Re: General MoBlock thread
Hi, Thanks for the reply
moblock-control status is
Current iptables rules (this may take awhile):
Chain INPUT (policy ACCEPT 516K packets, 131M bytes)
pkts bytes target prot opt in out source destination
23 2954 moblock_in 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa
0 0 moblock_fw 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
Chain OUTPUT (policy ACCEPT 597K packets, 648M bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa reject-with icmp-port-unreachable
0 0 moblock_out 0 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
Chain moblock_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Chain moblock_in (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
23 2954 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN 0 -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.28.93
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.106.46
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.106.24
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.106.95
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.108.50
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.108.37
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.106.17
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.108.17
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.106.30
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.108.39
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.108.36
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.106.20
0 0 RETURN 0 -- * * 0.0.0.0/0 65.54.179.216
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.108.23
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.106.16
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.106.23
0 0 RETURN 0 -- * * 0.0.0.0/0 207.46.108.57
0 0 RETURN 0 -- * * 0.0.0.0/0 65.54.239.140
0 0 RETURN 0 -- * * 0.0.0.0/0 65.54.239.20
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Please check if the above printed iptables rules are correct!
* moblock is running, pid is 392.
and /etc/default/moblock is
# moblock.default - default configuration file for moblock-control
# In this file you can put any configuration variable from moblock.conf
# (/etc/moblock/moblock.conf). Values in moblock.conf will be overwritten by
# values in this file (moblock.default).
WHITE_TCP_OUT="http"
WHITE_IP_OUT="65.54.239.20 65.54.239.140 207.46.108.57 207.46.106.23 207.46.106.16 207.46.108.23 65.54.179.216 207.46.106.20 207.46.108.36 207.46.108.39 207.46.106.30 207.46.108.17 207.46.106.17 207.46.108.37 207.46.108.50 207.46.106.95 207.46.106.24 207.46.106.46 207.46.28.93"
WHITE_TCP_IN="http"
Re: General MoBlock thread
The output of ls -l `sudo find /etc/ -name "*moblock*"`:
Code:
-rwxr-xr-x 1 root root 2861 2008-05-08 22:45 /etc/cron.daily/moblock
-rw-r--r-- 1 root root 258 2008-05-08 22:44 /etc/default/moblock
-rw-r--r-- 1 root root 399 2008-05-08 22:45 /etc/logrotate.d/moblock
-rw-r--r-- 1 root root 4961 2008-05-08 22:17 /etc/moblock/moblock.conf
lrwxrwxrwx 1 root root 17 2008-05-25 11:07 /etc/rc0.d/K20moblock -> ../init.d/moblock
lrwxrwxrwx 1 root root 17 2008-05-25 11:07 /etc/rc1.d/K20moblock -> ../init.d/moblock
lrwxrwxrwx 1 root root 17 2008-05-25 11:07 /etc/rc2.d/S20moblock -> ../init.d/moblock
lrwxrwxrwx 1 root root 17 2008-05-25 11:07 /etc/rc3.d/S20moblock -> ../init.d/moblock
lrwxrwxrwx 1 root root 17 2008-05-25 11:07 /etc/rc4.d/S20moblock -> ../init.d/moblock
lrwxrwxrwx 1 root root 17 2008-05-25 11:07 /etc/rc5.d/S20moblock -> ../init.d/moblock
lrwxrwxrwx 1 root root 17 2008-05-25 11:07 /etc/rc6.d/K20moblock -> ../init.d/moblock
/etc/moblock:
totaal 37652
-rw-r--r-- 1 root root 920 2008-05-03 21:43 blocklists.list
-rw-r--r-- 1 root root 868 2008-01-14 20:40 blocklists.list~
-rw-r--r-- 1 root root 868 2008-05-08 22:17 blocklists.list.dpkg-dist
-rw-r--r-- 1 root root 16405635 2008-05-03 20:49 guarding.p2p
-rw-r--r-- 1 root root 9938230 2008-05-03 21:54 ipfilter.dat
-rw-r--r-- 1 root root 9938230 2008-05-03 21:44 ipfilter.dat.backup
-rwxr-xr-x 1 root root 565 2008-05-08 22:17 iptables-custom-insert.sh
-rwxr-xr-x 1 root root 564 2008-05-08 22:17 iptables-custom-remove.sh
-rw-r--r-- 1 root root 4961 2008-05-08 22:17 moblock.conf
-rwxr-xr-x 1 root root 2596 2008-05-08 22:45 MoBlock-nfq-reject.sh
-rwxr-xr-x 1 root root 2637 2008-05-08 22:17 MoBlock-nfq.sh
-rw-r--r-- 1 bart bart 2167522 2008-05-03 21:56 pipfilter.dat.gz
I checked if /etc/init.d/moblock existed, but the file is nowhere to be found. So i guess we found the reason.
LSB_MODE is set to 0.
The status right after booting the system is: pid is not running.
Re: General MoBlock thread
Quote:
Originally Posted by
Nepherte
I checked if /etc/init.d/moblock existed, but the file is nowhere to be found. So i guess we found the reason.
Yay.
Either do a sudo aptitude purge moblock && sudo aptitude install moblock (this way you will loose your current configuration, but a simple aptitude reinstall moblock won't help), or copy it there manually:
Code:
mkdir ~/moblock
dpkg -X /var/cache/apt/archives/moblock_0.9~rc2-11_i386.deb ~/moblock
sudo cp ~/moblock/etc/init.d/moblock /etc/init.d/moblock
chmod +x /etc/init.d/moblock
Step 1: Create a directory in your home directory
Step 2: Extract the current moblock deb (assuming you haven't deleted it)
Step 3: copy the file to the correct place
Step 4: Make the file executable (although it should be so already)
Quote:
Originally Posted by
chris.tkd
moblock-control status is
Code:
Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
[...]
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 NFQUEUE 0 -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Well, 80 is http, so webbrowsing is definitely whitelisted. Still ...
Quote:
Originally Posted by
chris.tkd
and /etc/default/moblock is
WHITE_TCP_OUT="http"
WHITE_IP_OUT="65.54.239.20 65.54.239.140 207.46.108.57 207.46.106.23 207.46.106.16 207.46.108.23 65.54.179.216 207.46.106.20 207.46.108.36 207.46.108.39 207.46.106.30 207.46.108.17 207.46.106.17 207.46.108.37 207.46.108.50 207.46.106.95 207.46.106.24 207.46.106.46 207.46.28.93"
WHITE_TCP_IN="http"
Replace WHITE_TCP_OUT="http" with WHITE_TCP_OUT="80 8080 443":
- port 80 is what the service name "http" really means (IMHO it was not a good idea of the iptables team to introduce the ambiguous service name "http". So for the sake of clarity i prefer "80". Anyway, that's not important here.)
- port 8080 is sometimes an alternative to 80, chosen by a few webpages. Let's add that here, too.
- 443 (service name https) may also help.
So now, do a moblock-control restart and try again. Does it work now?
If not: no websurfing at all or just not a few pages?
Are blocks shown in the logfile when you can't surf to a webpage?
A few more comments:
Instead of many seperate entries you might want to whitelist the entire range 207.46.106.0-207.46.106.255. Just delete the single 207.46.106.XXX entries and add a 207.46.106.0/24 instead.
There's no need to whitelist incoming port 80 (http), except if you have set up apache and are providing a homepage. So remove the WHITE_TCP_IN="http" entry. I guess you just did that while trying to fix your problems, but this won't help ...
General, if mobloquer does not automatically do so, always do a moblock-control restart when you have changed something in the whitelisting.
greets
jre
Re: General MoBlock thread
Thanks. That solved the problem.
Re: General MoBlock thread
I have the same problem as Chris. When Moblock is running, I don't have any web browsing at all. It stays stuck at "looking up domain.com" on any site I try.
Here's my Moblock status:
Current iptables rules (this may take awhile):
Chain INPUT (policy ACCEPT 111K packets, 144M bytes)
pkts bytes target prot opt in out source destination
0 0 moblock_in all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
0 0 BLOCK_MATCH all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xffff
2161K 205M INPUT_QUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0xfffe
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa
0 0 moblock_fw all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
Chain OUTPUT (policy ACCEPT 73993 packets, 5947K bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xa reject-with icmp-port-unreachable
148K 9599K moblock_out all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0x14
0 0 BLOCK_MATCH all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match 0xffff
39M 2650M OUTPUT_QUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW MARK match !0xfffe
Chain ALLOW_IP (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 destination IP range 130.149.17.156-130.149.17.156
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 destination IP range 66.35.250.209-66.35.250.209
Chain BLOCK_MATCH (2 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain INPUT_QUEUE (1 references)
pkts bytes target prot opt in out source destination
2161K 205M ALLOW_IP all -- * * 0.0.0.0/0 0.0.0.0/0
2161K 205M NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 255
Chain OUTPUT_QUEUE (1 references)
pkts bytes target prot opt in out source destination
2444 156K RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
33 1980 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
39M 2650M ALLOW_IP all -- * * 0.0.0.0/0 0.0.0.0/0
39M 2650M NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 255
Chain moblock_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 192.168.200.0/24
0 0 RETURN all -- * * 192.168.200.0/24 0.0.0.0/0
0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Chain moblock_in (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 192.168.200.0/24 0.0.0.0/0
0 0 NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Chain moblock_out (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 RETURN all -- * * 0.0.0.0/0 204.227.127.200
0 0 RETURN all -- * * 0.0.0.0/0 192.168.200.0/24
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21
1 60 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
0 0 RETURN tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
148K 9599K NFQUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 NFQUEUE num 0
Please check if the above printed iptables rules are correct!
* moblock is running, pid is 2576.
Here's my whitelist
# moblock.default - default configuration file for moblock-control
# In this file you can put any configuration variable from moblock.conf
# (/etc/moblock/moblock.conf). Values in moblock.conf will be overwritten by
# values in this file (moblock.default).
WHITE_TCP_OUT="80 8080 443 ftp imap smtp pop3"
WHITE_IP_IN="192.168.200.0/24"
WHITE_IP_OUT="192.168.200.0/24 204.227.127.200"
WHITE_IP_FORWARD="192.168.200.0/24"
Re: General MoBlock thread
@ alonecity:
I need answers to these questions, too:
Quote:
Originally Posted by
jre
If not: no websurfing at all or just not a few pages?
Are blocks shown in the logfile when you can't surf to a webpage?
Is 192.168.200.0/24 your LAN (in doubt post the output of sudo ifconfig)? If not, then you should whitelist your LAN.
Re: General MoBlock thread
Nice one, thanks for your work. Just a note though, by enabling the repos listed on the sourceforge page you link to, I have been able to install moblock and mobloquer on 64-bit. The page at https://help.ubuntu.com/community/MoBlock says you have to compile from source to get it working on 64-bit.
I really like mobloquer, nice work!!!!
Re: General MoBlock thread
You can download preview packages of MoBlock (0.9~rc2-12~pre37) here: http://moblock-deb.sourceforge.net/preview
Next to many other changes this version has debconf support. Of course I want to know if it works technically. But I'm also interested in feedback about the debconf descriptions. Are they unclear, too technical, ...?
Further, thanks to Cader (http://forums.phoenixlabs.org/showthread.php?p=116645), it's now possible to find out the ports of blocked packets. Have a look at the NEWS (/usr/share/doc/moblock/NEWS.Debian.gz)
jre
Re: General MoBlock thread
I installed Moblock recently, and now it doesn't work for some reason. I removed all whitelist IPs from the list in moblock.conf, and for some reason, I can still access the internet, when I should be blocked from my router.
I think this problem may be down to the firewall in Ubuntu. Moblock worked well before I installed firestarter, the GUI for the firewall. Now it seems as if Moblock doesn't work at all.
So, what should be my next step from here, in trying to get Moblock to work. It worked perfectly fine before!
Oh yes, I'm not using Mobloquer, but the non-GUI interface instead. I will try switching to the GUI, and see if that solves my problems.
Re: General MoBlock thread
Quote:
Originally Posted by
techstop
Nice one, thanks for your work. Just a note though, by enabling the repos listed on the sourceforge page you link to, I have been able to install moblock and mobloquer on 64-bit. The page at
https://help.ubuntu.com/community/MoBlock says you have to compile from source to get it working on 64-bit.
I just updated that page, finally ;-)
Other contributions are of course always welcome!
Quote:
Originally Posted by
ApUUbunU
I installed Moblock recently, and now it doesn't work for some reason. I removed all whitelist IPs from the list in moblock.conf, and for some reason, I can still access the internet, when I should be blocked from my router.
I think this problem may be down to the firewall in Ubuntu. Moblock worked well before I installed firestarter, the GUI for the firewall. Now it seems as if Moblock doesn't work at all.
Do a moblock-control restart. I guess that firestarter purged your moblock iptables rules. You have to make sure that moblock is started after other firewalls or if this is not possible to do a restart. If your problems continue please post the output of moblock-control status.
jre