CollabNet Guide: Difference between revisions

← Older edit

CollabNet Guide (view source)

Revision as of 15:09, 25 April 2024

638 bytes added , 25 April

m

update e2g

VisualWikitext

MDMCK10

Bureaucrats, Check users, Interface administrators, Administrators

14

edits

Revision as of 22:25, 19 December 2023 (view source) Elijah (talk \| contribs) No edit summary ← Older edit		Latest revision as of 15:09, 25 April 2024 (view source) MDMCK10 (talk \| contribs) m (update e2g)
(11 intermediate revisions by 2 users not shown)
=== Systemd === All network configuration is done in the <code>/etc/systemd/network</code> directory. We'll start by ~~creating~~making ~~the~~sure ~~bridge~~systemd-networkd ~~itself.~~is ~~The~~enabled ~~following~~and ~~simply creates a network bridge named <code>collabnet</code>~~started. {{code\|▼ sudo systemctl enable --now systemd-networkd }}▼ Next, create the bridge. The following simply creates a network bridge named <code>collabnet</code> '''/etc/systemd/network/collabnet.netdev''' EOF</nowiki> }} Apply them: {{code\|<nowiki> sudo sysctl --system </nowiki>}} == nftables == Now, we can set up basic routing. First, install some required packages {{code\| sudo apt-get install -y nftables dnsmasq curl resolvconf }} E2Guardian can be used to implement network filtering on your VM. It supports transparent HTTP and HTTPS filtering making it ideal for a setup like CollabVM where the client can't be trusted to always use a proxy or DNS server. Here's how to set it up. === Installation === ~~You~~First ~~can~~is ~~then~~to install e2guardian:.▼ First is to install e2guardian. A small issue is that the e2guardian packages have not been updated for Debian 12 and still use OpenSSL 1.1, which was removed in Debian 12. As a workaround we can install the libssl1.1 version from Debian 11. Note that usually installing packages from another Debian version is [https://wiki.debian.org/DontBreakDebian#Don.27t_make_a_FrankenDebian a bad idea], but in this case its fine since the package has no outside dependencies. Run the following command: {{code\| wget https://e2guardian.numsys.eu/v5.5/~~e2debian_bullseye_V5~~e2debian_bookworm_V5.5.~~4r_20231113~~5_20240422.deb # IF THERE'S A NEWER VERSION AVAILABLE AT https://e2guardian.numsys.eu/, USE THAT INSTEAD▼ ~~wget http://ftp.us.debian.org/debian/pool/main/o/openssl/libssl1.1_1.1.1w-0+deb11u1_amd64.deb~~ sudo apt-get install ./~~libssl1~~e2debian_bookworm_V5.~~1_1~~5.~~1.1w-0+deb11u1_amd64~~5_20240209.deb ▲}} ▲You can then install e2guardian: ▲{{code\| ▲wget https://e2guardian.numsys.eu/v5.5/e2debian_bullseye_V5.5.4r_20231113.deb # IF THERE'S A NEWER VERSION AVAILABLE AT https://e2guardian.numsys.eu/, USE THAT INSTEAD ~~sudo apt-get install ./e2debian_bullseye_V5.5.4r_20231113.deb~~ }} Install some other dependencies: {{code\| sudo apt-get install git curl tar ~~ftp~~sed }} === Configuration === useoriginalip = on </nowiki>}} {{ombox \| type = speedy \| image = [[File:Ambox_important_red.svg\|40px]] \| text = If your router VM has 4GB of RAM or less, set the <code>httpworkers</code> option to <code>300</code> to avoid out-of-memory issues! }} Now open e2guardianf1.conf in an editor, then find and set the following values: {{code\|<nowiki> Now you can download the collabnet filter lists: {{code\| cd /etc/e2guardian/lists git clone --depth 1 https://git.computernewb.com/collabvm/e2guardian.git group1 }} }} ==== Updating the filter lists ==== To enable automatic updates of the filter lists, run <code>sudo crontab -e</code> and add the following to the bottom of the file: ~~Every once in a while, you'll want to update the filter lists with this command:~~ {{code\| #0 cd* * * * /etc/e2guardian/lists/group1/getall.sh >/dev/null 2>&1▼ ~~$ sudo -i~~ ▲# cd /etc/e2guardian/lists/group1 ~~# git pull~~ ~~# ./getall.sh~~ }} This will check for filter list updates once an hour. === Start it up === You should now be able to start e2guardian without error using the following command: === Change the block page === You can create a custom block page by editing /usr/share/e2guardian/languages/ukenglish/template.html. For assets like images you'll need to install a webserver (usually nginx) on the router and host them that way. == Application Blocking (DNS) == Some applications could still continue to work despite being blocked by E2Guardian, to solve this, DNS blocking can be used. In this example, the application we will be blocking is AnyDesk, but this can be done to any application that relies on DNS to find what servers to communicate with. Open {{code\|inline=y\|/etc/dnsmasq.conf}} and insert the following line at the end of the file: {{code\|lang=text\|<nowiki> address=/anydesk.com/0.0.0.0</nowiki> }} After saving the file, reload dnsmasq using {{code\|inline=y\|sudo systemctl restart dnsmasq}} If everything went well, the AnyDesk client should no longer be able to connect successfully ({{code\|inline=y\|anynet_no_dns_entry}}).