Ubuntu Networking :: OpenDNS Web Filtering Won't Work?
Jun 9, 2011
I am trying to block unappropriated sites on my ubuntu 11.04 with openDNS I installed it and in addithion to the catagoriegs I checked I also added some sites to the always block list, everything according to the site should work. But the problem is that nothing is blocked (also the sites in the always block list). I cleared the browsers cache but it didn't help when i try to clear the local cache with the provided command in their site I think it says it ignored my network.
About firefox,I want to block images only on facebook automatically so I added [URL] to the always block list in the images category and it should work but it just won't block the images. I should note that I use the same method on chrome and there it work like a charm. how to get that working on firefox?
So I'm going to try out opendns as an internet filter. But I'm not doing it on a network/router, just on my local machine. Using ubuntu, I read that I need to select each connection and change the dns settings.Is there a way to generically add the dns settings so that if I connect to a new network I don't have to manually update it's settings?
I've started using OpenDNS on my network, the problem is, my router gets an dynamic IP, which means I have to regularly update the OpenDNS settings.
DDClient apparently supports OpenDNS, but the Ubuntu package for it asks for various details I don't know, and can't find. I'd rather not have to boot up a Windows computer just for this.
So I've got two questions, I guess - first is, are any of the Windows clients known to work under Wine (that can retrieve the IP from the router and forward it), and the second being, how exactly do you set up DDClient to use OpenDNS?
I am having trouble setting up FamilyShield on an Ubuntu 8.04 system. The setup instructions on this (opendns.com) site are for newer versions of Ubuntu. Network Manager settings are different in 8.04 and don't correspond to the instructions. However, given the age of this computer, it cannot run a newer version of Ubuntu, and 8.04 is an LTS supported until 2011,
Complicating matters is I am living as a guest, so do not have the option of setting FamilyShield on the router. It must be done on my computer.
Here's what I've tried: System->Administration->Network
go to DNS Tab and add the FamilyShield DNS numbers. BTW, there are two DNS numbers from the internet owner's ISP (Roadrunner) automatically in here already, along with "socal.rr.com" in the Search Domains field. If I try to delete them, they reappear when I reboot. If I add FamilyShield DNS numbers here, either along with, or in place of the ones that automatically appear here, they do not take, and on next boot FamilyShield DNS numbers are gone, but "socal.rr.com" DNS and search domains reappear.
I've also tried:
Code: sudo gedit /etc/dhcp3/dhclient.com and added following line at the end:
Code: prepend domain-name-servers 208.67.222.123,208.67.220.123 When I reboot the system, I'm still using the assigned DNS numbers from "socal.rr.com".
I was able to try a newer version of Ubuntu (on a different machine) on this network, and it worked fine with the setup instructions. So this appears to be a problem specific to how Ubuntu version 8.04 handles DNS number changes.
I have an odd thing going on with DNS. I have two machine's running Ubuntu and for some reason they do not always resolved internet addresses on my Internet connection. This has gone on since the Ubuntu 8.04 when I first started using Ubuntu. Anyway, I use OpenDNS' DNS servers and I have been running perfectly.
This is what is odd. My Windows XP Machine never has the problem. It always resolves. Does Windows Possibly have some Microsoft hosted DNS server hard coded in there as a backup? Things are working fine this way so I am not looking to change. I am just a little puzzled and finally got around to asking, "Why is this".
I work at a cybercafe and i am currently plagued by users who, despite the warning not to, continue to watch porn and use p2p software on my connection. I have done some preliminary research on how to filter the web content as well as to reduce the bandwidth used by p2p software on my network. I found that a solution that has worked for many with regard to web content control is danguardian + squid or privoxy in conjunction with a firewall like firehol or something of the sort. Others use an os like untangle or clear os and install it on a stand alone server. then others use open dns. although i would like the open dns solution, i will need to install a dns client, ddclient and i am a linux newbie so and ddclient requires some compiling or so, and i'm not yet into that. I am also currently not in the mood to dabble into untangle or clear os bcos it will cost me a lot do download the iso's. Internet access is costly over here.
Before i go ahead to implement the steps in any of the tutorials i have seen, i am wondering if such a measure will even help at all.You see, at my cafe, i use my server to share the connection to all my clients. I connect to the internet using a gsm modem. then i have two nic's. nic1 is set to share my connection and my router connects to that nic1. nic2 connects to my router using a static ip to enable communicate with my clients. If i implement something like dansguardian on my server, will it solve the problem for me, that is, do i have to also re-implement the steps i took to configure dansguardian on all the other pc's, that is, my clients?
I pay for wifi usage. The access points are using mac address filtering. I know this because I can spoof the mac of another computer of mine and get it online. I'd like to get both the computer's online. I've been trying to do ip masquerading. It hasn't been working so far. I am not sure if the computer connected to mine through a cross over cable is revealing its mac address to the access points when communicating. If so, how does one get around this? ping shows connectivity between the two computers.
I have a question regarding the use of iptables as sort of a firewall I suppose? Using a linux router which has a server machine connected to it. The router is also acting as a PPTP VPN server, which I would like to allow some friends to connect to so that they can VPN to my LAN.
The question I have is how I might be able to use iptables to apply restrictions to the VPN traffic to only access 1 IP? The server is on the LAN with an IP of lets say 192.168.1.25, and the VPN given IP range is 192.168.1.51-55. The router has the .1 IP, but the PPTP server on that router uses an IP of 192.168.1.50. How might I restrict the traffic from the VPN connections to only be able to access the .25 server, and possibly only on certain ports? I don't want to allow the VPN connections full access to everything on the LAN and especially not to WAN.
I am manually capturing and injecting Ethernet traffic (using lib_net/lib_pcap libraries) for an application. At the moment , both capturing and injecting are done on the same physical interface (e.g. eth0). The problem is that all the traffic that I inject, are captured again by my application causing an unwanted feedback of injected traffic. This caused that I had to implement traffic filtering when capturing traffic, which is consuming resources and eventually will become too complicated to support.
I have tried using virtual interfaces to separate the capturing and injecting streams, but that also presented the same problem as all the traffic from eth0 is forwarded to both eth0:1 and eth0:2. If possible I would like both streams to go through 1 physical device, using more PDs will be the last resort. I am also looking at using TUN/TAP devices to try and separate the two streams, maybe writing a user-space program that lies between the physical device and the TUN/TAP devices to do the routing of traffic.
My network is: ISP --> SonicWALL--> Proxy --> LAN Currently Sonicwall is running VPN, DHCP, port forwarding etc.. in a range of 10.0.0.0/24 and I have tried to configure Squid Proxy for content filtering (using squid 3 Transparent mode on Fedora 10 and Iptables). Now I need to implement the proxy over my network without changing the SonicWALL current settings (VPN, Port forwarding and DHCP).
I'm trying to shape bandwidth using HTB method and filtering classes with destination mac address. for this I've found two codes but none of them seem to filter bandwidth as i want (test with iperf)
code 1 Code: tc qdisc add dev eth0 root handle 1: htb tc class add dev eth0 parent 1: classid 1:1 htb rate 1000kbit ceil 1000kbit tc filter add dev eth0 parent 1: protocol ip prio 3 u32 match u16 0x0800 0xFFFF at -2 match u16 0xM4M5 0xFFFF code....
is this possible on 2 Linux boxes will act as a INTERNET Firewall + Filtering: 1st PC = CENTOS 5.5 functions as a firewall using iptables with two NICS 1=ETH0 connected to internet with a public ip and 1=ETH1 with ip address of 10.0.0.1 connected to the 2nd PC Centos 5.5 with squid/dansguardian with ip address of 10.0.0.2
2nd PC = Centos 5.5 functions as a squid + dansguardian internet filtering with 2 NICS 1=ETH0 with ip address of 10.0.0.2 connected to the ETH1 of the 1st PC with ip address of 10.0.0.1 and 2nd ETH1=connected to LAN (172.16.1.0/24)
does this make sense? this might be confusing but I just want to try this, to protect incoming ssh from our previous Sys admins who intended to enter the LAN 172.16.1.0/24 network. And also to confuse them that they have to pass through 10.0.0.1 - 2.
Anyway, my internet has been working fine until recently (last week or so). For most sites, Firefox will load the page quickly. However, every once in a while, but frequently enough to annoying, it will say "loading" for 10 seconds, then direct me to OpenDNS, which says the page cannot load. When I try it again, I get the same problem. Other sites are fine.
Then, when I quit Firefox and restart it, that site will work fine, but soon enough, another site stops loading properly.
For example, Google will work fine for awhile, then I'll get the error, but after restarting, Google will be fine again, but now Wikipedia, which loaded before, gets the error. And the cycle continues on yet another website...
I haven't changed any Internet or network settings recently. I'm on Ubuntu 10.04.
So for ive changed the dns on my home router to Opendns and ive added this What does a dns attack look like? how would i know is my dns was poisoned or if i was under a kaminsky style attack?
I did a recursive search using grep in a list of files for lines containing a specific word. It brought everything up ok but now I need to filter it out and print the results to a file with
* Path Name * A section of the line
The path ends in a colon and after it could be any number of words, spaces, and punctuation which the one phrase I need being somewhere in there - I need the phrase to be filtered out and merged with the path like this
"path/to/file: phrase"
I'm guessing awk is the best way to do this but I don't know anything at all about awk except it specializes in filtering.
I've followed the Host Based Authentication Part from this page: [URL]...I cannot get it to work. When I delete the 'ldap' from the shadow line in /etc/nsswitch.com all my ldap users cannot login. Yes I've uploaded the ldapns.schema, activated hostObject and added the machine name to the host attribute to my test ldap users. I get this error from /etc/auth.log: sshd[3979]: pam_ldap: ldap_initialize Bad parameter to an ldap routine
I have a dell inspiron 600m with xubuntu 10.10 installed, I have it for a kids computer so I installed web content filtering (dansgaurdian) and I installed simple module for admin. dansgaurdian's control files (libdansgaurdian-perl) I instilled both from the USC. But I can't find where I can ajust the settings and on the web dansG is not filtering. how to find the gui part of it?
I'm wanting to use mac filtering to restrict access to certain machines. I already know that I can just add MACs line by line, but is there a way to specify a list of MACs? That way it would be much simpler to maintain a list of acceptable/unacceptable hosts.
I'm not going to rely only on this list because of spoofing, but it would be nice as another "layer" of protection.
Let's say I have a few hosts on the same subnet, and they are all connected to a central Linux box running a filtering bridge. If I tightly control the communications between the hosts using the filtering bridge, is this just as good as seperating hosts into different subnets (e.g. DMZ and Internal) ?
how to set up a simple rule on the server side so emails with a certain subject just go into that user's .Trash. Right now my users will get roughly 25,000 of the same email from our corporate offices and it is destroying their email clients. I believe the mail setup is postfix and courier with virtual users. I tried googling this up but I couldn't find much current or ubuntu-specific information.
I'm in charge of a church computer lab which is open to children ages 6 to 16 for about 3 hours a week. We try to have adult supervision but don't have 100% coverage.
The lab has a maximum of 8 computers, a mixture of MACs, Windows XP, and Linux machines, depending on their state of repair.
The church's current internet connection is Verizon residential speed DSL to a 4 port wired plus wireless router in a locked office which also houses our Windows XP office computer and is adjacent to our locked pastor's office.
Internet access for the lab is by a single CAT5 cable passing through a small hole in a wall to a network switch on the other side. All of the lab computers are connected to the switch by CAT5 cable.
I would like to add a server in the locked office to log internet usage and block access to certain websites as needed. I think logging internet activity will be a good antidote in case one of the older ones wants to try to get sneaky and cover their tracks.
I envision building a computer from donated parts, including 2 NICs.
I have never done things from the server end, but think the server edition of Ubuntu would be a good starting point.
My goal is to be able to manage internet access with an easy to use GUI system so I could teach the basics to a couple of youth leaders to use it when I'm not there.
I've been trying without success for the past couple of weeks to setup a filtering system for my little sister's netbook. The main problem I've been running into is inconsistency. First, I tried using dyndns per the instructions here: [URL] The problem with this is the DNS settings (and in turn the filtering settings) dont appear to 'stick' once the Netbook touches a different network. So if I sign onto a different wireless network than the one I used to set up the filtering, it stops working. The reason why is Ubuntu will overwrite the current DNS settings with those of the new network (I have no idea why, and am too frustrated to figure out).
Also, I noticed that even if the settings did stick, they're fairly easy to disable because all she has to do is stumble across the DNS settings, change them back and voila. I've had great success with OpenDNS on Windows boxes, but there doesn't seem a to be a feasible way to apply it to Ubuntu. Dansguardian looks like it may be worth a shot, but I've seen dozens of "simple" configuration guides, none of which that actually looked simple. So my question is this, what is the easiest, most bulletproof way to setup web filtering 10.4? Preferably something that a 12 year-old could easier find her way around.
I have several CS servers running on ubuntu server, and sometimes someone is trying to brute server's RCON password with the program called HLBrute. I've found the following rules to prevent such hack attacks, but they don't work What can be wrong in these rules?
