Hallo,
ich want to setup a router with raspi3 for my kids. Is it possible that here some of the specialists can check if the web filter modules can be build for arm?
I’ve got ns running on my raspi 3. Now I want to install hostapd for the wifi and next step would be the web filter…
with warm regards from cold Leipzig
Denis
Hallo ,
during the meantime I’ve got working hostapd and I’m able to connect with raspi which is the accesspoint for wifi now.
to get running from source hostapd I followed this small howto:
[link] http://jasonmaur.com/hostapd-centos-6/ [/link]
I need to check the hostapd.service file, at the moment I’m starting the service with an old init script.
To start via systemd I get an error message from systemd: Failed to execute operation: Bad message
Now I will check if I can configure a webfilter manually…
Denis
okay I build it by myself
now I have an NS7 accesspoint on Raspi3 
Hallo,
so I’m running in problems with squid:
Error is : The ssl_crtd helpers are crashing too rapidly, need help!
How can I fix that? I did’t found any solution for that problem.
Look for errors in /var/log/squid/cache.log.
As a workaround, select Transparent in the Proxy configuration page.
Hallo Filipo,
thanks for your hint. When I’m select Transparent then squid is working but no content filter…
I found following error in cache.log:
(ssl_crtd): Uninitialized SSL certificate database directory: /var/lib/ssl_db. To initialize, run “ssl_crtd -c -s /var/lib/ssl_db”.
and I checked that the directory /var/lib/ssl_db does not exists…
But I’m not so deep in that stuff, it seem that problem has something to do with ssl certificates for squid.
okay i managed it:
/usr/lib/squid/ssl_crtd -c -s /var/lib/ssl_db
chown -R squid.squid /var/lib/ssl_db
but the filter doesn’t working …
Hallo,
a short /etc/init.t/ufdb testconfig
shows the reason of the problem:
FATAL ERROR: line 293: "aggressive" is a keyword and must be surrounded by quotes in configuration file /etc/ufdbguard/ufdbGuard.conf *****
I’m using blacklist from shalla …
Workaround is disable filter categery aggressive or hack the template file for ufdbGuard.conf in that way that all categories in ACL are in double quotes.
acl {
default {
pass !security !in-addr !files !builtin !"aggressive" !alcohol !banking !costtraps !dating !drugs !gamble !insuran
ce !lingerie !porn !redirector !socialnet !spyware !violence !warez !weapons all
redirect http://192.168.179.1/cgi-bin/nethserver-block.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&target
group=%t&url=%u
}
}
After chnging !aggressive in !“aggressive” all is working fine. Maybe it helps for Nethserver development.
regards from Leipzig
Denis
it’s so pity: after putting the raspi in the new housing I cracked the SD card .
Today morning I was surprised that the raspi won’t start. I checked all parts and the reason was clear 
Now I can start again from beginning because yesterday I didn’t made a backup…
This command is automatically run when you save the configuration, see /etc/e-smith/events/actions/nethserver-squid-conf.
The problem is that the ARM squid package has a different path:
Luckily, the nethserver-squid-conf is the only place where ssl_crtd is called, we may have a fix trying both path.
I’ll create a pull request, it may be accepted.
My mistake, I fixed the double quotes issue only partially.
PR: Fix quotes in profiles categories names. NethServer/dev#5171 by filippocarletti · Pull Request #9 · NethServer/nethserver-squidguard · GitHub
Thank you very much for your findings, really helpful.
@denis.robel, may I ask you a favor when you’ll have your RPI online again?
Instead of running /usr/lib/squid/ssl_crtd to create the cert dir, modify /etc/squid/squid.conf where it says:
https_port 3130 intercept ssl-bump generate-host-certificates=on ...
with
https_port 3130 intercept ssl-bump generate-host-certificates=off ...
I’ve tested it on Intel x86 and it seems to work, even if squid manual says the opposite (but someone has filed a documentation bug).
Okay I’ve got a new SD-Card and I’ll try it again.
Before I’m compiling hostapd from source: is there a RPM for Centos7 with systemd startup script available? The same is necessary for ufdbguard
I would be more consistent to start hostapd and ufdbguard via systemd instead of old init scripts.
Can somebody provide me the systemd unit scripts or assist me to create the scripts.
Main problem is to define the start dependencies for the services…
Because I know that my project will working I’m writing a documentation parallel to my installation so that the doc team can use it for a Howto.
with warm regards
Denis
hostapd comes from epel repo, so you should simply type:
yum install hostpad
unless epel for arm still doesn’t contain the rpm. We may signal hostapd maintainer.
I’ll try to rebuild my RPI after we release NethServer 7 final.
Regarding ufdbguard, we could ask to the author (Marcus), but I’m not sure he wants to maintain one more package.
You should be able to build from the srpm, I can help.
There is a src rpm available for Centos7
wget -c https://www.urlfilterdb.com/files/downloads/ufdbGuard-1.32.4.src.rpmbut there is an old init script used not a systemd service. I was able to compile the src rpm that’s no problem.
But as i know in Centos 7 systemd is the new standard…
For hostapd will check if I can compile from src rpm…
Don’t worry about systemd, it can handle old sysv initscripts.
I agree with you that a systemd unit file would be better, we could probably build one as a future improvement.
I know that systemd can handle sysv init scripts …
But I’m a German and all things should be in a clear structure 
well I’m edited /etc/e-smith/templates/etc/squid/squid.conf/40ports as you suggested and now it’s working well.
okay here I’m again with my documentation to setup a nethserver 7 based router with raspi3:
http://wiki.nethserver.org/doku.php?id=ns_raspi2
ON FIRST BOOT CHANGE ROOT PASSWORD!!!
yum install mc
mcedit /boot/config.txt
systemctl reboot
yum -y update
yum clean all
new nsswitch.conf is created as nsswitch.conf.rpmnew
cp /etc/nsswitch.conf.rpmnew /etc/nsswitch.conf
yum localinstall http://mirror.framassa.org/nethserver-arm/nethserver-release-7arm.rpm
nethserver-install
yum groupinstall "Development Tools"
yum install nethserver-devtools
curl --location https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm/brcmfmac43430-sdio.bin > /usr/lib/firmware/brcm/brcmfmac43430-sdio.bin
curl --location https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm/brcmfmac43430-sdio.txt > /usr/lib/firmware/brcm/brcmfmac43430-sdio.txt
systemctl reboot
yum install libnl3-devel
yum install openssl-devel
download hostapd-src from epl
wget -c http://dl.fedoraproject.org/pub/epel/7/SRPMS/h/hostapd-2.4-3.el7.src.rpm
rpmbuild --rebuild hostapd-2.4-3.el7.src.rpm
yum install /root/rpmbuild/RPMS/armv7hl/hostapd-2.4-3.el7.centos.armv7hl.rpm
edit /etc/hostapd/hostapd.conf
########################################################################################################### begin hostapd.conf
#
# This will give you a minimal, insecure wireless network.
#
# DO NOT BE SATISFIED WITH THAT!!!
#
# A complete, well commented example configuration file is
# available here:
#
# /usr/share/doc/hostapd/hostapd.conf
#
# For more information, look here:
#
# http://wireless.kernel.org/en/users/Documentation/hostapd
#
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
# Some usable default settings...
macaddr_acl=0 # macaddr_acl will be managed from dhcp ...
auth_algs=1
ignore_broadcast_ssid=0
# Uncomment these for base WPA & WPA2 support with a pre-shared key
wpa=3
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
# DO NOT FORGET TO SET A WPA PASSPHRASE!!
wpa_passphrase=YOURSECRETPASSWORD
# Most modern wireless drivers in the kernel need driver=nl80211
driver=nl80211
# Customize these for your local configuration...
interface=wlan0
hw_mode=g
channel=1
ssid=YOURSSID
########################################################################################################## end hostapd.conf enable hotapd.service:
systemctl enable hostapd.service
systemctl start hostapd
now you should see your wifi but you wont get an IP address because dhcp is not ready yet
download src rpms:
wget -c http://mirrorlist.nethserver.org/nethserver/7.3.1611/base/Source/SPackages/nethserver-squid-1.5.0-1.ns7.src.rpm
wget -c http://mirrorlist.nethserver.org/nethserver/7.3.1611/base/Source/SPackages/nethserver-squidguard-1.6.0-1.ns7.src.rpm
wget -c https://www.urlfilterdb.com/files/downloads/ufdbGuard-1.32.4.src.rpm
nethserver-squid:
rpmbuild --rebuild nethserver-squid-1.5.0-1.ns7.src.rpm
yum install /root/rpmbuild/RPMS/noarch/nethserver-squid-1.5.0-1.el7.centos.noarch.rpm
ufdbguard:
yum install bzip2-devel
create user ufdb - without htis user the RPM will not be packed - why???
useradd -r ufdb -d /var/ufdbguard -M -s /sbin/nologin
rpmbuild --rebuild ufdbGuard-1.32.4.src.rpm
yum install /root/rpmbuild/RPMS/armv7hl/ufdbGuard-1.32.4-CentOS7.armv7hl.rpm
nethserver-squidguard:
rpmbuild --rebuild nethserver-squidguard-1.6.0-1.ns7.src.rpm
yum install /root/rpmbuild/RPMS/noarch/nethserver-squidguard-1.6.0-1.el7.centos.noarch.rpm
9.login to nethserver web surface
set wlan0 to green network
set eth0 to red network
configure dhcp for wlan0
configure web-proxy
configure web-contenfilter
okay I tested a little bit the filter:
ufdbguard does not working correctly. I’m using shalla as blacklist and no listed domain will be blocked.
There must be a problem deeper inside. I’ll investigate it later…
Wow I love your work and I’d like to involve also the @arm_team in this discussion!