Page 21 of 120 FirstFirst ... 1119202122233171 ... LastLast
Results 201 to 210 of 1196

Thread: Moblock (peerguardian linux alternative)

  1. #201
    Join Date
    Sep 2006
    Beans
    64

    Re: Moblock (peerguardian linux alternative)

    Wow what resting of the mind does.

    I totally understand this now.

    What happens if i use this coding:

    Code:
    # Your internet interface
    
    interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"
    
    	protection strong 10/sec 10
    	server "ssh ftp" accept
    	server all MOBLOCK
    	
            # This will send http traffic directly
            # to accept instead of moblock
            # thus whitelisting it...
    	client "http https" accept
            client all MOBLOCK
    	
    router home2internet inface eth1 outface eth0
    	masquerade
    	route all accept
    Will i be protected from anyone accessing my machine thats on the block list. or is this done automatically?

  2. #202
    Join Date
    Sep 2006
    Beans
    64

    Re: Moblock (peerguardian linux alternative)

    everything is working fine now... oh yeah except when firehol is loading at start up it shows an [ok] ... but then i do iptables -L and dont get back anything.


    when i manually restart it.. then iptables -L show tons of info..

    im about to reformat this partition and start fresh.. i know there is a way around it..

    i used to use ubuntu-firewall and removed it from rc#.d directories.. i don't know if i did it correctly.. thanks for any feed back.

  3. #203
    Join Date
    Nov 2005
    Location
    Scandinavia
    Beans
    937

    Re: Moblock (peerguardian linux alternative)

    if i'm not mistaken, you should use "server" instead of route after using reverse masquerading on a interface.

    If only firehol, and moblock is installed, you should have a populated iptables after bootup. something is messing with the procedure. if you restart firehol, doesn't it complain about the route command?
    - "though It seems that I know that I know, what I would like to see Is the I that sees me, when I know that I know that I know" / Alan Watts

  4. #204

    Re: Moblock (peerguardian linux alternative)

    Hello,

    I'm wondering if anyone else is having a problem that I'm having.
    Before the last update when I would 'tail -f /var/log/moblock.log' it would show about 180,000 ranges blocked. Now when I do it, it only shows 2672 ranges blocked.
    Also, I can leave amule going for hours downloading and nothing will show up on the log as being blocked, when I usually have a couple of blocks a minute.

    I don't have any firewalls running.

    Any ideas what's going on or any suggestions on how to fix it?

    Thanks in advance and thank you for all the work you've put into this program.

  5. #205
    Join Date
    Nov 2005
    Location
    Scandinavia
    Beans
    937

    Re: Moblock (peerguardian linux alternative)

    Hi, clessing is going to reorganize things a bit in moblock-deb, but until then, there seems to be some problems with the new nipfilter.dat in /etc/cron.daily/moblock-nfq, comment the new BLOCKLISTS line, and uncomment the old one, and restart your computer and all will be well.

    Those lines look like this (when modified as above)
    Code:
    BLOCKLISTS="ads-trackers-and-bad-pr0n level1 level2  Microsoft  spyware "
    #BLOCKLISTS="nipfilter.dat ads-trackers-and-bad-pr0n"
    Now i _don't_ now what is causing this, it might only be temporary, so I will not suggest this as a permanent solution. but for the time being...
    - "though It seems that I know that I know, what I would like to see Is the I that sees me, when I know that I know that I know" / Alan Watts

  6. #206
    Join Date
    Sep 2006
    Beans
    64

    Re: Moblock (peerguardian linux alternative)

    Quote Originally Posted by pelle.k View Post
    if i'm not mistaken, you should use "server" instead of route after using reverse masquerading on a interface.

    If only firehol, and moblock is installed, you should have a populated iptables after bootup. something is messing with the procedure. if you restart firehol, doesn't it complain about the route command?
    Hey pelle.k:


    I am able to use the net on my lan. I have problems with some applications like my xbmc(xbox) connecting to a client on my machine. Other then that it works... Although i'm still feeling compelled to fresh install.

    I restart my firewall an i get no error. I have a new configuration in my conf file.

    Code:
    version 5
    
    #specify ports here
    ## type: client or server
    ## label: label port
    ## type/port: tcp or udp and port (Ex. tcp/80 or udp/300000
    #format: type_label_ports="type/port"
    
    server_xlink_ports="udp/37500"
    client_xlink_ports="default"
    
    # moblock settings
    iptables --new MOBLOCK
    iptables -A MOBLOCK -j NFQUEUE
    
    # The network of eth1
    home_ips=192.168.100.2/24
    
    
    # Your internet interface
    
    interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"
    
            protection strong 10/sec 10
            server "ssh ftp xlink" accept
            # This will send http traffic directly to accept instead of moblock thus whitelisting it...
            client "http https" accept
            client all MOBLOCK
    
    # Local network
    
    interface eth1 home src "${home_ips}"
            policy accept
            client all accept
    
    #Routing information
    
    router home2internet inface eth1 outface eth0
            client all accept
            route all accept
            masquerade
    If you see why a client connected to eth1 is having problems accessing the web via port 37500. Please by all means, let me know.

    I ran a script named firehol-wizard or something of that nature that made a check through my script and placed some TODO fields in showed a configuration that i used to have. my firehol.conf is located in /etc/firehol/. Perhaps it's pulling another conf file... im not sure what is going on.

    Before using this firewall i never had experienced problems with my xbox and client/server connectivity. It's sad that I can't find another forum to discuss this issue in since there is moblock being an issue.

  7. #207
    Join Date
    Nov 2005
    Location
    Scandinavia
    Beans
    937

    Re: Moblock (peerguardian linux alternative)

    Code:
    version 5
    
    #specify ports here
    ## type: client or server
    ## label: label port
    ## type/port: tcp or udp and port (Ex. tcp/80 or udp/300000
    #format: type_label_ports="type/port"
    
    server_xlink_ports="udp/37500"
    client_xlink_ports="default"
    
    dnat to 192.168.100.2:37500 inface eth0 proto udp dport 37500
    
    # moblock settings
    iptables --new MOBLOCK
    iptables -A MOBLOCK -j NFQUEUE
    
    # The network of eth1
    home_ips=192.168.100.2/24
    
    
    # Your internet interface
    
    interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"
    
            protection strong 10/sec 10
            server "ssh ftp" accept # you dont need xlink here
            # This will send http traffic directly to accept instead of moblock thus whitelisting it...
            client "http https" accept
            client all MOBLOCK
    
    # Local network
    
    interface eth1 home src "${home_ips}" #this is only in your lan...
            policy accept
            client all accept
            #server all accept # you can safely remove this comment
    
    #Routing information
    
    router home2internet inface eth0 outface eth1
            masquerade reverse
            client all accept
            server xlink accept # xlink only here (this is the server)
    Do you understand now?
    I'm kindof tired, but i think this should be right...
    - "though It seems that I know that I know, what I would like to see Is the I that sees me, when I know that I know that I know" / Alan Watts

  8. #208
    Join Date
    Sep 2006
    Beans
    64

    Re: Moblock (peerguardian linux alternative)

    Always good at that supporting end. Highly appreciated. Did you write moblock?

    Anyways i tried your method for firehol.conf and i dont see any issues. Matter of fact i know see then when my client tries to connect to eth1(lan), moblock.log returns:

    Code:
    Blocked OUT: ServerBeach,hits: 3,DST: 66.135.32.175
    Blocked OUT: ServerBeach Emule servers|P2P Fakes,hits: 3,DST: 64.34.165.84
    I need this to work from a machine attached to eth1. I will continue my research. Thanks for everything... Any feed back from anyone is greatly appreciated.

  9. #209

    Re: Moblock (peerguardian linux alternative)

    Thanks pelle.k,

    That worked great!

  10. #210
    Join Date
    Mar 2006
    Beans
    6

    Re: Moblock (peerguardian linux alternative)

    Well, hi.

    I'm using moblock for 2.6.18 and the old filter files in cron.daily.

    --------
    Ranges loaded: 159469
    Merged ranges: 176
    Skipped useless ranges: 5890
    NFQUEUE: binding to queue '0'
    error during nfq_create_queue()
    --------

    Besides that error I noticed that moglock.log was bigger than 230MB today. That was because of all that "Skipping..."-messages. Maybe you should tweak the scripts to make sure that doesn't happen after a few weeks of usage.

Page 21 of 120 FirstFirst ... 1119202122233171 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •