Re: General MoBlock thread
Hi JRE, All,
I have been running Moblock for a while on Linux Mint Daryna but new distro Mint Elyssa (Hardy based) = new problems.
I use Firestarter as firewall.
I installed Moblock and it worked straight out of the box. For a while. I had to adjust moblock.conf and used the same settings as before.
Then moblock did not want to start at all anymore.
Status:
Code:
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.0.1 0.0.0.0/0 tcp flags:!0x17/0x02
35 7185 ACCEPT udp -- * * 192.168.0.1 0.0.0.0/0
60 2520 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 1/sec burst 5
0 0 LSI udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:33434
0 0 LSI icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- eth0 * 0.0.0.0/0 255.255.255.255
10 2505 DROP all -- * * 0.0.0.0/0 192.168.0.255
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 LSI all -f * * 0.0.0.0/0 0.0.0.0/0 limit: avg 10/min burst 5
602 522K INBOUND all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Input'
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0 limit: avg 1/sec burst 5
0 0 LSI udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:33434
0 0 LSI icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Forward'
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 192.168.0.2 192.168.0.1 tcp dpt:53
41 2545 ACCEPT udp -- * * 192.168.0.2 192.168.0.1 udp dpt:53
60 2520 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/8 0.0.0.0/0
2 136 DROP all -- * * 0.0.0.0/0 224.0.0.0/8
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
574 44221 OUTBOUND all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Output'
Chain INBOUND (1 references)
pkts bytes target prot opt in out source destination
602 522K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 LSI all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LOG_FILTER (5 references)
pkts bytes target prot opt in out source destination
Chain LSI (6 references)
pkts bytes target prot opt in out source destination
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Inbound '
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain LSO (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG_FILTER all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 5/sec burst 5 LOG flags 0 level 6 prefix `Outbound '
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTBOUND (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
518 39692 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
56 4529 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain moblock_fw (0 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Chain moblock_in (0 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 64.15.112.0 0.0.0.0/0
0 0 RETURN all -- * * 192.168.0.0/16 0.0.0.0/0
0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Chain moblock_out (0 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Please check if the above printed iptables rules are correct!
* moblock is not running.
Moblock-control.log:
Code:
[sudo] password for eddy:
YAHOOZ-060921002953:75.35.59.144-75.35.59.151
YAHOOZ-061003013011:75.41.158.152-75.41.158.159
YAHOOZ-070828170428:76.246.182.152-76.246.182.159
Installing blocklist to /etc/moblock/guarding.p2p [ OK ]
* MoBlock is not running.
2008-06-07 10:44:00 EST End: moblock-control update
2008-06-07 10:44:16 EST Begin: moblock-control start
Inserting iptablesiptables v1.3.8: host/network `-' not found
Try `iptables -h' or 'iptables --help' for more information.
[fail]
2008-06-07 11:00:23 EST Begin: moblock-control reload
Building blocklist [ OK ]
Removing lines containing the following regular expressions from the blocklist:
google
yahoo
altavista
debian
sourceforge
Removed the following lines:
add2.dir.scd.yahoo.com ads:66.218.70.227-66.218.70.227
BOGDAN_LUCIAN_CRISTIAN-YAHOOCOM:208.98.12.0-208.98.12.63
Cuyahooga County Bar Assoc:66.73.60.72-66.73.60.79
extads1.vip.ukl.yahoo.com ads:217.12.4.96-217.12.4.96
gigenfu@yahoo.com.tw:218.210.18.64-218.210.18.71
GOOGLE-NL:213.19.160.192-213.19.160.207
GOOGLE/PLANET LABS:208.185.40.192-208.185.40.223
GOOGLE/PLANET LABS:208.185.4.128-208.185.4.159
GOOGLE/PLANET LABS:208.185.42.96-208.185.42.127
NTT Com/SOL/VTF/EH/Sony/Google:157.238.217.32-157.238.217.39
rd1.vip.ukl.yahoo.com ads:217.12.6.21-217.12.6.21
Savvis-Sourceforge Split1 Start Range:66.35.192.0-66.35.249.255
Savvis Sourceforge Split2 End Range:66.35.251.0-66.35.255.255
sexymagnet.com/p2w1.geo.scd.yahoo.com]:66.218.79.157-66.218.79.157
SNET TEST YAHOO 01:66.159.160.136-66.159.160.143
SNET TEST YAHOO 02:66.159.160.144-66.159.160.151
SNET TEST YAHOO 03:66.159.160.152-66.159.160.159
SNET TEST YAHOO 04:66.159.160.160-66.159.160.167
SNET TEST YAHOO 05:66.159.160.168-66.159.160.183
SNET TEST YAHOO 06:66.159.160.184-66.159.160.191
SNET TEST YAHOO 07:66.159.160.192-66.159.160.199
SNET TEST YAHOO 09:66.159.160.208-66.159.160.215
SNET TEST YAHOO 10:66.159.160.216-66.159.160.223
SNET TEST YAHOO 11:66.159.160.224-66.159.160.231
SNET TEST YAHOO 3004:64.252.30.112-64.252.30.119
SNET TEST YAHOO:64.252.30.80-64.252.30.111
SNET TEST YAHOO:66.159.160.200-66.159.160.207
SNET TEST YAHOO:66.159.160.232-66.159.160.255
SNET TEST YAHOO:66.159.160.32-66.159.160.39
SNET TEST YAHOO:66.159.160.8-66.159.160.23
SNET TEST YAHOO:66.159.185.0-66.159.185.47
Software in the Public Interest / Debian:194.109.137.216-194.109.137.223
Taiwan Yahoo Electric Co., Ltd:203.74.105.88-203.74.105.95
Tonghua Yahoo Netbar,Kuaida Town , Tonghua City,:218.62.120.236-218.62.120.239
Tor.debian40etch64minim:88.198.17.116-88.198.17.116
tsaisuntech@yahoo.com:220.228.117.128-220.228.117.135
yahoo fraud scammer:68.195.62.40-68.195.62.40
YAHOOPC:218.233.116.192-218.233.116.255
yahoo scammer:4.65.105.109-4.65.105.109
Yahoo Software Development India Pvt. Ltd:203.145.181.48-203.145.181.63
YAHOOZ-060921002953:75.35.59.144-75.35.59.151
YAHOOZ-061003013011:75.41.158.152-75.41.158.159
YAHOOZ-070828170428:76.246.182.152-76.246.182.159
Installing blocklist to /etc/moblock/guarding.p2p [ OK ]
* MoBlock is not running.
2008-06-07 11:00:33 EST End: moblock-control reload
2008-06-07 11:00:54 EST Begin: moblock-control restart
Deleting iptablesiptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: Bad rule (does a matching rule exist in that chain?)
* Some iptables rules could not be deleted. The most common reason for this is
* that they did not exist. If MoBlock was not running this is the correct
* behaviour. But if MoBlock was running there is some problem. Make sure that
* MoBlock inserts its iptables rules correctly and that other software, e.g.
* firewall applications, don't delete them. Make sure that MoBlock is started
* after other firewall applications.
Stopping MoBlock [fail]
Inserting iptablesiptables v1.3.8: host/network `-' not found
Try `iptables -h' or 'iptables --help' for more information.
I have tried to delete and re-install but that didn't work either.
I have ben fiddling a bit more and it looks like the remove and re-install did not work properly:
Code:
[sudo] password for eddy:
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 17 not upgraded.
Need to get 0B/59.6kB of archives.
After this operation, 0B of additional disk space will be used.
Do you want to continue [Y/n]? y
(Reading database ... 87966 files and directories currently installed.)
Preparing to replace moblock 0.9~rc2-11~hardy (using .../moblock_0.9~rc2-11~hardy_i386.deb) ...
* Stopping MoBlock moblock [fail]
invoke-rc.d: initscript moblock, action "stop" failed.
dpkg: warning - old pre-removal script returned error exit status 3
dpkg - trying script from the new package instead ...
* Stopping MoBlock moblock [fail]
invoke-rc.d: initscript moblock, action "stop" failed.
dpkg: error processing /var/cache/apt/archives/moblock_0.9~rc2-11~hardy_i386.deb (--unpack):
subprocess new pre-removal script returned error exit status 3
* Starting MoBlock moblock invoke-rc.d: initscript moblock, action "start" failed.
dpkg: error while cleaning up:
subprocess post-installation script returned error exit status 8
Errors were encountered while processing:
/var/cache/apt/archives/moblock_0.9~rc2-11~hardy_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code
So, I can not uninstall or re-install it.
Tried a apt-get -f install but the same thing:
Code:
eddy@eddy-mint2 ~ $ sudo apt-get -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
Correcting dependencies... Done
The following extra packages will be installed:
libnetfilter-queue1 libnfnetlink0
The following NEW packages will be installed:
libnetfilter-queue1 libnfnetlink0
0 upgraded, 2 newly installed, 0 to remove and 17 not upgraded.
1 not fully installed or removed.
Need to get 0B/78.9kB of archives.
After this operation, 139kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Selecting previously deselected package libnfnetlink0.
(Reading database ... 87954 files and directories currently installed.)
Unpacking libnfnetlink0 (from .../libnfnetlink0_0.0.30-2_i386.deb) ...
Selecting previously deselected package libnetfilter-queue1.
Unpacking libnetfilter-queue1 (from .../libnetfilter-queue1_0.0.13-1_i386.deb) ...
Selecting previously deselected package moblock.
Preparing to replace moblock 0.9~rc2-11~hardy (using .../moblock_0.9~rc2-11~hardy_i386.deb) ...
* Stopping MoBlock moblock [fail]
invoke-rc.d: initscript moblock, action "stop" failed.
dpkg: warning - old pre-removal script returned error exit status 3
dpkg - trying script from the new package instead ...
* Stopping MoBlock moblock [fail]
invoke-rc.d: initscript moblock, action "stop" failed.
dpkg: error processing /var/cache/apt/archives/moblock_0.9~rc2-11~hardy_i386.deb (--unpack):
subprocess new pre-removal script returned error exit status 3
* Starting MoBlock moblock invoke-rc.d: initscript moblock, action "start" failed.
dpkg: error while cleaning up:
subprocess post-installation script returned error exit status 8
Errors were encountered while processing:
/var/cache/apt/archives/moblock_0.9~rc2-11~hardy_i386.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
Any idea?
Re: General MoBlock thread
Moved to Debian: Other OS talk.
Re: General MoBlock thread
Quote:
Originally Posted by
jre
I guess you need to whitelist your LAN, including your router, too. If you don't know your local IP check it with "sudo ifconfig". It's the value after "inet addr:" of the interface that you use for networking. For wired connections that might be "eth0", for wireless connections "wlan0".
Example: You found out that your IP is 192.168.0.39. Then your LAN will most probably cover the IP range 192.168.0.1-192.168.0.255. Then whitelist this range with the following lines in /etc/default/moblock:
Code:
WHITE_IP_IN="192.168.0.0/24"
WHITE_IP_OUT="192.168.0.0/24"
After editing and a "moblock-control restart" you should be fine. Of course you can also do this with mobloquer.
firestarter is not a firewall itself but it just sets up the Linux firewall: iptables. All your iptables rules do belong to moblock, so there is no conflict.
Thanks for posting your iptables rules, that saved me some questions.
Greets
jre
thanks very much jre - thats sorted it
did i miss something in the readme or was this info missing (or maybe not written for a non linux expert?) Seems it would save you a lot of time if the readme's were aimed more at us noobs :D
i had previously tried mobloquer - it just didn't work (odd because it used to before i upgraded to Heron)
does running the firestarter gui activate the firewall? - only it started blocking my bittorrent port - easily fixed but annoying (sorry i know firestarter is not what you're supporting her)
Doc
Re: General MoBlock thread
Do not worry about it anymore.
For others who run into the same uninstall problems posted and tried everything to uninstall moblock without success:
rm -rf everything to do with moblock like /etc/moblock etc...
You will get a message at boot telling you to click "fix broken packages" but that didn't work either so just continue with the boot.
I installed Ipblock instead without any problems.
I still have moblock running with Mint Daryna, so thanks for all your work guys.
Re: General MoBlock thread
Quote:
Originally Posted by
Sef
Moved to Debian: Other OS talk.
No, that's definitely the wrong forum. This thread is targeted at Ubuntu users like the HOWTO https://help.ubuntu.com/community/MoBlock.
It's there so that Ubuntu users can ask me questions and make development questions. (Yes, I'm a Debian user, but this has nothing to do with this thread).
I'm not sure if the network forum was well chosen, so move it wherever you think is correct. Thanks for your work.
Edit 2008-06-11: We were moved to
Ubuntu Forums > The Ubuntu Forum Community > Other Community Discussions > Tutorials & Tips
Thanks, Sef
Quote:
Originally Posted by
Doctoxic
did i miss something in the readme or was this info missing (or maybe not written for a non linux expert?) Seems it would save you a lot of time if the readme's were aimed more at us noobs :D
Where did you read? I'm currently working on improving the documentation on two places:
- debconf questions: they interact with the user during installation, give warnings, explanations and allow to configure moblock. If you want to help me please download the current preview package from moblock-deb.sf.net/preview/ and tell me if my language there is clear and helpful for a non-tech person. This would be a great help!
- the wiki at https://help.ubuntu.com/community/MoBlock
Quote:
Originally Posted by
Doctoxic
does running the firestarter gui activate the firewall? - only it started blocking my bittorrent port - easily fixed but annoying (sorry i know firestarter is not what you're supporting her)
If you "start" firestarter the configured iptables rules will be inserted. So just check with "iptables -L -nv" before and after starting firestarter what happens.
Re: General MoBlock thread
thanks jre
i read the wiki - which does not contain the info in your post (well not specific enough for the likes of me)
thanks again for all your help with this
doc
Re: General MoBlock thread
Quote:
Originally Posted by
Doctoxic
thanks jre
i read the wiki - which does not contain the info in your post (well not specific enough for the likes of me)
thanks again for all your help with this
Now it does. If you miss something please tell me.
jre
Re: General MoBlock thread
Getting an error when trying to stop the service. It says fail. But if I try to restart it works fine.
Code:
xxx@xxx:~$ sudo moblock-control stop
* Stopping MoBlock moblock [fail]
xxx@xxx:~$ sudo moblock-control status
Current iptables rules (this may take awhile):
Chain INPUT (policy ACCEPT 12380 packets, 14M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 8134 packets, 555K bytes)
pkts bytes target prot opt in out source destination
Please check if the above printed iptables rules are correct!
* moblock is running, pid is 5430.
So it looks like it's running, I believe. But why can't it stop? Is there anything I need to look at?
Also if I kill pid 5430 and do a start command, it says that it's starting but when I give it a few minutes and run status it says that moblock is not running. Same for restart.
And is there a way to view what is being blocked real time? Or do you have to just go through the logs? Or would I need mobloquer? Just wondering as I'm going from peerguardian on XP and would like to get something running on my Linux box. Sorry if the questions. I didn't see much documentation on the website other than how to install moblock. Thanks for your help.
Edit: I just saw the tail -f /var/log/moblock.log command to view real time. But it's not working at the moment since moblock isn't running :P
Edit2: FYI I'm not running any software firewall.
Re: General MoBlock thread
Well now that I had a chance to reboot, moblock isn't running anymore when I check the status. If I try to start or restart, it still won't run.
Edit: I got it to work. I edited the moblock.conf file incorrectly. I thought that it said that you could put the ip range in the whitelist, So I did 192.168.11.1-192.168.11.255. I changed it to 192.168.11.0/24 and it's working now. Also, I may have added a space in that range too. I don't remember it since I changed it. Now it's working as it should. Sorry about that.
Re: General MoBlock thread
Quote:
Originally Posted by
yipperzz
Edit: I got it to work. I edited the moblock.conf file incorrectly. I thought that it said that you could put the ip range in the whitelist, So I did 192.168.11.1-192.168.11.255. I changed it to 192.168.11.0/24 and it's working now. Also, I may have added a space in that range too. I don't remember it since I changed it. Now it's working as it should. Sorry about that.
Glad to hear it's working now. For future reference: Have a look at /var/log/moblock-control.log, there errors get explained or at least logged.
For all who are interested:
I've put preview packages at moblock-deb.sf.net/preview with some nice new things:
- allow-list with support for ip-ranges (as yipperzz thought)
- debconf support (graphical configuration during installation and at every later time)
- log to syslog the port a blocked packet was sent on
- automatic whitelisting of the LAN
I'd appreciate every feedback. Next to bugreports (sigh ...) I'm particularly interested in feedback for the debconf part: is it useful? Do you understand it? Are there open questions? To technical?
If everything is perfect a short notice would be nice, too.
jre