpa=3
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
# DO NOT FORGET TO SET A WPA PASSPHRASE!!
wpa_passphrase=YOURSECRETPASSWORD
# Most modern wireless drivers in the kernel need driver=nl80211
driver=nl80211
# Customize these for your local configuration...
interface=wlan0
hw_mode=g
channel=1
ssid=YOURSSID
########################################################################################################## end hostapd.conf

and enable hostapd.service:
systemctl enable hostapd.service
systemctl start hostapd

now you should see your wifi but you wont get an IP address because dhcp is not ready yet

  1. install web content filter from Software Center -> Extras and Testing

  2. login to nethserver web interface

set wlan0 to green network
set eth0 to red network

configure dhcp for wlan0

configure web-proxy
configure web-contenfilter
wait one day and check Reports->Web Proxy stats

##end

if there are error/problem, please let me know…
when confirmed to work, i’ll put the howto in the wiki.
tnx

I think we need a nethserver-hostapd, but this is another thread :slight_smile:

2 Likes

Such a great improvement. Thanks for your effort man! I would like to see the spin get his own way!

Hallo,

after the last updates I have some trouble with the wlan0 device of my raspi.

After rebooting there is no ip address assigned to this device.
It seems that /etc/sysconfig/network-scrips/ifcfg-wlan0 is ignored completely.
ifconfig shows the device without ip address.

When I’m assigning an IP manually to wlan0 all is working well again.

Where is the ifcfg-wlan0 called from? Is the networkmanager playing a role in this case too?

okay I found the problem:

for hostapd the config must be a little special:

DEVICE=wlan0 BOOTPROTO=static IPADDR=192.168.179.1 NETMASK=255.255.255.0 NM_CONTROLLED=no ONBOOT=yes #TYPE=Ethernet TYPE=Wireless MODE=AP USERCTL=no

The Wifi MODE must be defined different from what will be expected (managed, auto …) MODE=AP do that trick.

Wlan0 will get an static IP and it will not configured with a wrong wifi mode and so it’s not colliding with hostapd too.

Ehi any update on this? How are your tests going?

Hallo Alessio,

until today it’s working well. But I reduced the number of threats of ufdbguard by 50%…