View this page in English

Censornet - internet filtering on your terms

BECTA Accredited products VMWare Certified Virtual Appliance Members of the Internet Watch Foundation Shortlisted for the BETT 2008 Awards Computer Security Awards finalist
Chat online now or call +44 (0) 845 230 9590 for help & advice

Search knowledge base

Product specific

Home » Knowledge base » Problems with Logmein and Inline Mode

Problems with Logmein and Inline Mode

July 18, 2011 • Customer Services       
Synopsis

Problems with Logmein and Inline Mode

Article

If you have CensorNet in inline mode and you use any of the LogMeIn clients, you'll discover it won't work out-of-the-box. The reason for this is simple - they use port 443 but pass non-https data down this port. This means that CensorNet will block it as a security measure.

To solve the problem you need to bypass the intercept that happens when in inline mode. This way none of the connections pass through censornet, and everything just works. To do this, log into the CensorNet command line as root and type the following commands:

chattr -i /etc/network/interfaces
nano /etc/network/interfaces

This opens the networking script that is run when the machine boots. Scroll down to the lines that start pre-up /sbin/ebtables and pre-up /sbin/iptables (they also both end in --redirect-target ACCEPT) and insert some new lines above them.

Now add the following to the blank space you've just created. This will add firewall rules to allow the LogMeIn? client to connect:

        # Only add these two lines if they don't already exist
        pre-up /sbin/iptables -t nat -F
        pre-up /sbin/ebtables -t broute -F
        ######################################################

        pre-up /sbin/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination 74.201.74.0/24 -j ACCEPT
        pre-up /sbin/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination 216.52.233.0/24 -j ACCEPT
        pre-up /sbin/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination 69.25.20.0/24 -j ACCEPT
        pre-up /sbin/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination 64.94.18.0/24 -j ACCEPT
        pre-up /sbin/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination 77.242.192.0/24 -j ACCEPT
        pre-up /sbin/ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination 212.118.234.0/24 -j ACCEPT

        pre-up /sbin/iptables -t nat -A PREROUTING -d 74.201.74.0/24 -j ACCEPT
        pre-up /sbin/iptables -t nat -A PREROUTING -d 216.52.233.0/24 -j ACCEPT
        pre-up /sbin/iptables -t nat -A PREROUTING -d 69.25.20.0/24 -j ACCEPT
        pre-up /sbin/iptables -t nat -A PREROUTING -d 64.94.18.0/24 -j ACCEPT
        pre-up /sbin/iptables -t nat -A PREROUTING -d 77.242.192.0/24 -j ACCEPT
        pre-up /sbin/iptables -t nat -A PREROUTING -d 212.118.234.0/24 -j ACCEPT

Now save this file by doing <ctrl-o> and exit <ctrl-x>. Then lock the file to avoid it being changed, by typing the following command:

chattr +i /etc/network/interfaces

You should now restart the network interface. This will prevent users browsing the web whilst it is restarting

ifconfig br0; ifup br0

Note: It may take 30-60 seconds for the network interface to restart. If you are logged in via Putty you will most likely be disconnected.

Related articles


Last modified on Mon, July 18, 2011 « Back