geoip설치

#설치환경

- CentOS 6.2 x64bit

- xtables-addons는 CentOS 5.x에서는 지원이 안되었으나 CentOS 6.0부터 지원됩니다. 5.x에서는 여러가지 설정을 해야지만 가능하다네요

- iptables : 1.4.7

- kernel : 2.6.32-220.2.1.el6.x86_64

 

 

 

1. 기본 설정

selinux를 disabled 로 설정

[root@localhost ~]# vi /etc/sysconfig/selinux

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted

 

 

 

2. 기본 라이브러리 설치

[root@localhost ~]# yum install gcc gcc-c++ make automake unzip zip xz kernel-devel-`uname -r` iptables-devel

 

 

 

 

 

3. perl-Text-CSV_XS 패키지 설치를 위해서 rpmforge에 리스트를 추가한 후 설치한다.

[root@localhost ~]# rpm -i http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
[root@localhost ~]# yum install perl-Text-CSV_XS

# 해당파일이 사라졌을경우 http://pkgs.repoforge.org/rpmforge-release/ 에 접속하여 파일 리스트를 확인하면 된다.

# 32bit일 경우 rpm -i http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.i686.rpm

 

 

 

 

4. xtables-addons 설치 및 컴파일

 

- 정상적으로 컴파일이 되었다면

- /lib64/xtables/libxt_geoip.so 파일이 생성되어있어야 한다.

- 링크꺠졌거나 최신버전으로 설치할 경우 http://sourceforge.net/projects/xtables-addons/files/Xtables-addons/

 

 

 

 

5. geoip 모듈 셋팅!

[root@localhost ~]# cd geoip
[root@localhost ~]# ./xt_geoip_dl
--2011-12-28 14:41:52-- http://geolite.maxmind.com/download/geoip/database/GeoIPv6.csv.gz
Resolving geolite.maxmind.com... 173.193.156.32
Connecting to geolite.maxmind.com|173.193.156.32|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 413382 (404K) [application/x-gzip]
Saving to: `GeoIPv6.csv.gz'100%[==========================================================================================>] 413,382 226K/s in 1.8s
2011-12-28 14:41:54 (226 KB/s) - `GeoIPv6.csv.gz' saved [413382/413382]
--2011-12-28 14:41:54-- http://geolite.maxmind.com/download/geoip/database/GeoIPCountryCSV.zip
Reusing existing connection to geolite.maxmind.com:80.
HTTP request sent, awaiting response... 200 OK
Length: 2297688 (2.2M) [application/zip]
Saving to: `GeoIPCountryCSV.zip'
100%[==========================================================================================>] 2,297,688 796K/s in 2.8s
2011-12-28 14:41:57 (796 KB/s) - `GeoIPCountryCSV.zip' saved [2297688/2297688]
FINISHED --2011-12-28 14:41:57--
Downloaded: 2 files, 2.6M in 4.6s (574 KB/s)
Archive: GeoIPCountryCSV.zip
inflating: GeoIPCountryWhois.csv


[root@localhost ~]# ./xt_geoip_build GeoIPCountryWhois.csv
158068 entries total
0 IPv6 ranges for A1 Anonymous Proxy
109 IPv4 ranges for A1 Anonymous Proxy
0 IPv6 ranges for A2 Satellite Provider
2566 IPv4 ranges for A2 Satellite Provider
0 IPv6 ranges for AD Andorra
24 IPv4 ranges for AD Andorra
0 IPv6 ranges for AE United Arab Emirates
353 IPv4 ranges for AE United Arab Emirates
0 IPv6 ranges for AF Afghanistan
255 IPv4 ranges for AF Afghanistan
0 IPv6 ranges for AG Antigua and Barbuda
114 IPv4 ranges for AG Antigua and Barbuda
.
.
.
[root@localhost ~]#

- ls -al 명령어로 보면 2개의 파일이 생성되고 BE,LE 라는 디렉토리가 볼 수 있을것이다.

 

 

 

 

6. geoip DB를 위한 디렉토리 생성하고 BE,LE디렉토리를 복사한다.

[root@localhost geoip]# ll
drwxr-xr-x. 2 root root 16384 2011-12-28 14:42 BE
-rw-r--r--. 1 root root 2297688 2011-12-08 09:46 GeoIPCountryCSV.zip
-rw-rw-r--. 1 root root 11911204 2011-12-08 09:45 GeoIPCountryWhois.csv
-rw-r--r--. 1 root root 1498843 2011-12-09 01:34 GeoIPv6.csv
drwxr-xr-x. 2 root root 16384 2011-12-28 14:42 LE
-rw-r--r--. 1 root root 15671 2011-12-28 14:40 Makefile
-rw-r--r--. 1 root root 112 2011-06-25 07:57 Makefile.am
-rw-r--r--. 1 root root 15258 2011-06-25 18:24 Makefile.in
-rwxr-xr-x. 1 root root 3000 2011-06-25 07:57 xt_geoip_build
-rw-r--r--. 1 root root 1302 2011-06-25 07:57 xt_geoip_build.1
-rwxr-xr-x. 1 root root 278 2011-06-25 07:57 xt_geoip_dl
-rw-r--r--. 1 root root 582 2011-06-25 07:57 xt_geoip_dl.1
[root@localhost geoip]# mkdir -p /usr/share/xt_geoip
[root@localhost geoip]# cp -r {BE,LE} /usr/share/xt_geoip/
[root@localhost geoip]# ll /usr/share/xt_geoip/
i?ⓒe³? 32
drwxr-xr-x. 2 root root 16384 2011-12-28 15:11 BE
drwxr-xr-x. 2 root root 16384 2011-12-28 15:11 LE
[root@localhost geoip]#

 

 

7. 모든 준비 완료. 테스트로 중국 아이피를 막아봅니다.

[root@localhost geoip]#
[root@localhost geoip]# iptables -I INPUT -m geoip --src-cc CN -j DROP
[root@localhost geoip]#
[root@localhost geoip]# iptables -L
Chain INPUT (policy ACCEPT)
target              prot opt source            destination
DROP              all -- anywhere           anywhere          Source country: CN Chain FORWARD (policy ACCEPT)
target              prot opt source            destination Chain OUTPUT (policy ACCEPT)
target              prot opt source            destination
[root@localhost geoip]#

 

 

8. GeoIPCountryWhois.csv 해당 파일은 주기적으로 업데이트 필요합니다!



#### 트러블슈팅 ####

iptables 실행시 아래와 같은 error 발생할경우 iptables v1.4.6: Couldn't load match `geoip':/lib64/xtables/libipt_geoip.so:cannot open shared object file: No such file or directory 우선 /lib64/xtables 경로에 libipt_geoip.so 파일이있는지 확인. 만약 없으면 xtables-addons 재 컴파일을 하면 해당 파일이 다시 생성된다

 

 

 

#### 참고사이트 ####

 

Xtables-addons: http://xtables-addons.sourceforge.net/ Xtables-addons modules: http://xtables-addons.sourceforge.net/modules.php Xtables-addons man page: http://dev.medozas.de/files/xtables/xtables-addons.8.html MaxMind GeoIP: http://geolite.maxmind.com/download/geoip/database CentOS: http://www.centos.org/

 

 

출처 : http://blog.cafe24.com/2023