CollabNet Guide: Difference between revisions

← Older edit

CollabNet Guide (view source)

Revision as of 15:09, 25 April 2024

143 bytes removed , 25 April

m

update e2g

VisualWikitext

MDMCK10

Bureaucrats, Check users, Interface administrators, Administrators

14

edits

Revision as of 17:36, 2 January 2024 (view source) MDMCK10 (talk \| contribs) (New section: Application Blocking (DNS)) ← Older edit		Latest revision as of 15:09, 25 April 2024 (view source) MDMCK10 (talk \| contribs) m (update e2g)
(7 intermediate revisions by 2 users not shown)
=== Systemd === All network configuration is done in the <code>/etc/systemd/network</code> directory. We'll start by ~~creating~~making ~~the~~sure ~~bridge~~systemd-networkd ~~itself.~~is ~~The~~enabled ~~following~~and ~~simply creates a network bridge named <code>collabnet</code>~~started. {{code\|▼ sudo systemctl enable --now systemd-networkd }}▼ Next, create the bridge. The following simply creates a network bridge named <code>collabnet</code> '''/etc/systemd/network/collabnet.netdev''' Now, we can set up basic routing. First, install some required packages {{code\| sudo apt-get install -y nftables dnsmasq curl resolvconf }} E2Guardian can be used to implement network filtering on your VM. It supports transparent HTTP and HTTPS filtering making it ideal for a setup like CollabVM where the client can't be trusted to always use a proxy or DNS server. Here's how to set it up. === Installation === ~~You~~First ~~can~~is ~~then~~to install e2guardian:.▼ First is to install e2guardian. A small issue is that the e2guardian packages have not been updated for Debian 12 and still use OpenSSL 1.1, which was removed in Debian 12. As a workaround we can install the libssl1.1 version from Debian 11. Note that usually installing packages from another Debian version is [https://wiki.debian.org/DontBreakDebian#Don.27t_make_a_FrankenDebian a bad idea], but in this case its fine since the package has no outside dependencies. Run the following command: {{code\| wget https://e2guardian.numsys.eu/v5.5/~~e2debian_bullseye_V5~~e2debian_bookworm_V5.5.~~4r_20231113~~5_20240422.deb # IF THERE'S A NEWER VERSION AVAILABLE AT https://e2guardian.numsys.eu/, USE THAT INSTEAD▼ ~~wget http://ftp.us.debian.org/debian/pool/main/o/openssl/libssl1.1_1.1.1w-0+deb11u1_amd64.deb~~ sudo apt-get install ./~~libssl1~~e2debian_bookworm_V5.~~1_1~~5.~~1.1w-0+deb11u1_amd64~~5_20240209.deb ▲}} ▲You can then install e2guardian: ▲{{code\| ▲wget https://e2guardian.numsys.eu/v5.5/e2debian_bullseye_V5.5.4r_20231113.deb # IF THERE'S A NEWER VERSION AVAILABLE AT https://e2guardian.numsys.eu/, USE THAT INSTEAD ~~sudo apt-get install ./e2debian_bullseye_V5.5.4r_20231113.deb~~ }} Install some other dependencies: useoriginalip = on </nowiki>}} {{ombox \| type = speedy \| image = [[File:Ambox_important_red.svg\|40px]] \| text = If your router VM has 4GB of RAM or less, set the <code>httpworkers</code> option to <code>300</code> to avoid out-of-memory issues! }} Now open e2guardianf1.conf in an editor, then find and set the following values: {{code\|<nowiki> Now you can download the collabnet filter lists: {{code\| cd /etc/e2guardian/lists git clone --depth 1 https://git.computernewb.com/collabvm/e2guardian.git group1 }} }} ==== Updating the filter lists ==== To enable automatic updates of the filter lists, run <code>sudo crontab -e</code> and add the following to the bottom of the file: ~~Every once in a while, you'll want to update the filter lists with this command:~~ {{code\| #0 cd* * * * /etc/e2guardian/lists/group1/getall.sh >/dev/null 2>&1▼ ~~$ sudo -i~~ ▲# cd /etc/e2guardian/lists/group1 ~~# git pull~~ ~~# ./getall.sh~~ }} This will check for filter list updates once an hour. === Start it up === You should now be able to start e2guardian without error using the following command: