Log In | Users | Register
Welcome to Foswiki... Users, Groups
Go
Edit | Attach | New | Raw | Delete | History | Print | Tools
You are here:  Main » CensorNet » KnowledgeBase » Problems with Logmein and Inline Mode
If you have CensorNet in inline mode and you use any of the logmein clients, you'll discover it won't work out-of-the-box. The reason for this is simple - they use port 443 but pass non-https data down this port. This means that CensorNet simply discards it as nonsense.

Telling the client that there is a proxy there will fix part of this problem (ie, it sends the right headers through) but for some reason the client crashes instead. We've debugged this and found it to be an issue with the logmein client and proxy servers. This isn't much help to you, the end user, though. You simply need it to work.

So basically, what you need to do is bypass the intercept that happens when in inline mode. This way none of the connections pass through censornet, and everything just works. To do this, log into the CensorNet command line as root and run: 

chattr -i /etc/network/interfaces
nano /etc/network/interfaces

This opens the networking script that is run when the machine boots. Scroll down to the lines that start pre-up /sbin/ebtables and pre-up /sbin/iptables (they also both end in --redirect-target ACCEPT) and insert some new lines above them.

Now add the following to the blank space you've just created. This will add firewall rules to allow the logmein ip address ranges: 

        pre-up /sbin/iptables -t nat -F
        pre-up /sbin/ebtables -t broute -F
        pre-up /sbin/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination 74.201.74.0/23 -j ACCEPT
        pre-up /sbin/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination 216.52.233.0/24 -j ACCEPT
        pre-up /sbin/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination 69.25.20.0/23 -j ACCEPT
        pre-up /sbin/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination 64.94.18.0/24 -j ACCEPT
        pre-up /sbin/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination 77.242.192.0/23 -j ACCEPT

        pre-up /sbin/iptables -t nat -A PREROUTING -d 74.201.74.0/23 -j ACCEPT
        pre-up /sbin/iptables -t nat -A PREROUTING -d 216.52.233.0/24 -j ACCEPT
        pre-up /sbin/iptables -t nat -A PREROUTING -d 69.25.20.0/23 -j ACCEPT
        pre-up /sbin/iptables -t nat -A PREROUTING -d 64.94.18.0/24 -j ACCEPT
        pre-up /sbin/iptables -t nat -A PREROUTING -d 77.242.192.0/23 -j ACCEPT

Now save this file by doing <ctrl-o> and exit <ctrl-x>. Then set the file immutable and reboot thus: 

chattr +i /etc/network/interfaces
reboot

And when it comes back up, logmein will work out of the box.

-- BigMick - 01 Apr 2010

Changed by BigMick on 01 Apr 2010 - 15:07 - r1

Main

Tools
Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Foswiki? Send feedback
Syndicate this site RSSATOM