PDA

View Full Version : Moblock (peerguardian linux alternative)



Pages : [1] 2 3 4 5

pelle.k
June 9th, 2006, 03:33 AM
MoBlock and Peerguardian are both applications that enable you to block internet traffic based on large lists of ip address ranges in order to protect your privacy
http://moblock-deb.sourceforge.net/


This HOWTO is moved to:

https://help.ubuntu.com/community/MoBlock - i do not maintain it. feel free to edit as you like.

Support thread maintained by JRE, the moblock maintainer.

http://ubuntuforums.org/showthread.php?p=5016102

pinoyskull
June 15th, 2006, 12:57 PM
very nice guide, this will replace my old peerguardian installation :)

pinoyskull
June 15th, 2006, 02:36 PM
i got an issue with moblock, the moblock.log says

---
error during nfq_create_queue()
Ranges loaded: 0
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'
error during nfq_create_queue()
Ranges loaded: 0
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'
---
i've highlighted the error

jamesford
June 15th, 2006, 02:36 PM
can you tell me if this works with firestarter? last time i tried moblock and peerguardian it kept disabling my firewall

bionnaki
June 15th, 2006, 02:52 PM
is this more stable than peerguardian?

bionnaki
June 15th, 2006, 02:54 PM
how do you stop/restart moblock? how do you make exceptions for port 80?

pelle.k
June 15th, 2006, 06:28 PM
pinoyskull: Are you using breezy? If so, you should install moblock-ipq instead...
If you are running a kernel > 2.6.15, could you run 'lsmod | grep NFQUEUE'.
Run 'sudo ls /etc/moblock'. I want to see if all files are there.

jamesford: I really don't know if it works alongside firestarter. It would be really nice if you (or somebody else) would try this as i have no need for a software firewall (i'm behind a hardware firewall ATM). Let me know, and i'll update my howto.

bionnaki: MoBlock is actively developed, PG for linux is not. I would say moblock is very easy to handle, and it has a nice and clean structure. You be the judge. I chose MoBlock because almost nothing is happening to PG linux ATM.
MoBlock has a whitelist at the top of /etc/moblock/MoBlock-nfq.sh. There you can add port 80 (80 which is http is already accepted for outgoing connectiond and their counterpart replys > in.)
About restarting moblock; it's in the howto, but anyway... 'sudo /etc/init.d/moblock-nfq restart'

To all of you:
I've been thinking of writing a GUI for MoBlock using python/ruby, which would handle starting/stopping, updating blocklist, live status and letting people cancel certain ips/ports from the blocklist.
It would be a tray app of course.

jamesford
June 15th, 2006, 11:06 PM
well it doesent mess with firestarter but maybe thats cos moblock isnt blocking anything :( it doesent work.
there are no error messages in the log, appears to be running. but not blocking :(

smartalecks
June 16th, 2006, 12:17 AM
thanks for the howto m8.
looking forward to the GUI, if you make it.

is there any equivalent to PG's "pgtext" and Monitor PG?

pelle.k
June 16th, 2006, 12:50 AM
jamesford; could you 'tail -f /var/log/moblock.log' and connect to http://relay.slayradio.org:8000/ using beep-media-player or whatever? I get blocked if I do. A couple of times at least, then i get connected from a different ip.
Also, if i'm not mistaken you can do sudo '/etc/init.d/moblock-nfq status'

jamesford
June 16th, 2006, 01:09 AM
ur right, it does block it! and it also now block the other sites ive been trying (riaa.com etc)

ah now i get it, i just rebooted and hadnt started firestarter yet, and now ive started firestarter moblock blocks nothing again. so it seems that moblock eliminates firesterter and the toher way around (whichever app was last started overrules the other)

smartalecks
June 16th, 2006, 01:19 AM
jamesford; could you 'tail -f /var/log/moblock.log' and connect to http://relay.slayradio.org:8000/ using beep-media-player or whatever? I get blocked if I do. A couple of times at least, then i get connected from a different ip.
Also, if i'm not mistaken you can do sudo '/etc/init.d/moblock-nfq status'

hoped but no :(

'sudo /etc/init.d/moblock-nfq' reports as only:

moblock-nfq start
moblock-nfq stop
moblock-nfq restart
moblock-nfq force-reload

jamesford
June 16th, 2006, 01:39 AM
what does it mean when the log says skipping useless range ?
Skipping useless range: www.68737075.com
Skipping useless range: www.neededware.com
Skipping useless range: roings.com[Hijack-Spy]
Skipping useless range: www.aaathemes.com[Spy]
Skipping useless range: mymaydayinc.com[CWS]
for example

these wont be blocked ? and if so why not if they are in the bluetack blocklist?

gpogo
June 16th, 2006, 01:40 AM
I'm having a similar issue. Nothing is being blocked.
I am running Dapper Drake



ottoaim@jesse:~$ tail -f /var/log/moblock.log
Duplicated range ( ED2K Corru )
Duplicated range ( WinMx Fake )
Duplicated range ( ED2K Corrupt Data Senders )
Duplicated range ( ED2K Corru )
Duplicated range ( ED2K Virus )
Ranges loaded: 166915
Merged ranges: 187
Skipped useless ranges: 6407
NFQUEUE: binding to queue '0'
error during nfq_create_queue()


ottoaim@jesse:~$ lsmod | grep NFQUEUE
ipt_NFQUEUE 1920 0
ip_tables 23744 3 iptable_filter,ipt_NFQUEUE,ipt_state



ottoaim@jesse:~$ uname -a
Linux jesse 2.6.15-23-686 #1 SMP PREEMPT Tue May 23 14:03:07 UTC 2006 i686 GNU/Linux

if anyone has any idea I'd love to get this working

pelle.k
June 16th, 2006, 02:39 AM
jamesford; useless ranges are usually duplicate ranges.
As for moblock and firestarter not working very well together, im no iptables guru, so i would let someone who knows iptables better than me point out what to do. The startup script is (with iptable rules), is as you probably know by now, in /etc/moblock/MoBlock-nfq.sh

gpogo; can't help you there. Theres something wrong with loading the correct modules i suspect. do 'dmesg | grep nfq' and 'dmesg | grep NFQ' (case sensetive...)

dom02
June 16th, 2006, 03:53 AM
great thanx a lot! I've been looking for a linux alternative to peerguardian.

pinoyskull
June 16th, 2006, 08:28 AM
pinoyskull: Are you using breezy? If so, you should install moblock-ipq instead...
If you are running a kernel > 2.6.15, could you run 'lsmod | grep NFQUEUE'.
Run 'sudo ls /etc/moblock'. I want to see if all files are there.


1. Im running Dapper

2.
root@destiny:~# lsmod | grep NFQUEUE
ipt_NFQUEUE 1920 3
ip_tables 23744 3 iptable_filter,ipt_NFQUEUE,ipt_stat
root@destiny:~#


3. ls /etc/moblock
guarding.p2p guarding.p2p.backup MoBlock-nfq.sh


i did a reboot and found out that moblock is now working, i dont know what happened :)

smoove
June 16th, 2006, 11:40 AM
gpg --keyserver subkeys.pgp.net --recv DEDA0559
gpg --export --armor DEDA0559 | sudo apt-key add -

Hi do I just copy and paste that into sources.list? If so, Im getting erros in terminal:
"Type ‘gpg’ is not known on line 34 in source list /etc/apt/sources.list"

pinoyskull
June 16th, 2006, 12:54 PM
Hi do I just copy and paste that into sources.list? If so, Im getting erros in terminal:
"Type ‘gpg’ is not known on line 34 in source list /etc/apt/sources.list"

you have to enter that in the console like so


sudo gpg --keyserver subkeys.pgp.net --recv DEDA0559
sudo gpg --export --armor DEDA0559 | sudo apt-key add -
- the first command will pause for a bit, wait till it returns to the console then enter the 2nd one

pelle.k
June 16th, 2006, 12:59 PM
smoove; No. gpg is a command line utility. So you should run it in a terminal, not put it in sources.list. I'll make it more obvious in the howto. thanks.

gpogo; I suggest you reboot your computer and check again, as pinoyskull did :)

pinoyskull; great to hear it resolved itself...

jamesford; You know what. Today, in the name of all that is good, i'll install firestarter and take a look at what iptable rules it spits out. Maybe i can solve this moblock/firestarter issue (if it's still a problem that is...)

pinoyskull
June 16th, 2006, 01:23 PM
can moblock do a whitelisting?

smoove
June 16th, 2006, 02:40 PM
Thanks, did that, but I cant find it to start it?
Got this error on 2nd part:



gpg: WARNING: unsafe ownership on configuration file `/home/smoove/.gnupg/gpg.co nf'
gpg: external program calls are disabled due to unsafe options file permissions
gpg: keyserver communications error: general error
gpg: keyserver receive failed: general error

spockrock
June 16th, 2006, 07:02 PM
ok its working how do allow connections on a port that amsn uses so I can use msn?? a connection over port 80 keeps giving me a wrong username password error, which is not right.... but I know the deb allows port 80 connections.

jamesford
June 16th, 2006, 07:09 PM
i need the settings for permitting msn (gaim) too

EDIT:
found solution for gaim: tools > accounts >msn >modify > show more options > mark 'use http method'

spockrock
June 16th, 2006, 07:16 PM
ok got it

first


sudo gedit /etc/moblock/MoBlock-nfq.sh

then find,
WHITE_TCP_OUT="http https"

and amsn uses port 1863 so I changed it to this

WHITE_TCP_OUT="http https 1863"

then I simply did



sudo /etc/init.d/moblock-nfq restart


and I am now connected, able to send and receive messages. btw if anyone sees a problem with this plx feel free to point it out.

ok upon further investigation I found if I allow IN on 1863 I can get the full functionality such as nudges. Also this method works only if the allow over http doenst work. kept giving me a wrong username password error.

pelle.k
June 17th, 2006, 12:05 AM
smoove; You are supposed to run gpg with sudo :)
Actually, gpg is supposed to be run without (not with) sudo... sorry about this post.

pommattski
June 17th, 2006, 10:18 AM
... looks good...

With regard to restarting moblock after updating the blocklist... Is there any reason why the line, "sudo /etc/init.d/moblock-nfq restart" cannot be added to the end of the moblock-update script?

pelle.k
June 17th, 2006, 12:14 PM
pommattski; You're absolutely correct. I did not add this because i want people to decide if rebootinbg the computer would be a better choice, as i dont know if restarting moblock leaves one unprotected for a second or two... But i'll add it (commented) to the update script so people can uncoment it on their own...

pommattski
June 17th, 2006, 01:27 PM
Thanks Pelle.

On another point:
I'm using Kubuntu, and I found that I had to enter these lines WITHOUT sudo for them to work:


sudo gpg --keyserver subkeys.pgp.net --recv DEDA0559
sudo gpg --export --armor DEDA0559 | sudo apt-key add -
(Still used sudo for "apt-key add -" though.)
WITH sudo I got errors about "unsafe ownership..." - the same as described by smoove. (I also tried "kdesu" instead of sudo - no luck either)

... Otherwise, all is now working - and blocking - fine.

jamesford
June 17th, 2006, 04:57 PM
ive kinda adjusted to the firestarter conflict now and starting to feel comfortable this way, running moblock

the tail thing is great, i didnt know about it until you pointed it out. is there a good way to get the tail output on desktop instaed of in a terminal ? ive tried 2 gdeslets and the tail command in conky, but they all use 100 % cpu and are unusable.

anyone know a better way?

pelle.k
June 17th, 2006, 10:11 PM
OK fellas...
I know i've been kinda slow recently. Gonna do that GUI as soon as i get some time in front of my 'puter.
Yeah, that tail thingy is kindof neat. Since i discovered linux i've learned lots of nifty command line stuff like that. Highly recommend you get accustomized with the terminal.
Once my gui is done you will have access to live status of moblock. But right now i'm drinking some beverages (going out to meet some chicks, i suggest you do the same :) ), so that firestarter issue (and the GUI) will have to wait until sunday/monday i guess...
Have a nice 24 hours ;)

jamesford
June 17th, 2006, 11:11 PM
looking forward to the gui, hope its trayable. and if not theres always alltray of course but always nicer with native tray support imo

Mechanical
June 18th, 2006, 04:22 AM
If you make a gui to this program I will love you! I was just testing it out and like it but of course would like it to be easier to manage. Thanks for any time you put into it.

eXCeSS
June 19th, 2006, 10:56 PM
Allowing port 80 you just add it into the "http https" thing to make "http htpps 80"?

Also, please make the gui!

jamesford
June 19th, 2006, 11:48 PM
http=80

pelle.k
June 20th, 2006, 12:24 AM
Just to clarify, as jamesfors said. http is the same as port 80. You can use regular names such as ftp http https instead of port numbers, if you want to.

Also i'm working on the GUI. Nothing fancy, but it will get you by.

jamesford
June 20th, 2006, 01:38 AM
ive been playing with moblock for a while now, and using pelle's "quick'n'dirty blocklist update script", but theres also an update script inside /etc/cron.daily (well not anymore cos i deleted it) - why 2 update scripts ?

if you make a gui will we be able to pick what blocklists we want there? if so could there be a problem if i pick different blocklists than those listed in the script (which name escapes me) that is placed inside /etc/cron.daily ?

another thing, the gui, will there be a regular user part of the gui (just for viewing whats happening) and a root bit for making changes that require root privileges?
personally i think entering a password in a popup window for making changes , and running the rest of the gui without root privileges is better than adding the gui app to the sudoers file, or having to enter passowrd at bootup if gui is set to run automaticly, but thats me.

sorry for dumb questions, im just wondering how you are planning to do it as im really looking forward to this :)

eXCeSS
June 20th, 2006, 06:01 AM
Just to clarify, as jamesfors said. http is the same as port 80. You can use regular names such as ftp http https instead of port numbers, if you want to.

Also i'm working on the GUI. Nothing fancy, but it will get you by.

Sweet, what's the ETA?

pelle.k
June 20th, 2006, 01:57 PM
but theres also an update script inside /etc/cron.daily
yikes! i didn't know about that! seriously :O There is really zero reference to that one in the documentation...
Oh well. I'll take a look at it. We cant have two of them can we ;)

About the GUI... normal user privileges should be enough for starting it up and monitoring logs etc. You will be able to choose blocklists to download and use.

The ETA for a draft is hopefully within 24 hours...

jamesford
June 22nd, 2006, 12:59 PM
*waiting*
;)
:P

pelle.k
June 22nd, 2006, 05:04 PM
Sorry folks! I have the GUI running, i just need to get the update function working 100%
I'm one of those "i can't decide what DE to use" guys, so i've been rediscovering plain ubuntu and xubuntu for a few days. That's why i haven't finished it yet but i'm working on it right now acctually.
Also, i have never really used ruby nor GTK before so this is kind of new to me. :)

smartalecks
June 22nd, 2006, 05:17 PM
Sounds good pelle :). Can't wait!

jamesford
June 22nd, 2006, 09:45 PM
take your time pelle :)

(ps u wont beat germany)

pinoyskull
June 23rd, 2006, 04:58 AM
way to go pelle, take your time :)

eXCeSS
June 25th, 2006, 08:40 PM
Any updates? I'm anxious!

pelle.k
June 25th, 2006, 11:01 PM
Well i'm getting there. I think i will have a beta for ya during monday. It will be without the advanced features, because those take time to program.
I also have an idea to implement fireHOL into the gui, to make it a blocker/firewall combo gui (as firestarter isn't very nice to moblock). I don't know yet. We'll see about that.

eXCeSS
June 26th, 2006, 02:21 AM
Awesome!
Thanks a ton!

smoove
June 26th, 2006, 10:50 AM
smoove; You are supposed to run gpg with sudo :)
My wrong... i'll update the howto...


Sorry to sound like a complete n00blet, but what does that mean?

Should I just starting from the very beginning again?

smartalecks
June 26th, 2006, 02:02 PM
you have to run it as the root user, so you would use sudo.


sudo gpg --keyserver subkeys.pgp.net --recv DEDA0559
sudo gpg --export --armor DEDA0559 | sudo apt-key add -

jamesford
June 26th, 2006, 04:50 PM
sounds awesome pelle!

pelle.k
June 26th, 2006, 05:47 PM
Hi.
I have edited that post about gpg. It's actually supposed to be run >without< sudo... :P
Yes i suck!
I'll be back shortly with a draft (ugly, quick'n'dirty code, no nicely formatted classes for now) of the GUI. It does work however. Just give me like 3-4 hours.

smartalecks
June 27th, 2006, 01:24 AM
Take your time :D

pelle.k
June 27th, 2006, 04:58 AM
This is the only sane way for me to let you have the GUI right now. I have stripped it of almost everything.
It is trayable, and it shows what is blocked. nothing more nothing less. But from what i understand, thats whats most important :)

File moved to howto (first post...)

haani
June 27th, 2006, 06:04 AM
This is the only sane way for me to let you have the GUI right now. I have stripped it of almost everything, because in it's current state it's full of bugs. (or should i say, my ruby/gtk programming sucks).
It is trayable, and it shows what is blocked. nothing more nothing less. But from what i understand, thats whats most important :)

Seriously, yo mama could have done this but anyway. For now...
I've added a file as an attachment.
download it, extract it, and run the install.sh file (sudo ./install.sh). it should install the ruby script and the icon. you get no menu item, but i guess you are going to add this in you session startup anyway. run with moblock-simplegui or add it as a launcher, the icon is in /usr/share/pixmaps/moblock-gui.png. (dont laugh, i just cut'n'pasted it in 1 min...)

You'll need to "sudo apt-get install ruby libgtk2-ruby libgtk-trayicon-ruby" before you can run it.

thanks works gr8 but no too well under Xgl when i minimize it to tray and than maximize it, the program goes all wired with colours

pinoyskull
June 27th, 2006, 06:42 AM
nice simple gui, are you gonna improve on it in the future? thanks again pelle

jamesford
June 27th, 2006, 12:14 PM
well done, its a good foundation and something to build on i guess :)

my only little complaint about the gui in its current state is that there should be a way to have it start minimized (trayed)

smartalecks
June 27th, 2006, 09:36 PM
very cool pelle, same ques as everyone else I suppose: are you going to keep on with it?

It works great, I'm fine with it the way it is except that it says "Blocked out IP:s", instead of "IPs:"

I like it tho, shows that moblock is working. :)

props to you

@haani:

I have xgl too, no problems minimizing.

sakis
June 28th, 2006, 01:23 AM
Thank you very very very very much :D :D :D

manutremo
June 28th, 2006, 05:41 AM
Not very original, but... thanks for the program. It works great!

ashrack
June 28th, 2006, 10:00 AM
Just migrated from Win2k3 server to UBUNTU LINUX.
In Win2k3 I was using PEERGUARDIAN but here MOBLOCK is in effect.

My main concerne is since I'll be running this server 24/7 is with the problem of my FIRESTARTER firewall. I need it because it takes care of my INTERNET CONNECTION SHARING needs and its a very good Firewall.

Can Moblock coexist with FIrestarter firewall??

jamesford
June 28th, 2006, 01:32 PM
ashrack, in my experience moblock and firestarter cancel eachother out. however if you run firesterter, set up all your rules and thetn reboot, with firestarter not set to run at startup (or possibly its enough just to exit firestarter and restart moblock) your firestarter rules will stick whil u will have a working moblock (until u start the firestarter gui again)

not tried with connection sharing though...so dont know if that will work

ashrack
June 28th, 2006, 04:02 PM
Well if the only problem is when U start Firestarter GUI than thats not such a big problem. Had a similar problem in Win2k3 with PEERGUARDIAN and OUTPOST FW. Since OUTPUST had to be lunched first and PG second, else PG would work

jamesford
June 28th, 2006, 05:45 PM
hmm i used outpost and peerguardian in xp too, i never had a problem, not that i can remember anyway, its been a while

pelle.k
June 28th, 2006, 08:59 PM
Hey guys.
Yeah the GUI in it's present state isn't very "much", but as i said i'm working on the full version.
What you have right now is just "quick'n'dirty show me the log in a trayable window".

Moblock and fireHOL works fine together if you know what to add in the fireHOL configuration file. But fireHOL is a "iptable rules creator script", NO GUI, and thats why i figured i'd make a simple gui for that purpose as well.

jamesford
June 28th, 2006, 09:47 PM
awesome pelle, cant wait for it! i really only use firestasrter to open torrernt ports etc, can firehol do the same?

ashrack
June 28th, 2006, 09:47 PM
hmm i used outpost and peerguardian in xp too, i never had a problem, not that i can remember anyway, its been a while
then your a lucky man, its a well known bug between them

jamesford
June 28th, 2006, 10:43 PM
outpost is/was one heck of a good firewall though, wasnt it? i kinda miss having that control in linux

ashrack
June 28th, 2006, 11:01 PM
outpost is/was one heck of a good firewall though, wasnt it? i kinda miss having that control in linux
One of the best!!!

clessing
June 30th, 2006, 08:55 AM
can you tell me if this works with firestarter? last time i tried moblock and peerguardian it kept disabling my firewall

Hi, I'm the gui who is maintaining http://moblock-deb.sourceforge.net/. ;-)

Please have a look at the scripts in /etc/firestarter. There are two interesting files "user-pre" and "user-post" to customize firestarter.

You should be able to get moblock and firestarter working together if you disable the iptables stuff in /etc/moblock/MoBlock-....sh and add those rules to the firestarter scripts.

Make sure that the moblock rules grab the traffic before firestarter does :-)

sprucio
June 30th, 2006, 08:29 PM
Sorry. Wrong post.

Mechanical
June 30th, 2006, 11:06 PM
I have a question about updating. First of all, I was using the list pelle.k had made and included up until now in the manual. Now we have discovered another way to update the lists, yet in 'sudo nano /etc/cron.daily/moblock-nfq' there doesn't seem to be a mention for a p2p file. There is the ad blocking and bad porn stuff, but I am usually used to seeing a p2p file which I figured was the most important part of blocking out the baddies. Just wondering, and hope to see more of the gui soon, thanks.

clessing
July 1st, 2006, 08:40 AM
There is the ad blocking and bad porn stuff, but I am usually used to seeing a p2p file which I figured was the most important part of blocking out the baddies. Just wondering, and hope to see more of the gui soon, thanks.
Please see http://www.bluetack.co.uk/forums/index.php?autocom=faq&CODE=02&qid=18 and
http://www.bluetack.co.uk/config/
and especially http://www.bluetack.co.uk/modules.php?name=FAQ&myfaq=yes&id_cat=6&categories=Blacklists+FAQ

Especially level1 and level2 are anti p2p.

If you think that there is a list that should be included per default in the moblock package or if any of you has improvements for scripts in this package, feel free to contact me.

I know that I have to spend time and work on them but at the moment time is a problem... :-)

clessing
July 1st, 2006, 08:50 AM
I'm having a similar issue. Nothing is being blocked.
I am running Dapper Drake



ottoaim@jesse:~$ tail -f /var/log/moblock.log
NFQUEUE: binding to queue '0'
error during nfq_create_queue()


ottoaim@jesse:~$ lsmod | grep NFQUEUE
ipt_NFQUEUE 1920 0
ip_tables 23744 3 iptable_filter,ipt_NFQUEUE,ipt_state


if anyone has any idea I'd love to get this working

The script in /etc/init.d is not perfect. In some cases you may end up with two instances of moblock, the second one will be unable to bind to the queue.

You may try to killall moblock-nfq and to /etc/init.d/moblock-nfq start.

Maybe this solves your problem.

clessing
July 1st, 2006, 08:55 AM
pommattski; You're absolutely correct. I did not add this because i want people to decide if rebootinbg the computer would be a better choice, as i dont know if restarting moblock leaves one unprotected for a second or two... But i'll add it (commented) to the update script so people can uncoment it on their own...
"/etc/init.d/moblock-nfq reload" does this without leaving you unprotected.
This is the same as killall -HUP moblock-nfq. It reloads the blocklist without quitting moblock.
The command mentioned above is also used by the daily update script.

haani
July 1st, 2006, 02:26 PM
Hi, I'm the gui who is maintaining http://moblock-deb.sourceforge.net/. ;-)

Please have a look at the scripts in /etc/firestarter. There are two interesting files "user-pre" and "user-post" to customize firestarter.

You should be able to get moblock and firestarter working together if you disable the iptables stuff in /etc/moblock/MoBlock-....sh and add those rules to the firestarter scripts.

Make sure that the moblock rules grab the traffic before firestarter does :-)

someone please tell me how to configure firestarter so that it can work with moblock in detail thanks

neev
July 1st, 2006, 05:29 PM
Hello!! Sorry if it is a very basic question, but how do i get moblock installed?? Im newbie with linux so most of the things i do is basically read and try to follow steps but i cannot get it with moblock. Ive followed the steps in the 1st page of the topic but i get an error. When i do sudo apt-get update it says it cannot find http://moblock-deb.sourceforge.net/debian/dists/unstable/Release Unable to find expected entry main/binary-amd64/Packages in Meta-index file (malformed Release file?).

What am i doing wrong?? Any help is much appreciated,

sorry about my english!! and thanks a lot!!

clessing
July 1st, 2006, 07:22 PM
someone please tell me how to configure firestarter so that it can work with moblock in detail thanks
I don't use it and I don't intend to use it.... but looking at the scripts in /etc/firestarter I can say, that firestarter deletes all existing firewall rules when setting up its own rules.
So you have to open /etc/moblock/MoBlock-nfq.sh with your favourite text editor:

Find the line
/usr/bin/moblock $@

Everything before this line goes into /etc/firestarter/user-pre

Leave /etc/moblock/Moblock-nfq.sh unmodified.

Doing so should cause firestarter to insert the iptables rules that moblock uses under normal circumstances before its own rules.

clessing
July 1st, 2006, 07:27 PM
http://moblock-deb.sourceforge.net/debian/dists/unstable/Release Unable to find expected entry main/binary-amd64/Packages in Meta-index file (malformed Release file?).
!

I haven't compiled a version for amd64. Please google a bit to find out whether you can install debian packages for 32bit processors - I really don't know.

pelle.k
July 2nd, 2006, 09:25 PM
Thanks clessing! :)
Now try this out people, so i can add it to the howto... :D

haani
July 3rd, 2006, 12:15 AM
I don't use it and I don't intend to use it.... but looking at the scripts in /etc/firestarter I can say, that firestarter deletes all existing firewall rules when setting up its own rules.
So you have to open /etc/moblock/MoBlock-nfq.sh with your favourite text editor:

Find the line
/usr/bin/moblock $@

Everything before this line goes into /etc/firestarter/user-pre

Leave /etc/moblock/Moblock-nfq.sh unmodified.

Doing so should cause firestarter to insert the iptables rules that moblock uses under normal circumstances before its own rules.

doesnt work firestarter says that it can't connect/start!! when i remove the text from /etc/firestarter/user-per than it works!! so i am thinkin that there is no way of workin moblock and firestarter together??

clessing
July 3rd, 2006, 04:09 PM
doesnt work firestarter says that it can't connect/start!! when i remove the text from /etc/firestarter/user-per than it works!! so i am thinkin that there is no way of workin moblock and firestarter together??

ok, you have to leave out the


if [ -f $PIDF ]; then
PID=`cat $PIDF`
if [ `ps -p $PID|wc -l` -gt 1 ]; then
echo "$0: $PIDF exists and processs seems to be running. Exiting."
exit 1;
fi;
fi;

I thought that's obvious.

I did what I never wanted: spending time on firestarter ;-) Leaving out the lines above just works fine. The firestarter firewall is being build up and moblock starts blocking things. I tested it.

Here's the file user-pre for copy & paste:


#!/bin/sh
#
# MoBlock.sh - MoBlock start script
# ---------------------------------

ACTIVATE_CHAINS=1
WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT="http https 1863"
WHITE_UDP_OUT=""
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""


PIDF=/var/run/moblock.pid

FNAME=`basename $0 .sh`
MODE=`echo $FNAME|awk -F- '{print $2}'`

if [ -f /usr/bin/moblock-ipq ]; then
modprobe ip_queue
TARGET="QUEUE"
elif [ -f /usr/bin/moblock-nfq ]; then
modprobe ipt_NFQUEUE
TARGET="NFQUEUE"
fi;

modprobe ipt_state

# Filter all traffic, edit for your needs

iptables -N MOBLOCK_IN
iptables -N MOBLOCK_OUT
iptables -N MOBLOCK_FW

if [ $ACTIVATE_CHAINS -eq 1 ]; then
iptables -I INPUT -p all -m state --state NEW -j MOBLOCK_IN
iptables -I OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
iptables -I FORWARD -p all -m state --state NEW -j MOBLOCK_FW
fi;


iptables -I MOBLOCK_IN -p all -j $TARGET
#iptables -I MOBLOCK_IN -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -I MOBLOCK_OUT -p all -j $TARGET
#iptables -I MOBLOCK_OUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -I MOBLOCK_FW -p all -j $TARGET
#iptables -I MOBLOCK_FW -m state --state ESTABLISHED,RELATED -j ACCEPT

for PORT in $WHITE_TCP_OUT; do
iptables -I MOBLOCK_OUT -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_OUT; do
iptables -I MOBLOCK_OUT -p udp --dport $PORT -j ACCEPT
done

for PORT in $WHITE_TCP_IN; do
iptables -I MOBLOCK_IN -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_IN; do
iptables -I MOBLOCK_IN -p udp --dport $PORT -j ACCEPT
done

for PORT in $WHITE_TCP_FORWARD; do
iptables -I MOBLOCK_FW -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_FORWARD; do
iptables -I MOBLOCK_FW -p udp --dport $PORT -j ACCEPT
done


# Loopback traffic fix

iptables -I INPUT -p all -i lo -j ACCEPT
iptables -I OUTPUT -p all -o lo -j ACCEPT



There is just one problem left: AFAIK, if traffic is put into moblock's queue and moblock (or any other program that uses the same interface) decides that the package is accepted, it is accepted. Period. (Same as -j ACCEPT when using iptables, no possibility to use something similar to -j RETURN which enables the package to traverse the remaining rules of the firewall to be checked there, too)

So using what I posted above means putting moblock in front of firestarter, effectively leaving firestarter's rules unused because moblock is filtering everything.
You can only use firestarter to watch open connections :-)


You can fix part of this problem by putting all stuff into the file user-post, leaving user-pre empty and by replacing


if [ $ACTIVATE_CHAINS -eq 1 ]; then
iptables -I INPUT -p all -m state --state NEW -j MOBLOCK_IN
iptables -I OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
iptables -I FORWARD -p all -m state --state NEW -j MOBLOCK_FW
fi;

by


if [ $ACTIVATE_CHAINS -eq 1 ]; then
iptables -A INPUT -p all -m state --state NEW -j MOBLOCK_IN
iptables -A OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
iptables -A FORWARD -p all -m state --state NEW -j MOBLOCK_FW
fi;

But this only replaces the problem by another: now firestarter is in charge and if firestarter decides that a packages is to be accepted, it may do so without consulting moblock.


This is one of the reasons for which on sourceforge.net I categorized moblock as software for "advanced end users": you should know how to use iptables before you use moblock. You can do without as per default the package blocks things. But if you want to integrate it in another firewall you need to know, what is going on.

I you are brave and grok the iptables documentation you can insert the moblock chains into firestarter's rules at exactly the places that make sense in your individual case.

It may make sense to use


if [ $ACTIVATE_CHAINS -eq 1 ]; then

iptables -A INBOUND -p all -m state --state NEW -j MOBLOCK_IN

#where in output?
OLINE=$((`iptables -L OUTBOUND|wc -l` - 2 ))
iptables -R OUTBOUND $OLINE -p all -m state --state NEW -j MOBLOCK_OUT

iptables -A FORWARD -p all -m state --state NEW -j MOBLOCK_FW
fi;

in the file user-post.
But I cannot guarantee that it does what you want.

The moral of this story is: You are not secure if you don't know what your firewall does. Even if you do, you may be not secure, but it's better than the first case.

jamesford
July 3rd, 2006, 05:39 PM
are u still planning on a moblock/firehol combo thingy?

smoove
July 3rd, 2006, 11:08 PM
you have to run it as the root user, so you would use sudo.


sudo gpg --keyserver subkeys.pgp.net --recv DEDA0559
sudo gpg --export --armor DEDA0559 | sudo apt-key add -

Still struggling with this lol:

gpg: external program calls are disabled due to unsafe options file permissions
gpg: keyserver communications error: general error
gpg: keyserver receive failed: general error

bigdon06
July 4th, 2006, 02:15 PM
I've got a predicament. I would like to be running moblock and still be able to run all of my web based programs and games. It is inevitable that every time I update the list it puts ranges back in that I don't want. Is there a way to set up exemptions, kind of in the way of peer guardians permallow.p2b? It certainly gets old digging through the blocklist all of the time and removing the same stuff.:confused:

clessing
July 4th, 2006, 06:13 PM
I would like to be running moblock and still be able to run all of my web based programs and games.

Moblock itself has no whitelisting functionality.

But if it's all about surfing I suggest that you

put WHITE_TCP_OUT="http https" into your moblock start script in /etc/moblock. But that's there by default so you shouldn't have a problem surfing.
Another possibility to whitelist ips is to put something like

iptables -I OUTPUT -d a.b.c.d -j ACCEPT
or
iptables -I OUTPUT -d a.b.c.0/24 -j ACCEPT

into your firewall (first example is a single ip, second example is a net with netmask)

pelle.k
July 9th, 2006, 06:41 PM
Hi. I just wanted to say i have no time to spare to make a complete moblock GUI, because i am currently working all day long, 6 days a week. Sorry about that. Hopefully someone else have the time to code a decent GUI before i have time to do so...

About whitelisting certain ips... You would only have to write a simple bash/python script to remove those ips/ranges, and execute it after a succesfull update of the blocklist.

mikji
July 10th, 2006, 04:38 AM
Hi folks,

I don't really post here that much (long time lurker), but I see you're looking for a moblock gui! Well, I've been working on one in gnome-python for the past few days, and it's about half done. I ran across this thread and thought I'd let you guys know about it so you don't duplicate work.

It'll have a dbus daemon, a notification applet and a preferences item. The first is mostly done, the second is trivial and I haven't gotten started on the last part.

I'll start a new thread when my sourceforge project is approved and I release something (a few days to a week).

Here are some screenshots; the first one is of the preference panel, and the second one is what you get when you click the notification icon.

clessing
July 10th, 2006, 05:23 PM
Hi folks,

I don't really post here that much (long time lurker), but I see you're looking for a moblock gui! Well, I've been working on one in gnome-python for the past few days, and it's about half done. I ran across this thread and thought I'd let you guys know about it so you don't duplicate work.

Looks great. Please drop me a line when you're releasing it. I'd love to provide debian packages along with the moblock-deb stuff if you don't mind. :-)

jamesford
July 10th, 2006, 06:36 PM
bah so it doesent work on 64 bit? i was planning to install 64 bit ubuntu tonight :/

is there and chance there will be a 64 bit version at some stage in the not too distant future ? or are there any alternative programs that does the same and works on 64 bit?

clessing
July 11th, 2006, 12:12 PM
is there and chance there will be a 64 bit version at some stage in the not too distant future ? or are there any alternative programs that does the same and works on 64 bit?

You should be able to compile moblock and build the package on 64bit. (have a look at "apt-get source", "apt-get build-dep" and "dpkg-buildpackage").

At the moment I can't afford the time to work on the package let alone setting up a cross-compiling environment to build 64bit packages.

However, chances are, that I will do this in September/October.

Sammy1
July 11th, 2006, 06:02 PM
Hi folks,

I don't really post here that much (long time lurker), but I see you're looking for a moblock gui! Well, I've been working on one in gnome-python for the past few days, and it's about half done.

Sweet man, that will be invaulable.

olnir
July 12th, 2006, 03:15 PM
pinoyskull: Are you using breezy? If so, you should install moblock-ipq instead...
If you are running a kernel > 2.6.15, could you run 'lsmod | grep NFQUEUE'.
Run 'sudo ls /etc/moblock'. I want to see if all files are there.

jamesford: I really don't know if it works alongside firestarter. It would be really nice if you (or somebody else) would try this as i have no need for a software firewall (i'm behind a hardware firewall ATM). Let me know, and i'll update my howto.

bionnaki: MoBlock is actively developed, PG for linux is not. I would say moblock is very easy to handle, and it has a nice and clean structure. You be the judge. I chose MoBlock because almost nothing is happening to PG linux ATM.
MoBlock has a whitelist at the top of /etc/moblock/MoBlock-nfq.sh. There you can add port 80 (80 which is http is already accepted for outgoing connectiond and their counterpart replys > in.)
About restarting moblock; it's in the howto, but anyway... 'sudo /etc/init.d/moblock-nfq restart'

To all of you:
I've been thinking of writing a GUI for MoBlock using python/ruby, which would handle starting/stopping, updating blocklist, live status and letting people cancel certain ips/ports from the blocklist.
It would be a tray app of course.

Moblock works alongside firestarter.
Moblock has to be started after firestarter for some reason.
I have to manually restart moblock after I have started Firestarter.
After that, it seems to work just fine.

clessing
July 12th, 2006, 03:50 PM
Moblock works alongside firestarter.
Moblock has to be started after firestarter for some reason.
I have to manually restart moblock after I have started Firestarter.
After that, it seems to work just fine.
Yes, but if you don't find a way to insert moblock at the right place into the firewall (see my previous posts) firestarter is useless except for watching connections.

jamesford
July 14th, 2006, 01:01 AM
clessing im having severe problems making an amd64 package, ive never done this before. i dont even know what to do, so i tried as follows and got the following error:
sudo apt-get source moblock-nfq
Reading package lists... Done
Building dependency tree... Done
E: Could not open file /var/lib/apt/lists/moblock-deb.sourceforge.net_debian_dists_unstable_main_sou rce_Sources - open (2 No such file or directory)

a bit more help would be appreciated :)

mikji
July 14th, 2006, 04:30 AM
My project is started at sf.net/projects/gnome-blocklist. The only thing interesting on there ATM is the svn repo, which you can check as I develop this thing.

Feel free to send me patches and suggestions, but as of this post it's not in a working state yet. Right now there is a dbus daemon which takes commands from a simple client. That's it.

clessing
July 14th, 2006, 05:33 AM
clessing im having severe problems making an amd64 package, ive never done this before. i dont even know what to do, so i tried as follows and got the following error:


You need

deb http://moblock-deb.sourceforge.net/debian unstable main
deb-src http://moblock-deb.sourceforge.net/debian unstable main

in /etc/apt/sources.list
Then do a "apt-get update".
After that you need to verify that you have all the tools to build the package:
"apt-get build-dep moblock-ipq" or
"apt-get build-dep moblock-nfq" depending on the package you want to build.

If that succeeds you can descend into the source directory:
These commands should get you towards the goal:

mkdir moblock
cd moblock
apt-get source moblock
cd moblock-0.8
dpkg-buildpackage -rfakeroot

If everything went right, you should have a .deb file.

However, you may need to do the same for the packages libnetfilter-queue and libnfnetlink before. These library packages produce two .deb files. You should install the library-package as well as the library-dev packages. (e.g. libnetfilter-queue and libnetfilter-queue-dev)

jamesford
July 14th, 2006, 07:08 PM
clessing, i sucessfully installed the libnetfilter-queue and libnfnetlink thingies

however with moblock itself:

Failed to fetch http://moblock-deb.sourceforge.net/debian/dists/unstable/main/source/net/moblock_0.8.orig.tar.gz 404 Not Found
E: Failed to fetch some archives.

is some package missing in the repository, or am i doing something wrong?

clessing
July 14th, 2006, 09:45 PM
http://moblock-deb.sourceforge.net/debian/dists/unstable/main/source/net/moblock_0.8.orig.tar.gz 404 Not Found
E: Failed to fetch some archives.



Yes, that's really my fault (or that of debarchiver). It was really missing there and it's uploaded now.
Sorry for the inconvenience.

jamesford
July 14th, 2006, 10:29 PM
ah thanks.
however now i ran into another problem, or maybe its just me, sorry i find this confusing especially since its been a few hours since i managed to set up the files mentioned above

anyway i get this error:

make[1]: Entering directory `/home/XXX/moblock/moblock-0.8'
gcc -DLIBIPQ -Wall -O2 -march=i586 -fomit-frame-pointer -ffast-math -D_GNU_SOURCE -I/usr/include/libipq -c -o MoBlock-ipq.o MoBlock.c
MoBlock.c:1: error: CPU you selected does not support x86-64 instruction set
MoBlock.c:1: error: CPU you selected does not support x86-64 instruction set
make[1]: *** [MoBlock-ipq.o] Error 1
make[1]: Leaving directory `/home/XXX/moblock/moblock-0.8'
make: *** [build-stamp] Error 2

btw is this the ipq or nfq version ? or both? how do i choose?

clessing
July 15th, 2006, 08:22 AM
MoBlock.c:1: error: CPU you selected does not support x86-64 instruction set

btw is this the ipq or nfq version ? or both? how do i choose?
It's the package's fault. I thought that I already had removed the optimization for i586.

A new package is being uploaded at the moment. You should refetch the source and compile molbock-ipq / moblock-nfq again. Should work now.

Building the moblock-source from my repository results in both packages. (You will have two .deb files afterwards.)

Thanks for finding a bug! ;-)

jamesford
July 15th, 2006, 11:58 AM
wahey it works :D
thanks for your help clessing
it wasnt really difficult either as long as the correct files are in the repository ;)

Phil196949
July 15th, 2006, 01:37 PM
I have been using Ubuntu for only a few week. When I try to apt-get moblock it gives me these errors...
moblock-nfq: Depends: lsb-base (>= 3.0-3) but 3.0-1ubuntu8 is to be installed

Where can I find these packages? thanks

jamesford
July 15th, 2006, 02:00 PM
Phil196949
did u install dapper (ubuntu 6.06)?

as far as i can see 3.0-1ubuntu8 is only abailable in breezy, which is the old ubuntu version

dapper uses 3.1-5ubuntu2

Phil196949
July 15th, 2006, 05:16 PM
Hey thanks! I got it going. I was wondering why I was getting so many errors
when compiling packages. Now I am enlightened! :D

Nonninz
July 15th, 2006, 06:12 PM
Hi. Many thanks for the guide. :D

A question: is there some way to make a fixed "Whitelist", as with Peerguardian on Windows?

clessing
July 16th, 2006, 09:23 AM
Hi. Many thanks for the guide. :D

A question: is there some way to make a fixed "Whitelist", as with Peerguardian on Windows?
http://ubuntuforums.org/showthread.php?p=1213534#post1213534

That's what the search function is for.

c0ugar
July 18th, 2006, 11:09 PM
Hello all,


Moblock and fireHOL works fine together if you know what to add in the fireHOL configuration file. But fireHOL is a "iptable rules creator script", NO GUI, and thats why i figured i'd make a simple gui for that purpose as well.

Has anyone set up firehol to work with moblock? Does anyone know what needs to be added to firehol configuration? When I used PeerGuardian, I had to change all ACCEPTS in firehol's configuration file to PEERGUARDIAN and I had to create a PEERGUARDIAN chain. IE:



# PeerGuardian Configuration (Must be in place for PeerGuardian to receive packets)
iptables --new PEERGUARDIAN
iptables -A PEERGUARDIAN -j QUEUE

server "dhcp dns ssh samba ntp ping" PEERGUARDIAN


Now I'm wondering if I need to do the same in order to get firehol and MoBlock to coexist nicely.

Further information on running PeerGuardian and FireHOL together can be found here. http://forums.phoenixlabs.org/t11437-solution-for-firehol-amp-peerguardian.html

Thanks in advance,

jms830
July 19th, 2006, 04:04 AM
does anyone know if moblock works with guarddog firewall? or if there are any hitches to get them to work together? i don't know how to test if they are working together. Also, how do I even test moblock? I'm running 'tail -f /var/log/moblock.log' but nothings happening.

clessing
July 19th, 2006, 07:58 PM
Also, how do I even test moblock? I'm running 'tail -f /var/log/moblock.log' but nothings happening.

You should be able to do so by pinging a blocked host. E.g. a microsoft web server, etc.
Example output:


Blocked OUT: Nederlands Forensisch Instituut,hits: 1,DST: 195.169.99.137
Blocked OUT: Nederlands Forensisch Instituut,hits: 2,DST: 195.169.99.137
Blocked OUT: Nederlands Forensisch Instituut,hits: 3,DST: 195.169.99.137
Blocked OUT: Case Western Reserve University fakes,hits: 1,DST: 129.22.247.172


A statement that is valid for all those firewall tools and scripts out there, no exceptions:
You have to adapt _each_ firewall tool/script by hand in order to get it working properly with moblock or peerguardnf.
Just starting both will not result in a setup that makes sense.
You have to understand how to use iptables (http://www.netfilter.org/) to do this.
Or you have to find someone who does. I will restructure the moblock package scripts towards September/October which may include the integration of popular firewall tools. Unfortunately, I'm way to busy to do this earlier.

clessing
July 19th, 2006, 08:12 PM
# PeerGuardian Configuration (Must be in place for PeerGuardian to receive packets)
iptables --new PEERGUARDIAN
iptables -A PEERGUARDIAN -j QUEUE

server "dhcp dns ssh samba ntp ping" PEERGUARDIAN


Now I'm wondering if I need to do the same in order to get firehol and MoBlock to coexist nicely.
If this worked with peerguardnf, it should work with moblock-ipq. If you're using moblock-nfq, use

iptables -A PEERGUARDIAN -j NFQUEUE
In both cases, have a look at /etc/moblock/MoBlock-nfq.sh, though.
If firehol is being startet after moblock, it should not be a problem as long as firehol deletes all iptables stuff on startup.

laytoncy
July 20th, 2006, 09:32 PM
Moblock itself has no whitelisting functionality.

But if it's all about surfing I suggest that you

put WHITE_TCP_OUT="http https" into your moblock start script in /etc/moblock. But that's there by default so you shouldn't have a problem surfing.
Another possibility to whitelist ips is to put something like

iptables -I OUTPUT -d a.b.c.d -j ACCEPT
or
iptables -I OUTPUT -d a.b.c.0/24 -j ACCEPT

into your firewall (first example is a single ip, second example is a net with netmask)

I've been following this thread and have MoBlock running along with Azureus and it works like a champ. I'm having trouble whitelisting an IP. I tried the above example "iptables -I OUTPUT -d a.b.c.d -j ACCEPT" and put that in my MoBlock-nfq.sh. Now I know it says insert in a firewall but will it work in the startup script because I'm not running a software firewall? If you can put it in the script is there a particular place that it should be inserted?

clessing
July 20th, 2006, 11:00 PM
If you can put it in the script is there a particular place that it should be inserted?

I'd suggest, that you edit /etc/moblock/MoBlock-nfq.sh and put


iptables -I MOBLOCK_OUT -d a.b.c.0/24 -j ACCEPT
just before


/usr/bin/moblock $@

That should work.

/etc/moblock/MoBlock-nfq.sh is used by the startup scripts in /etc/init.d to start moblock.

To all: I've put a note on the moblock-deb homepage at sourceforge that I'll be away until the 18th of August. "Away" will much likely include also the access to the internet. So I will not respond to posts and emails during the next weeks.

laytoncy
July 20th, 2006, 11:19 PM
Thank you! That did it. :mrgreen:

glycerin
July 23rd, 2006, 02:20 AM
I will restructure the moblock package scripts towards September/October which may include the integration of popular firewall tools. Unfortunately, I'm way to busy to do this earlier.

I am using Ubuntu 6.06 and Firestarter 1.03. Before I can begin downloading torrents with Azureus I must have the protection of the PeerGuardian lists.

Is the ONLY way to have this happen is to wait for "clessing" to update MoBlock so that it works alongside Firestarter? It would be unfortunate to have to wait a few months since I just bought a server for this and want to try it out ASAP.

Maybe there's something I can do temporarily in the meantime? Can I add the PeerGuardian lists directly to Firestarter?

c0ugar
July 25th, 2006, 09:48 AM
If this worked with peerguardnf, it should work with moblock-ipq. If you're using moblock-nfq, use

iptables -A PEERGUARDIAN -j NFQUEUE
In both cases, have a look at /etc/moblock/MoBlock-nfq.sh, though.
If firehol is being startet after moblock, it should not be a problem as long as firehol deletes all iptables stuff on startup.

Okay. I did this, and all network traffic was disabled. Local SSH sessions were disconnected, etc. Not sure exactly how to get MoBlock to work with fireHOL but I'm with another guy, it will suck if we need to wait a month or 2 for this to be worked out. I wouldn't mind getting on IRC and working with others to solve this problem. Altho my time is limited because I work nights, I'd be willing to take a crack at it.

I understand clessing will be away but why wait for him?

foxy123
July 25th, 2006, 12:56 PM
what should I whitelist to unblock a local network?

boast
July 27th, 2006, 11:19 PM
How do you use the GUI? When I click on the accesories>moblock simplegui nothing happens.

Daniel15
July 29th, 2006, 02:37 PM
Hi guys, just a quick question:
If I have my own iptables rules (created using Webmin), will this overwrite them? How can I make both MoBlock, and my own iptables rules run at the same time?

c0ugar
July 29th, 2006, 06:36 PM
Hi guys, just a quick question:
If I have my own iptables rules (created using Webmin), will this overwrite them? How can I make both MoBlock, and my own iptables rules run at the same time?

Bro you gotta read this thread before posting. It's been stated that there is no defined answer to your question, and other questions that are alike.

If MoBlock is launched after your firewall manager, such as web admin, MoBlock super-cedes anything else. Clessing when he gets back from his personal time off will hopefully define these answers for us.

In the mean time, all you can do is wait or attempt your own work around - Which involves editing MoBlock and WebAdmin. Same with FireHol and FireStarter, etc.

foxy123
July 29th, 2006, 06:48 PM
It looks like Moblocks blocks my local network traffic. Is there any way to allow traffic from the computers which are in my local network?

ba5e
July 30th, 2006, 01:11 AM
when I click on the 'moblock simplegui' in accessories I get nothing! installed all relevant dependencies too. Any ideas?

ba5e
July 30th, 2006, 01:14 AM
when I click on the 'moblock simplegui' in accessories I get nothing! installed all relevant dependencies too. Any ideas?
UPDATE: I get the followign running moblock-simplegui from the terminal

willmc@willbuntu:~$ moblock-simplegui
/usr/bin/moblock-simplegui:66:in `initialize': Failed to open file '/usr/share/pixmaps/moblock-gui.png': Permission denied (GLib::FileError)
from /usr/bin/moblock-simplegui:66

c0ugar
July 30th, 2006, 01:21 AM
It looks like Moblocks blocks my local network traffic. Is there any way to allow traffic from the computers which are in my local network?

MoBlock like PeerGuardian, runs by default on all interfaces. I do not believe this can be configured to only run on the 'internet' interface. I believe it is developed that way in order to prevent computers on a LAN from contacting malicious sites, etc. It would defeat the purpose other wise.

foxy123
July 30th, 2006, 12:05 PM
MoBlock like PeerGuardian, runs by default on all interfaces. I do not believe this can be configured to only run on the 'internet' interface. I believe it is developed that way in order to prevent computers on a LAN from contacting malicious sites, etc. It would defeat the purpose other wise.

so is there any solutiion to that? Any way to whitelist certain ips maybe?

HBK
July 30th, 2006, 01:50 PM
UPDATE: I get the followign running moblock-simplegui from the terminal

willmc@willbuntu:~$ moblock-simplegui
/usr/bin/moblock-simplegui:66:in `initialize': Failed to open file '/usr/share/pixmaps/moblock-gui.png': Permission denied (GLib::FileError)
from /usr/bin/moblock-simplegui:66

You have to sudo it, otherwise it won't work :).

Strangely, the GUI doesn't really help me... I can't find the options to update lists etc., isn't that coded yet or do we have a bug :P?

Regards,
HBK

pelle.k
July 30th, 2006, 05:11 PM
I was to code a complete GUI in ruby. Unfortunately i haven't got any time to spare so i just made a "tail" in a "trayable" GTK window. Nothing more, nothing less.
You can essentially have the same result if you use alltray on a terminal with "tail -f" on moblock.log.

If you want features then wait for mikji to complete "GNOME Blocklist". This is what he wrote earlier in this thread...
Hi folks,

I don't really post here that much (long time lurker), but I see you're looking for a moblock gui! Well, I've been working on one in gnome-python for the past few days, and it's about half done. I ran across this thread and thought I'd let you guys know about it so you don't duplicate work.

It'll have a dbus daemon, a notification applet and a preferences item. The first is mostly done, the second is trivial and I haven't gotten started on the last part.

I'll start a new thread when my sourceforge project is approved and I release something (a few days to a week).

Here are some screenshots; the first one is of the preference panel, and the second one is what you get when you click the notification icon.

Moblock shouldn't block LAN ip:s. If it does, it will show up in the log.

ba5e
July 31st, 2006, 12:36 AM
This sounds great! thanks for the help, and well done pelle.k for the howto!

foxy123
July 31st, 2006, 08:51 AM
Moblock shouldn't block LAN ip:s. If it does, it will show up in the log.

I wonder what is that:

Blocked IN: matica.hr,hits: 1,SRC: 192.168.1.3

192.168.1.3 is a local IP address for my other PC.

harryhoudini66
August 2nd, 2006, 03:50 PM
I decided to uninstall Moblock. When I shut down I see the process is running and being terminated. I am sure it is because it starts with Daemon. How do I remove it?

harryhoudini66
August 3rd, 2006, 03:20 AM
Bump

pelle.k
August 3rd, 2006, 08:43 AM
Remove the file "K20moblock-nfq" from all runlevels (/etc/rc0.d/ etc...), "moblock-nfq" in /etc/cron.daily and finally "sudo rm -r /etc/moblock".

Daniel15
August 4th, 2006, 04:07 PM
OK, I appear to have got MoBlock working in conjunction with my firewall/IP masquerading script. I just needed to edit the MoBlock-nfq.sh file slightly. At first, it wasn't working, but then I discovered that where you put the firewall script determines whether MoBlock will work or not. What I found was that if I put a call to my firewall script right at the top of that file (on top of # Filter all traffic, edit for your needs), the firewall works, and MoBlock works as well :)

As an advantage, I no longer need to run PeerGuardian on my computers, as all the blocking is done on the Linux server :D

Razer(x)
August 5th, 2006, 11:53 PM
:D ...hi..i am italian,so my english is not so good...but i thank you,i tried a lot to use moblock but nothing..thank you...now it blocks a lot,but i have a problem...when i do "tail -f /var/log/moblock.log" happen this
Duplicated range ( WinMx Fake )
Skipping useless range: BitTorrent Corrupt Data Senders
Duplicated range ( BitTorrent )
Duplicated range ( BitTorrent )
Duplicated range ( ED2K Virus )
Ranges loaded: 148141
what should i do??and i don't understand if moblock starts automatically when i boot my pc

pelle.k
August 6th, 2006, 12:27 AM
I understand you perfectly good :)
Yes, moblock starts up automaticly when you start up your computer.

Skipping and merging ranges is done when loading the blocklist in to moblock, because of duplicate or bad adresses in the blocklists downloaded. Nothing to worry about...
"Ranges loaded: 148141" Means that moblock is up and running. That's a good thing. After this line, all blocked ip:s will show up.

Try this in another terminal window
ping -c 1 212.73.29.83

If i'm right, you will see this address blocked out in the log.

pelle.k
August 6th, 2006, 12:37 AM
I wonder what is that:
Code:

Blocked IN: matica.hr,hits: 1,SRC: 192.168.1.3


192.168.1.3 is a local IP address for my other PC.

foxy123: Have you got bogon.txt blocklist included in the updater? This blocklist supposedly contains LAN ip:s. Don't ask me why...

Razer(x)
August 6th, 2006, 10:04 AM
:rolleyes: ;) ...i know that this is'nt a real problem..yes moblock has blocked this ip..thank you!!!

foxy123
August 6th, 2006, 03:35 PM
foxy123: Have you got bogon.txt blocklist included in the updater? This blocklist supposedly contains LAN ip:s. Don't ask me why...

cheers a lot, I can access my laptop from another one now!

AndyAWS
August 12th, 2006, 07:27 PM
...never mind, found my answer

pcfreak
August 24th, 2006, 05:32 PM
Hi, I also have this thing with my moblock, it's skipping frames, but it's 4721 ranges! seem to be like a lot of frames to skip, I got the range from bluetack.co.uk

Are you sure, what is the reason for them beeing skipped? Invalid IP addresses/ranges.

If someone here know more about the reason for ranges beeing skipped, then I would like to know. I would like some more details.

MoBlock says:

Skipping useless range:

Why would someone include invalid/bad etc ranges...

What I am a little afraid of, is that the ranges are important, and that they will not get blocked when they should.

djcuuna
August 25th, 2006, 04:48 PM
hello there i set up moblock but not sure if it is blocking so i tryed the tail -f /var/log/moblock.log to see if it is working this what i get and it stays like this. Short guarding.p2p line BitTorrent Corrupt Data Senders:222.3.95.112, skipping it...
Short guarding.p2p line BitTorrent Corrupt Data Senders:81.236.159.212, skipping it...
Short guarding.p2p line BitTorrent Corrupt Data Senders:82.93.220.230, skipping it...
Short guarding.p2p line BitTorrent Corrupt Data Senders:82.136.28.66, skipping it...
Short guarding.p2p line BitTorrent Corrupt Data Senders:70.48.177.235, skipping it...
Short guarding.p2p line ED2K File Flood: 62.57.143.116-62.57.143.116, skipping it...
Ranges loaded: 152356
Merged ranges: 170
Skipped useless ranges: 5741
NFQUEUE: binding to queue '0'
so is this ok or is something wrong thank you for any help in advance cheers

pelle.k
August 26th, 2006, 09:19 AM
Looks ok to me.

Ole32
August 28th, 2006, 10:41 PM
I read Clessing's post (http://www.ubuntuforums.org/showpost.php?p=1209006&postcount=81) about MoBlock and Firestarter.
I am beginner, so I would like to ask - all the problems are only with Firestarter? If I would use e.g. Guarddog, MoBlock will work correctly?

pelle.k
August 30th, 2006, 06:07 PM
well, the problem is really this (it's not really that complicated to understand);
Both fireHOL and firestarter make rules in something called iptables, which is essentially a command line firewall. To simplify things, let's just say that you can tell iptables which traffic goes to "accept" or "drop".
Moblock doesn't filter traffic which goes to "accept", instead it requires sending traffic to a third action (or que really...) specific to moblock called NFQUEUE.

Somehow filtering all traffic that goes to "accept" would solve all problems with most firewalls, because no rules have to be changed in iptables.
_But_, because moblock requires all traffic you want to filter to go through "moblock" action, and this is not possible (as far as i know) in many firewalls, except fireHOL.

Morpheus (the author of moblock) has done a great job with moblock, but i would welcome a "diffrent approach" to do this kind of filtering.

Hype_
September 4th, 2006, 05:54 PM
Erm, quite an issue here: I installed MoBlock following your guide without problem.
Then i wanted to remove it because i had to kill it to connect to services like msn, play Enemy Territory...i uninstalled moblock*.deb and deleted the rcon.daily moblock file.

But now, i cant cant connect to internet at all (im usin my fathers pc :/)
The thing is: at start-up , network configuration shows no error, but i cant acces anything.

When i try to ping my ISP (free.fr) i get unknown host error.
My DNS settings point to the good ip adress (this is given by my ISP, right?)

Help needed!

hype
September 4th, 2006, 07:05 PM
Ok, i managed to fix it.
I just did the following:
-removed mobblock (via synaptik)
-sudo rm -Rf /var/spool/moblock/
-sudo rm -Rf /etc/moblock/
-restart

termite
September 5th, 2006, 12:40 AM
has anyone managed to get moblock to work with initng? I've been trying and getting initng to segfault a lot, which scares me.

I can get it to start (most of the time), but not to stop. Advice (or better: a moblock.i script that works) welcome.

pelle.k
September 5th, 2006, 01:48 PM
Is "initng" really worth the hassle when "upstart" is coming? After all edgy eft is only like two months away...

@ Hype: glad it worked out for you. I read your pm just a few seconds ago...

termite
September 5th, 2006, 02:48 PM
I haven't been keeping up with edgy development, but will read up on upstart. I've been running initng for a couple of months now and rather enjoy it. I was hoping to get moblock running with it, though I suppose I can just start manually.

Anokyn_PT
September 6th, 2006, 09:43 PM
hi!! i'm a pure debian user !! i instaled the moblock but if i put the bçacklist Microsoft i can't use aMSN , so how do i make a whitelist??

pelle.k
September 7th, 2006, 10:57 AM
Currently, there is no good way of doing this. You can whitelist protocols/ports (in /etc/moblock/moblock-nfq at the top of the file), but not ip:s. If you wan't to do that, there is some commented code in the /etc/cron.d/moblock-nfq which let you remove certain ranges (based on ip range name), but it's very un precise. I guess the best thing is to remove the range in question manually from guarding.p2p

flamarro
September 7th, 2006, 05:33 PM
hi there,
need some help here in one thing, i've installed moblock and firehol,( i consider myself a newbie here ), but the thing works good, but every morning when cron is activated, and the block lists are updated, i get no internet. I have to stop moblock-nfq, stop firehol, then start moblock-nfq, then start firehol. Only then i can get back to internet. In cron.daily i have moblock-nfq reload.....

PS: sorry for my english

swkiller
September 10th, 2006, 12:12 AM
I've tried installing moblock but when I try

sudo apt-get install moblock-nfq

it goes to install and then tries to connect to www.bluetack.co.uk and always gets a connection time out.

is the site no longer there?

ratai
September 10th, 2006, 01:45 PM
i confirm that it's impossible to connect and update lists
ratai

clessing
September 10th, 2006, 04:06 PM
i confirm that it's impossible to connect and update lists
ratai

http://forums.phoenixlabs.org/showthread.php?t=12394&page=4&highlight=bluetack

I did not notice, because I had other things in mind. A new version of moblock is being uploaded at the moment that will compensate this by using a backup host.

http://moblock-deb.sourceforge.net/

laytoncy
September 11th, 2006, 06:06 PM
Ubuntu just told me there's an update available for download for moblock-nfq. Is this the update in your previous post? By updating this it should just go on working as it has for me thus far?

clessing
September 11th, 2006, 06:50 PM
Ubuntu just told me there's an update available for download for moblock-nfq. Is this the update in your previous post? By updating this it should just go on working as it has for me thus far?

Yes, I just changed the URL where it downloads updates for the blocking lists from.
(This is in /etc/cron.daily/moblock-...)
Everything else is unchanged.

Razer(x)
September 12th, 2006, 06:38 PM
hi...my moblock..doesn't block..what should i do?

pelle.k
September 12th, 2006, 07:12 PM
Sorry razer(x) but that is like saying your house is broken (when you door doesn't work) ;)
You have to explain to us what isn't working. Doesn't it start up? Does it give you any error messages somewhere. Doesn't it block ip:s any longer? Is it not updating blocklists (Because if you skim like the recent four posts you will see a fix is already uploaded)

Razer(x)
September 12th, 2006, 09:05 PM
ehm....my problem is..that...it update..and i think it starts...but....it does'nt blocks..

ratai
September 13th, 2006, 01:00 AM
it is very difficult for me to understand the difference between iptables, firestarter, and firehole... and today i was try firehol for the first time and after ur tutorial i was blocked (no connection):confused: , not with firehol but when i take lines about moblock in firehol.conf.
Really in tutorial of firehol it is difficult what is essential and what is not necessary.
and i finish to reinstall all my ubuntu...:frown:

is it possible for simple users to have some exemples of config with a pc with a router nat with firehol and moblock inside the firehol.conf ?
and a sugggestion to help us, poor users, maybe a script who tail, update, stop and start who is on link on desktop could be easier :biggrin:
tkx for ur help

mikji
September 13th, 2006, 06:36 AM
hey guys,

sorry for the lack of updates. long story short, i had a bit of a car accident, and college has been tough. with any luck, i'll have some updates to gnome blocklist this weekend, but don't hold your breath.

everyone is welcome to check out whats in subversion right now and play around with it, although i can't remember what works and what doesn't. patches welcome!

spockrock
September 13th, 2006, 07:36 AM
sorry may seem like a n00b question it seems like my friends ip addy is being blocked by moblock when I try to access his ftp is there anyway I can unblock his specific ip?

pelle.k
September 13th, 2006, 09:03 AM
is it possible for simple users to have some exemples of config with a pc with a router nat with firehol and moblock inside the firehol.conf ?
Yes. I actually use NAT and moblock in my own firehol.conf, and i will squeeze that into the HOWTO as soon as possible.


sorry may seem like a n00b question it seems like my friends ip addy is being blocked by moblock when I try to access his ftp is there anyway I can unblock his specific ip?
It's no noob question.
There's no elegant way yet, but do 'grep -i -v 217.56.68 /etc/moblock/guarding.p2p > /etc/moblock/temp.p2p'
then 'sudo mv /etc/moblock/temp.p2p /etc/moblock/guarding.p2p'
This would remove all ip:s starting 217.56.68 from the blocklist.

There's something like it commented out (comments are lines starting with a hash #) in /etc/cron.d/moblock-nfq. Use it to your advantage. /etc/cron.d/moblock-nfq is the "updater" script and it does run every day.

pelle.k
September 13th, 2006, 09:05 AM
razer(x) could you paste the output of 'tail /var/log/moblock.log' to us?

flamarro
September 13th, 2006, 09:37 AM
hi there,
need some help here in one thing, i've installed moblock and firehol,( i consider myself a newbie here ), but the thing works good, but every morning when cron is activated, and the block lists are updated, i get no internet. I have to stop moblock-nfq, stop firehol, then start moblock-nfq, then start firehol. Only then i can get back to internet. In cron.daily i have moblock-nfq reload.....

PS: sorry for my english

I'm sorry to insist, but, does this happens to anyone else?

by the way, i have updated, have now the new site for updates, but i can only update if i change to txt the source blocks, if not, theres allways error 404 file not found, and had to put # in all the 3 lines that involve gunzip so that the script can run. Treat me good, don't shoot me, i'm just a newbie too....:D

Razer(x)
September 13th, 2006, 11:22 AM
Skipping useless range: eAcceleration
Skipping useless range: www.spybot-Spy-removal.com[Spy]
Skipping useless range: amigeek.com/gocybersearch.com[CWS]
Skipping useless range: n69.com/bc777.com
Skipping useless range: DigitalRooster.com
Skipping useless range: Parcproductions.com
Skipping useless range: Fastsearch[Spy]
Ranges loaded: 135805
Merged ranges: 135
Skipped useless ranges: 4525

it loads ips..but it doesn't blocks

spockrock
September 13th, 2006, 07:41 PM
Yes. I actually use NAT and moblock in my own firehol.conf, and i will squeeze that into the HOWTO as soon as possible.


It's no noob question.
There's no elegant way yet, but do 'grep -i -v 217.56.68 /etc/moblock/guarding.p2p > /etc/moblock/temp.p2p'
then 'sudo mv /etc/moblock/temp.p2p /etc/moblock/guarding.p2p'
This would remove all ip:s starting 217.56.68 from the blocklist.

There's something like it commented out (comments are lines starting with a hash #) in /etc/cron.d/moblock-nfq. Use it to your advantage. /etc/cron.d/moblock-nfq is the "updater" script and it does run every day.


yeah worked perfectly but the update script is in /etc/cron.daily/moblock-nfq. But I edited that to exclude my friends specific ip. thanks for the help.

pelle.k
September 13th, 2006, 09:32 PM
razer(x):
OK...
Post the output of 'sudo iptables -L'
That will show if traffic is going through moblock.

spockrock:
way to go. :) glad to be of service...

flamarro:
When it doesn't work, save the output of 'tail /var/log/moblock.log' and of 'sudo iptables -L' to a textfile, so that you can post it here when you've reloaded everything.

smartalecks
September 16th, 2006, 09:37 PM
Moblock was working, but I just did a clean install of ubuntu and now when I try to use Moblock the log shows this error:



NFQUEUE: binding to queue '0'
error during nfq_create_queue()

any ideas? I've tried resetting and reloading, no luck.

clessing
September 17th, 2006, 01:33 AM
Moblock was working, but I just did a clean install of ubuntu and now when I try to use Moblock the log shows this error:



NFQUEUE: binding to queue '0'
error during nfq_create_queue()

any ideas? I've tried resetting and reloading, no luck.

Try a "killall moblock" before you use the script again to start it.
It happens sometimes and i hope to fix it with the next release when I reorganize the whole package.

flamarro
September 18th, 2006, 12:13 PM
razer(x):
OK...
Post the output of 'sudo iptables -L'
That will show if traffic is going through moblock.

spockrock:
way to go. :) glad to be of service...

flamarro:
When it doesn't work, save the output of 'tail /var/log/moblock.log' and of 'sudo iptables -L' to a textfile, so that you can post it here when you've reloaded everything.

ok, i'll do it as soon as i can. Meanwhile, i've discover that this thing happens only when use reload. doing reload blocks internet.... stop and then start of both moblock and firehol do the job as i said. imediatly after this if i do reload, bum, blocks again....

pelle.k
September 18th, 2006, 07:26 PM
Try "sudo /etc/firehol restart" only. It should rewrite iptables if moblock did something to it. If it works, then just add it to the end of /etc/cron.d/moblock-nfq.

Razer(x)
September 21st, 2006, 02:23 PM
FATAL: Module ip_tables not found.
iptables v1.3.3: can't initialize iptables table `filter': iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

ps...i have compiled my kernel and it is 2.6.17

pelle.k
September 21st, 2006, 03:06 PM
There you have it :) I've been there too. do 'make xconfig' if the correct modules is checked, then 'sudo make modules' and finally 'sudo make modules_install'
Not 100% sure this is correct, but give it a try.

From moblock 0.8 README

Requirements.

1) iptables and kernel support for connection and state tracking (
ip_conntrack,ipt_state) and ip_queue or ipt_NFQUEUE kernel modules/built-in.

At least kernel 2.6.14 is required to use the NFQUEUE interface (the
default interface from MoBlock version 0.6) and userspace library:

libnfnetlink 0.0.14
libnetfilter_queue 0.0.11

These are the kernel modules i have with MoBlock running
on 2.6.9-ac6:

with kernel 2.6.15 using new NFQUEUE interface:

nfnetlink_queue 9280 1
nfnetlink 4824 2 nfnetlink_queue
ipt_NFQUEUE 1408 2
ipt_state 1472 0
ip_conntrack 40044 1 ipt_state
iptable_filter 2176 1
ip_tables 17600 3 ipt_NFQUEUE,ipt_state,iptable_filter

ginzberg
September 22nd, 2006, 03:58 AM
I too am experiencing the problem where the log file throws no errors, yet it appears no ips are actually being filtered. I have ensured that all the above required modules are loaded, however, it should be noted that they did not autoload once moblock was started. In previous versions, I believe that it did. I recently reinstalled due to a failed harddrive, so I am unable to check myself. Does anyone have the previous ubuntu install deb's (i notice the latest was updated september 16th, 2006). I would be interested in seeing if the older version fixes the problem.


uname -a
Linux grebznig 2.6.15-27-686 #1 SMP PREEMPT Sat Sep 16 02:13:27 UTC 2006 i686 GNU/Linux

pelle.k
September 22nd, 2006, 04:08 AM
Have you acctually tried to ping an ip in the guarding.p2p list?
Do 'sudo tail /etc/moblock/guarding.p2p'
Pick one ip adress from a range, and do 'ping -c 1 xxx.xxx.xxx.xxx'
Then 'tail /var/log/moblock.log'

ginzberg
September 22nd, 2006, 04:47 AM
A thousand apologies! Just tried doing that and sure enough, got a hit. I suppose that the default rules were either more stringent by default before, or I have just been a good boy lately.

Thank you for setting me straight.

pelle.k
September 22nd, 2006, 05:21 AM
:) No need to apologise.

Daniel15
September 22nd, 2006, 11:47 AM
Sorry, I haven't kept up-to-date with this thread, and haven't had time to read through it...

Is there a way to use my IPTABLES script along with MoBlock? I previously thought that I found a way, but it didn't work well :(

pelle.k
September 22nd, 2006, 03:28 PM
Feel free to add whatever you want to iptables, AFTER moblock has activated. Just make sure those new rules are compatible with the rules moblock put in.

moore.bryan
September 22nd, 2006, 04:18 PM
why not just use peerguardnf?
http://doc.gwos.org/index.php/Peer_Guardian

thechilde
September 23rd, 2006, 04:48 AM
mine is not blcoking anything as far as i can tell. my log never changes. here is iptables

sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
MOBLOCK_IN all -- anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
MOBLOCK_FW all -- anywhere anywhere state NEW

Chain MOBLOCK_FW (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_IN (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_OUT (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
MOBLOCK_OUT all -- anywhere anywhere state NEW

pelle.k
September 23rd, 2006, 04:53 AM
I'll repeat what i wrote six posts ago:

Have you acctually tried to ping an ip in the guarding.p2p list?
Do 'sudo tail /etc/moblock/guarding.p2p'
Pick one ip adress from a range, and do 'ping -c 1 xxx.xxx.xxx.xxx'
Then 'tail /var/log/moblock.log'

thechilde
September 25th, 2006, 03:36 PM
I did, the log does not change. And the pinging has only failed once the others I was pinging fine.

thechilde
September 25th, 2006, 03:39 PM
:~$ sudo tail /etc/moblock/guarding.p2p
Password:
222.187.120.016 - 222.187.120.023 , 000 , XuZhou Pol
222.191.240.060 - 222.191.240.063 , 000 , wuxi sony
222.196.048.000 - 222.196.063.255 , 000 , Sichuan Co
222.198.246.000 - 222.198.246.255 , 000 , GuiZhou Po
222.218.156.005 - 222.218.156.005 , 000 , [DShield t
222.227.073.056 - 222.227.073.063 , 000 , COMING PIC
222.227.164.073 - 222.227.164.073 , 000 , DDoS/ap2p
222.228.161.106 - 222.228.161.106 , 000 , DDoS/ap2p
222.229.088.000 - 222.229.095.255 , 000 , Bogon
223.000.000.000 - 255.255.255.255 , 000 , Bogon, IAN
:~$ ping -c 1 222.191.240.062
PING 222.191.240.062 (222.191.240.50) 56(84) bytes of data.

--- 222.191.240.062 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

:~$ tail /var/log/moblock.log
Reopening logfile.
:~$


So it didn't ping, but it didn't log it either.

pelle.k
September 25th, 2006, 04:39 PM
I'm afraid i can't help you with that :(, it would seem you really have a problem.

Compare the output of 'lsmod' to this;

nfnetlink_queue 9280 1
nfnetlink 4824 2 nfnetlink_queue
ipt_NFQUEUE 1408 2
ipt_state 1472 0
ip_conntrack 40044 1 ipt_state
iptable_filter 2176 1
ip_tables 17600 3 ipt_NFQUEUE,ipt_state,iptable_filter

'pidof moblock' should tell you if it's running. I would suggest you reinstall it.

Daniel15
September 26th, 2006, 05:41 AM
I see something weird in your ping output, thechilde:


PING 222.191.240.062 (222.191.240.50) 56(84) bytes of data.

222.191.240.062 is 222.191.240.50??

Try pinging Microsoft.com, and see if you have the same result.

What I usually do to test this is have two terminal windows open. In one, I type
tail -f /var/log/moblock.log (which will leave the tail program open, and write the log messages as they appear). In the other window, I ping microsoft.com:
ping microsoft.com. Then, I check the first window for any output.

flamarro
September 28th, 2006, 09:25 AM
Try "sudo /etc/firehol restart" only. It should rewrite iptables if moblock did something to it. If it works, then just add it to the end of /etc/cron.d/moblock-nfq.
Sorry not to answer so soon, but in this days that have passed when reloading theres was no problem at all, till today :confused: did restart as you said and there it goes again. But why the hell this happens only sometimes? I was thinking it was for the new version of moblock but...... well, never mind, restart we'll do :rolleyes: it works, thats all we want, yes? :mrgreen:

shookone
September 28th, 2006, 06:22 PM
I just installed moblock and was experiencing problems running it with ubuntu-firewall script.

I tried loading iptables as recommended for firehol and it had no effects. Upon disabling my firewall, i was able to see the log file fill up with lines like:


Short guarding.p2p line 222.168.089.192 - 222.168.089.207 , 000 , CHANGCHUN-, skipping it...
Short guarding.p2p line 222.168.091.008 - 222.168.091.011 , 000 , CHANGCHUN-, skipping it...
Short guarding.p2p line 222.172.032.100 - 222.172.032.100 , 000 , [DShield t, skipping it...
Short guarding.p2p line 222.182.110.000 - 222.182.110.255 , 000 , [DShield b, skipping it...
Short guarding.p2p line 222.184.240.040 - 222.184.240.043 , 000 , police tra, skipping it...


Which results in:


Ranges loaded: 4445
Merged ranges: 9
Skipped useless ranges: 223
NFQUEUE: binding to queue '0'
error during nfq_create_queue()


ubuntu-firewall script:


################################################## ##########################
# ubuntu-firewall-cfg Configuration settings for the Ubuntu-firewall. #
# This config file should be placed within your /etc/default directory. #
# Version: 0.5 #
################################################## ##########################

###
# Network Interfaces
###

# Set the external interface. This is the interface that will
# face the Internet. It's the one you want Ubuntu-firewall to
# protect. Typically it will be eth0 or eth1. However, you
# may choose to have Ubuntu-firewall automatically select the
# * first * active interface it finds. In this case, you would
# use the key word, "auto" as in, EXTIF="auto". This is usually
# a good choice for users who have only one active network
# interface on their machine.
#
EXTIF="eth0"
#EXTIF="auto"

# Set the internal interface if you have one and want to be
# able to pass local traffic over it. If not, then don't
# specify an interface inside the quotes. Just leave it blank
# as in INTIF="". This can NOT be set to, "auto!"
INTIF="eth1"



##
# Miscellaneous options set with, "yes" or, "no"
##

# Disable the firewall (useful for temporarily disallowing Ubuntu-firewall
# to start, without having to remove it from your startup configuration).
# This setting affects Ubuntu-firewall's ability to start on boot-up but
# has no affect on the current firewall state. In other words, if
# Ubuntu-firewall has run before setting this to disabled, the firewall
# will still be active until you either reboot, or issue the following
# at the command line: 'sudo /etc/init.d/ubunti-firewall.sh stop'
DISABLED="no"

# Firewall logging (useful for debug, curiousity, etc. Logs to syslog)
LOG_PACKETS="no"

# Verbose mode (feedback during script execution - useful for debug, etc.)
VERBOSE="no"

# Respond to ICMP (echo-request) pings
ALLOW_PINGS="no"



###
# Complex Server options set with, "yes" or, "no"
###

# FTP server - Firewall requirements for an FTP Server are a little more
# involved. Thus, I've coded support for it directly into the Ubuntu-firewall
# script. It can be enabled/disabled here.
ALLOW_FTP="yes"

# Micro$oft Networking - Firewall requirements for Micro$oft Networking are
# a little more involved. Thus, I've coded support for it directly into the
# Ubuntu-firewall script. It can be enabled/disabled here.
ALLOW_MSNETWORKING="no"



###
# Other services
###

# List the TCP ports you want un-blocked by the firewall.
# The ports need to be inside the quotes with a space between each one.
# (ex: OPEN_TCP_PORTS="22 80 110")
# This would un-block TCP ports 22 (ssh), 80 (http), and 110 (POP-3).
OPEN_TCP_PORTS="37222 24808 49160 49161 49162 49163 49164 49200 49300 21 22 80 85 110 25 5900 8181 8080 10000 30000"

# List the UDP ports you want un-blocked by the firewall.
# The ports need to be inside the quotes with a space between each one.
# (ex: OPEN_UDP_PORTS="53")
# This would un-block UDP port 53 (DNS Server services).
OPEN_UDP_PORTS="4905 15801 34522 34525 37500"



###
# Advanced Options
###

# Network Address Translation/Routing
#
# This enables NAT Routing capabilities. To use this feature, you must
# specify the interface for NAT_IF, for which you want NAT services applied.
# This MAY be the same as your internal interface (INTIF) as specified above.
# ex: NAT_IF="eth1" (this will allow you to connect another PC to this PC's
# eth1 interface for Internet Access on that PC) To disable NAT, don't
# specify an interface inside the quotes. Just leave it blank as in NAT_IF="".
#
# Bear in mind that the PC connected to this one will need to be set up on
# the same network segment that this one's NAT_IF is on. You will also need
# to use the IP address assigned to the NAT_IF device, as that PC's default
# gateway to the Internet.
NAT_IF="eth1"

# Forwarding of Ports
#
# This allows you to forward ports to an internal host. To use this feature,
# simply specify an internal host to which you want to forward incoming
# connections using the FORWARD_HOST directive. Leaving it blank as in,
# FORWARD_HOST="" will disable port forwarding. Once you've specified a
# host to which you want ports forwarded, you need to specify the ports.
# This is done using the following two directives: FORWARD_TCP_PORTS
# FORWARD_UDP_PORTS. You may list multiple ports by separating them with
# spaces. For instance, if you wanted to forward incoming to TCP ports 22,
# 80, and 110, to an internal host with an IP address of 192.168.1.10, you
# would use the following configuration:
# FORWARD_HOST="192.168.1.10"
# FORWARD_TCP_PORTS="22 80 110"
# FORWARD_UDP_PORTS=""
FORWARD_HOST="192.168.100.100"
FORWARD_TCP_PORTS="6346"
FORWARD_UDP_PORTS=""

# Custom Rules
#
# This allows the user to define non-standard or custom rules to be added
# to the firewall policy. It is STRONGLY RECOMMENDED that you only make
# use of this if you understand iptables hirarchy and firewall design in
# general! Carelessly inserting rules into Ubuntu-firewall can easily
# render it ineffective. You have been warned! Now, with all that out
# of the way, here's how to do it. First, you need to create a file that
# contains the appropriate iptables commands, making certain that you have
# the syntax correct. When making your custom rules, you should probably
# test each of them, one-at-a-time at the command prompt to verify that they
# work as expected. You may define as many custom rules as you like but
# remember, usually the simpler the firewall ruleset, the more robust it
# tends to be. Take special care to make sure that any rules you define,
# don't sabotage other rules listed below it. Once you have your file
# populated with your custom rules, save it and set the CUSTOM_RULES directive
# to point to your file. Ex: CUSTOM_RULES="/etc/default/custom_firewall_rules"
# If you don't have any reason to use custom rules, then simply leave
# CUSTOM_RULES blank as in, CUSTOM_RULES="".
CUSTOM_RULES="/etc/default/ubuntu-firewall-custom"


Custom Rules:


## Custome Rules for ubuntu-firewall-cfg
iptables --new MOBLOCK
iptables -A MOBLOCK -j NFQUEUE


I am unable to block sites like microsoft.

Here is additional information:




>lsmod | grep NFQUEUE
ipt_NFQUEUE 1920 0
ip_tables 23744 7 iptable_mangle,ipt_NFQUEUE,ipt_REJECT,ipt_limit,ip t_state,iptable_nat,iptable_filter

-------------

>ls /etc/moblock/
guarding.p2p guarding.p2p.backup MoBlock-nfq.sh

-------------
>uname -a
Linux linux-core-pc 2.6.15-27-686 #1 SMP PREEMPT Sat Sep 16 02:13:27 UTC 2006 i686 GNU/Linux



/etc/cron.daily/moblock-nfq:


BLOCKLISTS="nipfilter.dat ads-trackers-and-bad-pr0n"

>iptables -L :

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain MOBLOCK (0 references)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Please help. I just got one of those notifications your don't want to receive from your ISP. I've had moblock running for some time thinking its been blocking. I'll be happy to provide any information needed.

pelle.k
September 28th, 2006, 07:02 PM
very good report! :)
You shouldn't expect moblock to run with any other firewall script than firehol, as you probably know by now, so uninstall ubuntu-firewall, or see to it that it will run no more.
iptables -L shows me no traffic is using iptables firewall. If you have installed firehol, something is wrong. did you activate it (eg "START_FIREHOL=YES" in /etc/default/firehol)?
can you paste your /etc/firehol/firehol.conf here so i can take a look at it?

shookone
September 28th, 2006, 08:34 PM
pelle.k: Well i removed my firewall completely. Moblock should work correct? I ran some commands to confirm its operational state:

I removed ubuntu-firewall script from /etc/rc* directories (ex. rm /etc/rc1.d/*ubuntu-firewall.sh) and all its configuration files(ex sudo rm /etc/default/ubuntu-firewall-*)

>tail command...:


>tail -f /var/log/moblock.log

Skipping useless range: adelinatech.com
Skipping useless range: CWS
Skipping useless range: ns1/ns2.playercodec.net
Skipping useless range: www.buhartes.info|BT|Hijackers
Skipping useless range: adv549|CWS|BT|Hijackers
Skipping useless range: Pluginaccess.com/Dialeraccess.com[CWS]
Ranges loaded: 4445
Merged ranges: 9
Skipped useless ranges: 223
NFQUEUE: binding to queue '0'





###@linux-core-pc:/etc/default$ ping microsoft.com
PING microsoft.com (207.46.250.119) 56(84) bytes of data.

--- microsoft.com ping statistics ---
26 packets transmitted, 0 received, 100% packet loss, time 25069ms

###@linux-core-pc:/etc/default$ ping www.microsoft.com
PING lb1.www.ms.akadns.net (207.46.199.30) 56(84) bytes of data.

--- lb1.www.ms.akadns.net ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5000ms

###@linux-core-pc:/etc/default$ ping adelinatech.com
PING adelinatech.com (68.178.232.100) 56(84) bytes of data.

--- adelinatech.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2001ms

###@linux-core-pc:/etc/default$



I have no firewall rules active and im not blocking sites... via firefox i can connect to microsoft's main site.

Does moblock require firehol?

pelle.k
September 28th, 2006, 09:32 PM
no, not at all. running moblock without a firewall such as firehol is actually less painful, as moblock creates rules in iptables automaticly. this is the reason it doesn't work with other firewalls, because after moblock has setup some rules in iptables, the "firewall" put it's own rules also in iptables, and it becomes a mess.
Iptables can (unforuately) only have one application at a time create rules for it. _If_ you customize firehol a bit, then you can have them both running, that's the reason i have that bit in my howto, but it's not at all necessary.

shookone
September 28th, 2006, 09:38 PM
After flushing all iptables and deleting chains to make sure moblock has full control of iptables without the use of a firewall i ran the following commands.



iptables -X MOBLOCK (MOBLOCK_FW MOBLOCK_IN MOBLOCK_OUT)

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Then loaded moblock from init.d:


/etc/init.d/moblock-nfq restart
* Restarting moblock moblock [Ok]

Then check iptables' current listing show:


# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
MOBLOCK_IN all -- anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
MOBLOCK_FW all -- anywhere anywhere state NEW

Chain MOBLOCK_FW (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_IN (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_OUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:www
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
MOBLOCK_OUT all -- anywhere anywhere state NEW


Now quickly see my /etc/cron.daily/moblock-nfq::


cat /etc/cron.daily/moblock-nfq |grep BLOCKLIST
# use from BLOCKLISTS.
#BLOCKLISTS="ads-trackers-and-bad-pr0n level1 level2 Microsoft spyware "
BLOCKLISTS="nipfilter.dat ads-trackers-and-bad-pr0n"
#BLOCKLISTTXT="templist dshield"
BLOCKLISTTXT="dshield"


Now when i try to hit microsoft.com website. i get access to it.. (nipfilter.dat contains all level spyware and microsoft db's)

However, when i try an ip from the list:


>tail /etc/moblock/guarding.p2p

www.tendomain.com|Hijack|BT:218.38.13.220-218.38.13.220
CYBERSURFING:218.236.112.0-218.236.112.127
y3y.net/555y.com:219.129.216.39-219.129.216.39
xpire.info-Hijacker[spy]:221.139.50.11-221.139.50.11
Dabber.B|BT:221.236.167.192-221.236.167.192
MS Word Exploit|BT:222.92.208.225-222.92.208.225
hongnanjing.com:222.189.228.5-222.189.228.5
80ke.com:222.189.238.77-222.189.238.77
zinanjing.com:222.223.183.30-222.223.183.30
W32/Downloader/http.down.love.witlog.net:222.237.76.91-222.237.76.91



And pinging 80ke.com, my moblock log returns:
Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 1,SRC: 204.16.208.90
Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 2,SRC: 204.16.208.90
Blocked OUT: 80ke.com,hits: 1,DST: 222.189.238.77
Blocked OUT: 80ke.com,hits: 2,DST: 222.189.238.77
Blocked OUT: 80ke.com,hits: 3,DST: 222.189.238.77
Blocked OUT: 80ke.com,hits: 4,DST: 222.189.238.77
Blocked OUT: 80ke.com,hits: 5,DST: 222.189.238.77
Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 3,SRC: 204.16.208.167
Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 4,SRC: 204.16.208.167
Blocked OUT: MS Hotmail,hits: 1,DST: 64.4.32.7
Blocked OUT: MS Hotmail,hits: 2,DST: 64.4.32.7
Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 5,SRC: 204.16.208.239
Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 6,SRC: 204.16.208.183
Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 7,SRC: 204.16.208.114
Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 8,SRC: 204.16.208.114
Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 9,SRC: 204.16.208.20


So the darn thing is working... Now to reinstall using Firehol. I hope im able to NAT easily from there.. I'm pretty savvy with **** but iptables troubles me.

Thanks for the support. Would be nice to have ubuntu-firewall work with this. Its a great script.

pelle.k
September 28th, 2006, 10:19 PM
No sweat.
I'm no fan of iptables either. It's built for handwritten custom configurations.
I would rather have software using it directly, not through scripts, so that it could have slots for more than one application, and also not let one application change rules to a busy slot, but use it's own slot. Also this would make applications aware of each other through iptables, and one could tell iptables wich application would have the first slot.
Then the firewall could filter traffic in slot one, and moblock have it's own rules in slot two wich the filtered traffic would come to after slot 1.
Maybe i make no sense at all. ](*,)

Then again, it would be nice if moblock didn't use iptables at all to filter traffic (let firewalls and such have iptables for them self) but filter all traffic that goes in or out of the kernel by default.

shookone
September 28th, 2006, 11:28 PM
Another gripe im having is that i noticed that i can access http://www.microsoft.com http://mpaa.org and sites of that nature.

Why do i connect to the microsoft site if i have all the lists blocking for me. Specially Microsoft.

Are there any bench marking tools/sites that can test my moblock

pelle.k
September 28th, 2006, 11:30 PM
You know http traffic is whitelisted by default right?

shookone
September 28th, 2006, 11:41 PM
meaning no matter what im blocking if its coming on via TCP 80 its entering coming in?

Makes no sense.. dont you think?

shookone
September 29th, 2006, 12:21 AM
Id hate to be out of the scope of the project, but since i had to resort to another firewall... What type of rules can i put here. Is there any documented examples i can build off of.

How would i put blocks to certain ports.. or NAT for my other interfaces can receive internet? DHCP is already configured

In any event, as requested:

/etc/default/firehol :


$ cat /etc/default/firehol START_FIREHOL=YES

#If you want to have firehol wait for an iface to be up add it here
WAIT_FOR_IFACE="eth0"


/etc/firehol/firehol.conf:


#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

version 5

########################
### moblock

iptables --new MOBLOCK
iptables -A MOBLOCK -j NFQUEUE

##
########################



# Your internet interface

interface eth0 internet

server ssh accept


# This will send http traffic directly
# to accept instead of moblock
# thus whitelisting it...
client http accept

client all MOBLOCK

# Your local network
interface eth1 home


# You can access whatever on your lan
client all accept

# If you want your lan user to access your http server
server http accept

router internet2home inface eth0 outface eth1

router home2internet inface eth1 outface eth0
route all accept



edit:

I made changes to my conf file. I want to give the world access to my ssh server for remote administrating.. hopefully this works since im on my way to work in a few.

pelle.k
September 29th, 2006, 09:03 PM
why is whitelisting port 80 stupid? all ports are open by default, moblock just filters them. if you want to contact microsoft on port 80, i has to be whitelisted.

as for nat, add this entry before the interfaces;

# fill in ip as needed, ethx = internet device
dnat to 192.168.0.x:ssh inface ethx proto tcp dport 12345

do this with your router; (just an example)

router lan2internet inface eth1 outface eth0
masquerade reverse #now you can "imagine" it as a client, and not use route command...
client all accept

router internet2lan inface eth1 outface eth0
route ssh accept dst 192.168.0.x

shookone
September 30th, 2006, 05:27 AM
Pelle:

I misunderstood i guess. I thought that no matter what moblock is blocking if its port 80 it will come in. I have updated my firehol after much reading of the documentations. Would you mind a quick guidance since I cannot find a firehol.conf thread anywhere.

This is my current firehol.conf:



cat /etc/firehol/firehol.conf
#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

version 5

########################
### moblock

iptables --new MOBLOCK
iptables -A MOBLOCK -j NFQUEUE

##
########################


# The network of eth1
home_ips=192.168.100.2/24

# Your local network
interface eth1 home src "${home_ips}"

policy reject
server "dhcp samba" accept
client "samba" accept

# You can access whatever on your lan
client all accept

# If you want your lan user to access your http server
server http accept

# Your internet interface

interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"

protection strong 10/sec 10
server "ssh ftp" accept


# This will send http traffic directly
# to accept instead of moblock
# thus whitelisting it...
client all MOBLOCK

router home2internet inface eth1 outface eth0
masquerade
route all accept



I'm searching for a front end that will allow me to better understand how this works.

Basically i have my ubuntu box with is directly connected to cable modem via eth0 and i have a xbox running both games and linux via eth1.

There are some ports i need to go from eth1 to the net. I'm not sure how to specify. I'm currently reading more into it but i managed to get the internet on my xbox/linux box.

Again much appreciation for the support. I'm still able to access microsoft.com via the web.. so how do i know if im blocking that stuff.

shookone
September 30th, 2006, 05:50 AM
Wow what resting of the mind does.

I totally understand this now.

What happens if i use this coding:


# Your internet interface

interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"

protection strong 10/sec 10
server "ssh ftp" accept
server all MOBLOCK

# This will send http traffic directly
# to accept instead of moblock
# thus whitelisting it...
client "http https" accept
client all MOBLOCK

router home2internet inface eth1 outface eth0
masquerade
route all accept

Will i be protected from anyone accessing my machine thats on the block list. or is this done automatically?

shookone
September 30th, 2006, 08:47 AM
everything is working fine now... oh yeah except when firehol is loading at start up it shows an [ok] ... but then i do iptables -L and dont get back anything.


when i manually restart it.. then iptables -L show tons of info..

im about to reformat this partition and start fresh.. i know there is a way around it..

i used to use ubuntu-firewall and removed it from rc#.d directories.. i don't know if i did it correctly.. thanks for any feed back.

pelle.k
September 30th, 2006, 10:38 AM
if i'm not mistaken, you should use "server" instead of route after using reverse masquerading on a interface.

If only firehol, and moblock is installed, you should have a populated iptables after bootup. something is messing with the procedure. if you restart firehol, doesn't it complain about the route command?

Scum on a Dead Pelican
September 30th, 2006, 02:21 PM
Hello,

I'm wondering if anyone else is having a problem that I'm having.
Before the last update when I would 'tail -f /var/log/moblock.log' it would show about 180,000 ranges blocked. Now when I do it, it only shows 2672 ranges blocked.
Also, I can leave amule going for hours downloading and nothing will show up on the log as being blocked, when I usually have a couple of blocks a minute.

I don't have any firewalls running.

Any ideas what's going on or any suggestions on how to fix it?

Thanks in advance and thank you for all the work you've put into this program.

pelle.k
September 30th, 2006, 03:32 PM
Hi, clessing is going to reorganize things a bit in moblock-deb, but until then, there seems to be some problems with the new nipfilter.dat in /etc/cron.daily/moblock-nfq, comment the new BLOCKLISTS line, and uncomment the old one, and restart your computer and all will be well.

Those lines look like this (when modified as above)

BLOCKLISTS="ads-trackers-and-bad-pr0n level1 level2 Microsoft spyware "
#BLOCKLISTS="nipfilter.dat ads-trackers-and-bad-pr0n"

Now i _don't_ now what is causing this, it might only be temporary, so I will not suggest this as a permanent solution. but for the time being...

shookone
September 30th, 2006, 07:56 PM
if i'm not mistaken, you should use "server" instead of route after using reverse masquerading on a interface.

If only firehol, and moblock is installed, you should have a populated iptables after bootup. something is messing with the procedure. if you restart firehol, doesn't it complain about the route command?

Hey pelle.k:


I am able to use the net on my lan. I have problems with some applications like my xbmc(xbox) connecting to a client on my machine. Other then that it works... Although i'm still feeling compelled to fresh install.

I restart my firewall an i get no error. I have a new configuration in my conf file.



version 5

#specify ports here
## type: client or server
## label: label port
## type/port: tcp or udp and port (Ex. tcp/80 or udp/300000
#format: type_label_ports="type/port"

server_xlink_ports="udp/37500"
client_xlink_ports="default"

# moblock settings
iptables --new MOBLOCK
iptables -A MOBLOCK -j NFQUEUE

# The network of eth1
home_ips=192.168.100.2/24


# Your internet interface

interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"

protection strong 10/sec 10
server "ssh ftp xlink" accept
# This will send http traffic directly to accept instead of moblock thus whitelisting it...
client "http https" accept
client all MOBLOCK

# Local network

interface eth1 home src "${home_ips}"
policy accept
client all accept

#Routing information

router home2internet inface eth1 outface eth0
client all accept
route all accept
masquerade



If you see why a client connected to eth1 is having problems accessing the web via port 37500. Please by all means, let me know.

I ran a script named firehol-wizard or something of that nature that made a check through my script and placed some TODO fields in showed a configuration that i used to have. my firehol.conf is located in /etc/firehol/. Perhaps it's pulling another conf file... im not sure what is going on.

Before using this firewall i never had experienced problems with my xbox and client/server connectivity. It's sad that I can't find another forum to discuss this issue in since there is moblock being an issue.

pelle.k
September 30th, 2006, 08:37 PM
version 5

#specify ports here
## type: client or server
## label: label port
## type/port: tcp or udp and port (Ex. tcp/80 or udp/300000
#format: type_label_ports="type/port"

server_xlink_ports="udp/37500"
client_xlink_ports="default"

dnat to 192.168.100.2:37500 inface eth0 proto udp dport 37500

# moblock settings
iptables --new MOBLOCK
iptables -A MOBLOCK -j NFQUEUE

# The network of eth1
home_ips=192.168.100.2/24


# Your internet interface

interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"

protection strong 10/sec 10
server "ssh ftp" accept # you dont need xlink here
# This will send http traffic directly to accept instead of moblock thus whitelisting it...
client "http https" accept
client all MOBLOCK

# Local network

interface eth1 home src "${home_ips}" #this is only in your lan...
policy accept
client all accept
#server all accept # you can safely remove this comment

#Routing information

router home2internet inface eth0 outface eth1
masquerade reverse
client all accept
server xlink accept # xlink only here (this is the server)

Do you understand now?
I'm kindof tired, but i think this should be right...

shookone
September 30th, 2006, 10:19 PM
Always good at that supporting end. Highly appreciated. Did you write moblock?

Anyways i tried your method for firehol.conf and i dont see any issues. Matter of fact i know see then when my client tries to connect to eth1(lan), moblock.log returns:


Blocked OUT: ServerBeach,hits: 3,DST: 66.135.32.175
Blocked OUT: ServerBeach Emule servers|P2P Fakes,hits: 3,DST: 64.34.165.84


I need this to work from a machine attached to eth1. I will continue my research. Thanks for everything... Any feed back from anyone is greatly appreciated.

Scum on a Dead Pelican
October 1st, 2006, 10:05 AM
Thanks pelle.k,

That worked great!

0815user
October 4th, 2006, 04:53 PM
Well, hi.

I'm using moblock for 2.6.18 and the old filter files in cron.daily.

--------
Ranges loaded: 159469
Merged ranges: 176
Skipped useless ranges: 5890
NFQUEUE: binding to queue '0'
error during nfq_create_queue()
--------

Besides that error I noticed that moglock.log was bigger than 230MB today. That was because of all that "Skipping..."-messages. Maybe you should tweak the scripts to make sure that doesn't happen after a few weeks of usage.

pelle.k
October 4th, 2006, 06:21 PM
I assume you have compiled your own kernel? Then you need to include some modules in xconfig. I wrote about it a couple posts back in the thread. Never done it myself though (running a custom kernel with moblock that is), so report back on what modules you included in xconfig. (I assume netfilter and ipt_state/iptables...)

I am not the author of moblock, nor am i maintaining the .debs... i'm just a friendly soul helping out, to the extent i can.
The .deb maintainer is however browsing this thread every now and then, so he'll probably notice your suggestion.

shookone
October 5th, 2006, 06:24 AM
Sup guys. I have currently screwed my machine and have a new project at hand.

So I will pause my issues with moblock and firehol... Pelle.k thanx for all the help.

Now i gotta recover lost files off a EXT3 partition that has been over written. Damn journalling is making this hard. But i will continue investigating this... If i come across anything i will post a thread on how i did it. Basically looking to recover pictures.. if i can recover my movies then ill post how to.

0815user
October 5th, 2006, 11:57 PM
I am not the author of moblock, nor am i maintaining the .debs.

Ahh. Thanks anyways. Yes, my kernel is my own creation. But those modules are all included.

Maybe it's because of new 2.6.18. Who knows.

devnulljp
October 9th, 2006, 11:35 PM
I found sudo /etc/init.d/moblock-nfq restart seemed to start it running and blocking.


well it doesent mess with firestarter but maybe thats cos moblock isnt blocking anything :( it doesent work.
there are no error messages in the log, appears to be running. but not blocking :(

Giggity
October 10th, 2006, 03:52 PM
I'm afraid I don't know what this means, and searching for "sigterm" yields no results:

rob@rob-desktop:~$ tail -f /var/log/moblock.log
Ranges loaded: 0
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'
Got SIGTERM! Dumping stats and exiting.
Ranges loaded: 0
Merged ranges: 0
Skipped useless ranges: 0
NFQUEUE: binding to queue '0'
Got SIGTERM! Dumping stats and exiting.

Zone17
October 16th, 2006, 12:29 AM
I am not running a firewall and I can not seem to get moblock to block anything my log file only returns this


zone@zone-laptop:~$ tail /var/log/moblock.log
Short guarding.p2p line 222.198.246.000 - 222.198.246.255 , 000 , GuiZhou Po, skipping it...
Short guarding.p2p line 222.227.073.056 - 222.227.073.063 , 000 , COMING PIC, skipping it...
Short guarding.p2p line 222.227.164.073 - 222.227.164.073 , 000 , DDoS/ap2p, skipping it...
Short guarding.p2p line 222.228.161.106 - 222.228.161.106 , 000 , DDoS/ap2p, skipping it...
Short guarding.p2p line 222.229.088.000 - 222.229.095.255 , 000 , Bogon, skipping it...
Short guarding.p2p line 223.000.000.000 - 255.255.255.255 , 000 , Bogon, IAN, skipping it...
Ranges loaded: 2022
Merged ranges: 0
Skipped useless ranges: 65
NFQUEUE: binding to queue '0'

I tried to ping a blocked IP, but no luck, everthing is skipped.

wolf202
October 16th, 2006, 10:48 AM
Great Guide, Submitted to wikitut.org (http://www.wikitut.org)

http://www.wikitut.org/index.php?title=How_to_Install_and_Use_Moblock

-wolf

pelle.k
October 16th, 2006, 11:22 AM
Giggity: Something is wrong with your setup. Try reinstalling.
Zone17: show me iptables rules (sudo iptables -L)
wolf202: Thanks

Zone17
October 16th, 2006, 12:46 PM
zone@zone-laptop:~$ sudo iptables -L
Password:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
MOBLOCK_IN all -- anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
MOBLOCK_FW all -- anywhere anywhere state NEW

Chain MOBLOCK_FW (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_IN (1 references)
target prot opt source destination
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain MOBLOCK_OUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:www
NFQUEUE all -- anywhere anywhere NFQUEUE num 0

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
MOBLOCK_OUT all -- anywhere anywhere state NEW

Zone17
October 16th, 2006, 12:56 PM
here are the results of my ping

zone@zone-laptop:~$ tail -f /var/log/moblock.log
Skipping useless range: adelinatech.com
Skipping useless range: CWS
Skipping useless range: ns1/ns2.playercodec.net
Skipping useless range: www.buhartes.info|BT|Hijackers
Skipping useless range: adv549|CWS|BT|Hijackers
Skipping useless range: Pluginaccess.com/Dialeraccess.com[CWS]
Skipping useless range: Parcproductions.com
Skipping useless range: Fastsearch[Spy]
Ranges loaded: 160907
Reopening logfile.

zone@zone-laptop:~$ ping microsoft.com
PING microsoft.com (207.46.250.119) 56(84) bytes of data.

--- microsoft.com ping statistics ---
121 packets transmitted, 0 received, 100% packet loss, time 120158ms

zone@zone-laptop:~$ ping microsoft.com
PING microsoft.com (207.46.250.119) 56(84) bytes of data.

--- microsoft.com ping statistics ---
33 packets transmitted, 0 received, 100% packet loss, time 32026ms

pelle.k
October 16th, 2006, 05:25 PM
100% packet loss
I would say it's working perfectly! And you don't see these blocks in the log?

Zone17
October 16th, 2006, 05:38 PM
the logs just show skipping it, no blocks.

hort guarding.p2p line 071.142.027.224 - 071.142.027.239 , 000 , NORTHROP G, skipping it...
Short guarding.p2p line 071.142.028.056 - 071.142.028.063 , 000 , ACS STATE, skipping it...
Short guarding.p2p line 071.142.028.128 - 071.142.028.135 , 000 , MOTION PIC, skipping it...
Short guarding.p2p line 071.142.028.160 - 071.142.028.167 , 000 , LUCAS STUD, skipping it...
Short guarding.p2p line 071.142.042.024 - 071.142.042.031 , 000 , SACRAMENTO, skipping it...
Short guarding.p2p line 071.142.043.048 - 071.142.043.055 , 000 , LEGAL PHOT, skipping it...
Short guarding.p2p line 071.142.162.024 - 071.142.162.031 , 000 , CCSF POLIC, skipping it...
Short guarding.p2p line 071.142.179.032 - 071.142.179.039 , 000 , CLEAR CHAN, skipping it...
Short guarding.p2p line 071.143.100.192 - 071.143.100.199 , 000 , THE CASTIN, skipping it...
Short guarding.p2p line 071.143.106.240 - 071.143.106.247 , 000 , MORRISON &, skipping it...
Short guarding.p2p line 071.143.121.184 - 071.143.121.191 , 000 , NORTHROP G, skipping it...
Short guarding.p2p line 071.143.121.200 - 071.143.121.207 , 000 , NORTHROP G, skipping it..

Zone17
October 16th, 2006, 05:39 PM
I am very new to this though, but I do know in PG logs in winblows it shows blocks.

pelle.k
October 16th, 2006, 06:50 PM
If you tail the log file, the most recent lines should show blocked ip:s, _if_ you recently tried to ping an ip from the blocklist. Those other lines is just feedback from loading ranges and other stuff.
'tail' just gives you the most recent lines. 'tail -f' (-f means 'follow') as in interactive tail, where stuff happens in real-time (you can exit it by pressing ctrl+c). Do you understand the difference?

Zone17
October 16th, 2006, 07:05 PM
I used 2 diffrent windows and did the tail in one and the ping in the other, the first time it did not show the blocks I exit and retyped and it started working! Thanks for all the help.

I just don't get why when I am on Bit Torrent in windows with PG it shows tons of blocks and the only blocks in my log file from Moblock are those pings.

zone@zone-laptop:~$ tail -f /var/log/moblock.log
Skipping useless range: adelinatech.com
Skipping useless range: CWS
Skipping useless range: ns1/ns2.playercodec.net
Skipping useless range: www.buhartes.info|BT|Hijackers
Skipping useless range: adv549|CWS|BT|Hijackers
Skipping useless range: Pluginaccess.com/Dialeraccess.com[CWS]
Skipping useless range: Parcproductions.com
Skipping useless range: Fastsearch[Spy]
Ranges loaded: 160907
Reopening logfile.




zone@zone-laptop:~$ tail -f /var/log/moblock.log
Skipping useless range: adelinatech.com
Skipping useless range: CWS
Skipping useless range: ns1/ns2.playercodec.net
Skipping useless range: www.buhartes.info|BT|Hijackers
Skipping useless range: adv549|CWS|BT|Hijackers
Skipping useless range: Pluginaccess.com/Dialeraccess.com[CWS]
Skipping useless range: Parcproductions.com
Skipping useless range: Fastsearch[Spy]
Ranges loaded: 160907
Reopening logfile.
Blocked OUT: Microsoft,hits: 1,DST: 207.46.130.108
Blocked OUT: Microsoft,hits: 2,DST: 207.46.130.108
Blocked OUT: Microsoft,hits: 3,DST: 207.46.130.108
Blocked OUT: Microsoft,hits: 4,DST: 207.46.130.108
Blocked OUT: Microsoft,hits: 5,DST: 207.46.130.108
Blocked OUT: Microsoft,hits: 6,DST: 207.46.130.108
Blocked OUT: Microsoft,hits: 7,DST: 207.46.130.108
Blocked OUT: Microsoft,hits: 8,DST: 207.46.130.108
Blocked OUT: Microsoft,hits: 9,DST: 207.46.130.108
Blocked OUT: Microsoft,hits: 10,DST: 207.46.130.108
Blocked OUT: EDS Sweden AB,hits: 1,DST: 212.73.29.83
Blocked OUT: EDS Sweden AB,hits: 2,DST: 212.73.29.83
Blocked OUT: EDS Sweden AB,hits: 3,DST: 212.73.29.83

pelle.k
October 16th, 2006, 08:42 PM
Well, to be perfectly honest - that's one of the many mysteries of the universe :)
I guess the pg2 list you get in windows is bigger, or... something.


Blocked OUT: EDS Sweden AB,hits: 3,DST: 212.73.29.83
Hey, are you a fellow slay radio fan? :D

Ole32
October 17th, 2006, 11:47 AM
Is it possible to use blocklist files from PeerGuardian 2, eg. http://peerguardian.sourceforge.net/lists/p2p.php ?

Bogaurd
October 17th, 2006, 01:22 PM
Has anyone had this working with arno's iptables firewall script? It works fine for me, apart from one thing:

- If I run the script, it cancels all my firewall rules.
- If I re-run the firewall, it cancels the moblock rules!

Does anybody know what I need to do to get these 2 living peacefully together? :)

Thanks!

Ole32
October 18th, 2006, 10:25 PM
Is it possible to use blocklist files from PeerGuardian 2, eg. http://peerguardian.sourceforge.net/lists/p2p.php ?

I (at http://moblock.berlios.de/README-0.8) found, that MoBlock should be able to use blocklist from PeerGuardian2 .
Could you pls help me, how to setup MoBlock to use www.bluetack.co.uk (I already have in /etc/cron.daily/moblock-nfq: BLOCKLISTS="nipfilter.dat ads-trackers-and-bad-pr0n" ) and http://peerguardian.sourceforge.net/lists/p2p.php lists together?

pelle.k
October 19th, 2006, 05:27 PM
Bogaurd: Not at the moment, no. If you want to run a firewall, then use firehol.

Ole32: This last link you provided, http://peerguardian.sourceforge.net/lists/p2p.php is level1 blocklist, and should be included in nipfilter.dat
How many ranges are loaded when you run moblock?

Ole32
October 20th, 2006, 02:04 PM
Ole32: This last link you provided, http://peerguardian.sourceforge.net/lists/p2p.php is level1 blocklist, and should be included in nipfilter.dat
How many ranges are loaded when you run moblock?

I would like to use http://peerguardian.sourceforge.net/lists/gov.php and http://peerguardian.sourceforge.net/lists/p2p.php from PeerGuardian together with blocklists from Bluetack.co.uk

Now I have this in MoBlock (/etc/cron.daily): BLOCKLISTS="nipfilter.dat ads-trackers-and-bad-pr0n"

In Windows with PeerGuardian, when I use eg. eMule, I see many blocked attemps per minute.
But in Linux with MoBlock and settings I mentioned above, there are almost no blocked connections in /var/log/moblock.log (although I am connected to the same server as in Windows!).
So I think, that blocklist used from Bluetack aren't so good as the PeerGuardian's...

termite
October 22nd, 2006, 05:13 PM
Today's update in edgy seems to break moblock: there's an unsatisfied dependence on libnetfilter-queue (requires >=0.0.12, has 0.0.11-1.1)

Any suggestions?

omajosi
October 22nd, 2006, 08:41 PM
There seems to be a version difference between debian and ubuntu,this seems to create all the problems
I intended a new install,this is what I got:

moblock-nfq:
Depends: libc6 (>=2.3.6-6) but 2.3.6-0ubuntu20 is to be installed
Depends: libnetfilter-queue1 (>=0.0.12) but it is not installable
Depends: libnfnetlink1 (>=0.0.16) but it is not installable
Depends: libnetfilter-queue1 but it is not installable

using Mepis,which is ubuntu dapper drake based
I hope this will help

lp7413
October 22nd, 2006, 09:15 PM
I had the same problem in Edgy with the new moblock update. Seems that the naming convention has changed on those two dependencies it needs. Ubuntu is using: libnetfilter-queue and libnfnetlink0 On the debian side of things, the packages are now called libnetfilter-queue1 and libnfnetlink1. I am guessing that its because moblock is designed for debian, I havent seen any changelogs for moblock-nfq yet either. If ubuntu will upgrade those two packages here before edgy is final, it will work, otherwise your still going to get something like:

The following packages have unmet dependencies:
moblock-nfq: Depends: libnetfilter-queue1 (>= 0.0.12) but it is not installable
Depends: libnfnetlink1 (>= 0.0.16) but it is not installable
Depends: libnetfilter-queue1 but it is not installable
E: Broken packages

I will look more into the moblock-nfq deb package and see if I can change the deps back to the same names they were previously and see what the outcome will be. I will let you know what happens.

lp7413
October 22nd, 2006, 09:40 PM
I took a look at all the moblock sources, in order to build a new moblock package I also need some lib/dev packages that arent available in the edgy repos. It would be nice if the guy working on the moblock package would make some edgy ports of the libnfnetlink1 and libnetfilterqueue1 packages. Once that happened the package would upgrade just fine without breaking. I suggest just keeping moblock 0.8-12 until edgy releases the debian compatible versions of the above files, or wait for the moblock repos to backport them for us. BTW according to the moblock 0.8-13 changelog, the only thing that changed was the dependency names, no extra features or anything like that have been implemented afaik.

Michaeldaley
October 22nd, 2006, 11:59 PM
I'm having the same problem with Dapper. I just reinstalled my OS and when I went to install moblock I couldn't.

lp7413
October 23rd, 2006, 12:41 AM
I'm having the same problem with Dapper. I just reinstalled my OS and when I went to install moblock I couldn't.

You need to install the moblock 0.8-12 debian package instead of the 0.8-13 and wait until there is a patch for ubuntu to work with >0.8-12.

I have noticed also that 0.8-12 deb package has been completely removed from the repo, if you want the 0.8-12 package and its required deps, please join #linuxsociety on irc.freenode.net and I (ttyfscker) will send you the deb packages through dcc. I would attach them here but debs are not allowed to be posted.. It will be much easier to do on IRC.

termite
October 23rd, 2006, 01:08 AM
debs are not allowed to be posted
Compress them as a .tar.gz, then post. That's what most people here do.

lp7413
October 23rd, 2006, 02:00 AM
Compress them as a .tar.gz, then post. That's what most people here do.

I saved the file as a tar archive, it contains libnfnetlink0_0.0.14-1.1_i386.deb
moblock-nfq_0.8-12_i386.deb
libnetfilter-queue_0.0.11-1.1_i386.deb

Just untar this archive. Be aware that the relative path is still in the tar archive and it is bound to /var/cache/apt/archive

After you have the files extracted from the tarball use dpkg -i *.deb (but be sure you put just those 3 files in a directory by their self. do not run that command from /var/cache/apt/archive directory!! be sure you have the 3 files in their own directory..

omajosi
October 23rd, 2006, 10:25 AM
Thanks a lot for the files,it will help all of us till somebody comes out with a patch or whatever.

NiksaVel
October 23rd, 2006, 02:18 PM
ahem... I was just doing a new install of fluxbuntu and ran into the same problem with dependancies...

I installed from the above deb files (thanks!), BUT I don't see moblock actually blocking anything...

it just skips loads of ranges, than says:


Ranges loaded: 2022
Reopening logfile.


and hangs at that... nothing new happens, it doesn't report any blocks... I tries pinging www.microsoft.com and it was 100% packet loss... however no entries into the moblock.log file


I had firestarter installed when I installed moblock, than noticed that it was a no-no... so I removed firestarter.... is that the cause of moblock not working?

thanks!

omajosi
October 23rd, 2006, 04:40 PM
Has anybody ever tried linblock in Ubuntu??,it can be found here:http://dessent.net/linblock/
It's supposed to do the same as moblock and peerguardian

NiksaVel
October 23rd, 2006, 08:09 PM
I take back my previous post - after a few hours of trailing the log file I got a few blocks...

anyways... is the 2020 an adequate number of ranges loaded?

skipo
October 24th, 2006, 07:11 PM
I would like to use http://peerguardian.sourceforge.net/lists/gov.php and http://peerguardian.sourceforge.net/lists/p2p.php from PeerGuardian together with blocklists from Bluetack.co.uk


I was thinking the same thing. Would that be possible?

pelle.k
October 24th, 2006, 09:07 PM
I wrote this a while ago...

Ole32: This last link you provided, http://peerguardian.sourceforge.net/lists/p2p.php is level1 blocklist, and should be included in nipfilter.dat
How many ranges are loaded when you run moblock?
Apparently, the nipfilter.dat no longer does what it is supposed to, and that is include level1 level2 and other stuff..
Edit /etc/cron.d/moblock-nfq and use the old line with blocklists which is commented out just above the "new" one (i think)

As of now, moblock is a mess. Wait for a new version to come out, or use an old version (and make the necessary changes to load all blocklists).

NiksaVel
October 24th, 2006, 10:32 PM
I don't have that file...


niksavel@leddl-fluxbuntu:/$ sudo nano /etc/cron.d/moblock-nfq
Password:
niksavel@leddl-fluxbuntu:/$ cd /etc/cron.d
niksavel@leddl-fluxbuntu:/etc/cron.d$ ls
anacron
niksavel@leddl-fluxbuntu:/etc/cron.d$

lp7413
October 25th, 2006, 07:43 AM
I don't have that file...

it should be in /etc/cron.daily/moblock-nfq

NiksaVel
October 25th, 2006, 08:10 AM
true... thanks!

termite
October 25th, 2006, 11:17 PM
For those of you using KDE, here is a superkaramba theme that will monitor your moblock log file.

Suggestions welcome.

shookone
October 27th, 2006, 03:55 PM
Sup guys.

Well im back from my minor setback. I wanna thank for the help you guys gave me before in getting moblock up and running with firehol. But i am having problems setting my firehol to work with my other devices.

My comp has two NICs. eth0 and eth1.
I have a xbox connected to eth1.

With the help of this thread i was able to create this file:


version 5

#specify ports here
## type: client or server
## label: label port
## type/port: tcp or udp and port (Ex. tcp/80 or udp/300000
#format: type_label_ports="type/port"

server_xlink_ports="udp/37500"
server_xlinkx_ports="udp/34522"
server_1024_ports="udp/1024"
client_xlink_ports="default"

dnat to 192.168.100.2:37500 inface eth0 proto udp dport 37500

# moblock settings
iptables --new MOBLOCK
iptables -A MOBLOCK -j NFQUEUE

# The network of eth1
home_ips=192.168.100.2/24


# Your internet interface

interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"

protection strong 10/sec 10
server "ssh ftp" accept # you dont need xlink here
# This will send http traffic directly to accept instead of moblock thus whitelisting it...
client "http https" accept
client all MOBLOCK

# Local network

interface eth1 home src "${home_ips}" #this is only in your lan...
policy accept
client all accept
server all accept # you can safely remove this comment

#Routing information

router home2internet inface eth0 outface eth1
masquerade reverse
client all accept
server xlink accept # xlink only here (this is the server)

The daemon communicates with the following:

LAN:
UIBind = :34522 # UDP Communicates with UI

WAN:
OrbPort = 34525 # UDP/TCP Daemon probes this port to talk to orbitals (udp/tcp)
OrbDeepPort = 34523 # UDP Daemon probes this port to talk to deep res servers
EngineBind = :37500 # UDP <- Needs port forwarding if NAT.


The daemon on my computer communicates to the xbox(lan) via port 34522 and communicates with orbital servers(WAN) via port 35700.

What I see happening is that the initial communication gets completed, but when going into arena's there are no more oribital responces. The request make it to my linux box, according to traffic logs. But none are returned to my xbox.

Either im losing orbital connectivity or firehol is blocking. Never the less I am able to connect properly without firehol.

At first i thought it was the protection. But then i removed the protection and was able to communicate much better but after several tests im unable to see responces from orbital and im unable to see people when i actually intiate a game.


My current configuration is moblock plugged into FireHOL. FireHOL configuration is above. I can post my kaid.conf if needed. But basically the port settings are posted above.