This setup is used on a ECM3610 Debian machine serving as a firewall, DHCP server, and DNS server. The following assumes that you have a working installation something like this:

  • eth0 is connected to the local (192.168.0.0/24) network.
  • eth1 is connected to the internet.
  • Shorewall is installed and configured for regular firewall duty.
  • dnsmasq is installed and configured to act as DHCP and DNS server.
  • lighttpd is installed and only exposed on the local network.

Functional description.

This setup allows requests to a list of domains to be redirected to an internal web server. Use this setup to block for instance known tracking servers on the internet.

Somewhere along investigating how to do this I read, in the ArchWiki privoxy page that blocking trackers creates a unique browser signature. I have absolutely no reason to doubt this, but there were some servers that I simply did not want to talk to.

Using dnsmasq to redirect domains.

dnsmasq.conf:

If your dnsmasq is configured to listen on an interface, reconfigure it to use addresses to make stuff prettier when assigning another IP address to the interface in a little while.

listen-address=192.168.0.1
listen-address=127.0.0.1

Use files in /etc/dnsmasq.d/ as configuration files. Uncomment or add the following:

conf-dir=/etc/dnsmasq.d/

Get a list of servers to block, http://pgl.yoyo.org/adservers/serverlist.php spits out a list formatted for dnsmasq, if you ask it to. The list uses 127.0.0.1 as target, replace it with the address of a local web server if you want to inform the user that something was blocked, 192.168.0.201 in this case.

curl -s 'http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext' | sed -r 's/127.0.0.1/192.168.0.201/' > /etc/dnsmasq.d/block2local

This could be made into a cron job to update the list from time to time.

Setting up a web server to show an information page.

I have lighttpd serving some pages to the local network, so I add another IP address to eth0, and configure lighttpd to serve this address from another directory.

interfaces:

Add this:

iface eth0 inet static
    address 192.168.0.201
    netmask 255.255.255.0

lighttpd.conf:

Add this:

$SERVER["socket"] == "192.168.0.201:80" {
   server.document-root = "/var/www/blocked"
}

Add something that serves your purpose to the server.document-root directory. Simplest is something like:

index.html

<html>
<head>
<title>Server blocked.</title>
</head>
<body>
<p>This server is blocked on this network.</p>
</body>
</html>

My Acer Aspire One D250, kept going into suspend every minute or so, whenever I was not logged in to a window manager. I run Debian testing and had my first real interaction with systemd (except for systemctl).

Turns out there are some settings in /etc/systemd/logind.conf that configures some of the power management features.

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
#
# See logind.conf(5) for details

[Login]
#NAutoVTs=6
#ReserveVT=6
#KillUserProcesses=no
#KillOnlyUsers=
#KillExcludeUsers=root
#InhibitDelayMaxSec=5
HandlePowerKey=poweroff
HandleSuspendKey=ignore
HandleHibernateKey=ignore
HandleLidSwitch=ignore
#PowerKeyIgnoreInhibited=no
#SuspendKeyIgnoreInhibited=no
#HibernateKeyIgnoreInhibited=no
#LidSwitchIgnoreInhibited=yes
IdleAction=ignore
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RemoveIPC=yes

First I asked systemd to ignore everything but the power button, and as I somewhat expected this didn't do the trick. Then I set the IdleActionSec to the actual amount of second (1800), that didn't work either. In the end completely disabling idling, stopped the suspend.

IdleAction=ignore

My Acer Aspire One D250, kept going into suspend every minute or so, whenever I was not logged in to a window manager. I run Debian testing and had my first real interaction with systemd (except for systemctl).

Turns out there are some settings in /etc/systemd/logind.conf that configures some of the power management features.

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
#
# See logind.conf(5) for details

[Login]
#NAutoVTs=6
#ReserveVT=6
#KillUserProcesses=no
#KillOnlyUsers=
#KillExcludeUsers=root
#InhibitDelayMaxSec=5
HandlePowerKey=poweroff
HandleSuspendKey=ignore
HandleHibernateKey=ignore
HandleLidSwitch=ignore
#PowerKeyIgnoreInhibited=no
#SuspendKeyIgnoreInhibited=no
#HibernateKeyIgnoreInhibited=no
#LidSwitchIgnoreInhibited=yes
IdleAction=ignore
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RemoveIPC=yes

First I asked systemd to ignore everything but the power button, and as I somewhat expected this didn't do the trick. Then I set the IdleActionSec to the actual amount of second (1800), that didn't work either. In the end completely disabling idling, stopped the suspend.

IdleAction=ignore

Generated on 2017-03-19 22:52:04.557129