Sound's good
I was actually wondering after that how the load could be so easily spread
CoXen
Sound's good
I was actually wondering after that how the load could be so easily spread
CoXen
CoXen
Fiesty User
Forgive my ignorance, but I can't seem to find an answer to my question in this thread.
Once IP Block is enabled, everything is just peachy, with the status and log and all. After a while, though, I can't access any web pages at all. I've enabled HTTP/HTTPS/FTP, etc. I don't know what has happened.
Any help would be appreciated.
FYI, I'm running 64 Bit Gutsy.
Are you using the latest version 0.15.1 ? Have you restarted IPblock after enabling those ports ?After a while, though, I can't access any web pages at all. I've enabled HTTP/HTTPS/FTP, etc. I don't know what has happened.
Yes, I am using the latest. I downloaded the package off of sourceforge. I did restart.
If I recall correctly (I have uninstalled the package for the time being) it would disallow web access once I started up my PC. that is, I had ip* load on startup and that is when it would start blocking http, etc.
So, yes. I believe that would qualify as restarting. I also stopped and restarted via terminal.
It seems like the iplist daemon died for some reason, but iptables was still redirecting traffic to it. The default behaviour of the kernel is to drop those packets.
What does "grep iplist /var/log/syslog*" show ? How often did this occur and is it reproducible ?
That's the log.Nov 21 18:28:19 blackathlon iplist[23426]: error: no running iplist instance found
Nov 21 18:28:42 blackathlon iplist[23562]: error: can't send job to msq
Nov 21 18:28:49 blackathlon iplist[23593]: error: can't send job to msq
Nov 21 18:55:08 blackathlon iplist[31578]: error: no running iplist instance found
Nov 21 18:55:14 blackathlon iplist[31607]: error: iplist needs to be run as root
Nov 21 19:13:53 blackathlon iplist[9918]: error: no running iplist instance found
Nov 21 19:13:57 blackathlon iplist[9933]: error: iplist needs to be run as root
Nov 21 19:17:22 blackathlon iplist[11007]: error: no running iplist instance found
Nov 21 19:17:48 blackathlon iplist[11134]: error: iplist needs to be run as root
Nov 21 19:21:26 blackathlon iplist[12251]: error: no running iplist instance found
Nov 21 20:49:24 blackathlon iplist[9455]: error: no running iplist instance found
Nov 21 20:49:50 blackathlon iplist[9579]: error: iplist needs to be run as root
Nov 21 21:30:32 blackathlon iplist[22070]: error: no running iplist instance found
Nov 21 21:31:39 blackathlon iplist[22430]: error: can't find stop
It would occur every time I enabled the blocker. It would only allow traffic if I disabled the blocker.
It happens with moblock also, so that leaves me scratching my head. I can't get any IP filter to work so far without blocking web or IM traffic. It seems to work fine with torrent software, but not otherwise, even with the torrents on halt. The only time it lets me continue IM use is when I have an established connection. If I sign out of Pidgin it won't let me sign back in without disabling the blocker.
Like I thought. If this also happens with moblock then the reason why iplist dies is probably libnetfilter-queue related. But further digging is required.
The following test would redirect all traffic to iplist which accepts it.
What does the last command show ?Code:iptables -I INPUT -j NFQUEUE echo ":127.0.0.1-127.0.0.1" | iplist -v -p accept -t accept -f /tmp/ipblock.log -l all -
After the test you can revert the changes by killing iplist with CTRL-C (or "iplist -k") and removing the iptables rule :
Code:iptables -D INPUT -j NFQUEUE
I was having a lot of trouble with my installation, so i did a wipe and install on Thursday.
I reinstalled iptables about two minutes ago, but everything got blocked. It wouldn't even allow me to run the commands you gave me. It said something about iplist needing to be run as root. I did use sudo when I ran the commands, but it just wouldn't work. My PC wouldn't reach any web traffic so I uninstalled the package.
Any more ideas?
i'm using ipblock. when i start it from terminal, it starts with no gui. however when i update from terminal it does not download level1.gz. how do i get it to download this file ? it never has.
thank you
The GUI starts with "ipblock -g" (as root). It looks like bluetack.co.uk has a bandwidth issue. But there is a mirror available. To use it edit (as root) /usr/share/doc/iplist/README.lists and replace http://iplist.sf.net/lists/level1.gz.php with http://iplist.sf.net/mirror/level1.gz.php.
Before updating IPblock should be disabled because it might block those hosts.
// EDIT: ATM IPblock uses the mirror as the default source to help bluetack.co.uk reducing their bandwidth. The lists are hosted on an university network, which is fast and hopefully more reliable. The mirror is updated every 2 days. So there's no need to edit the README.lists.
Last edited by uljanow; November 28th, 2007 at 01:26 AM.
Bookmarks