General MoBlock thread

[Zeikcied]

I'm having a bit of a problem. I know this isn't necessarily a Moblock issue as much as it is a block list problem, though.

Recently, I'm guessing since the switch to the new lists, I've been unable to connect to any ed2k servers using MLDonkey. I believe I tried aMule, and got similar results.

It almost seems like every ed2k server on my servers list (both programs, even) is blocked or not responding. I've noticed that, in the console window in MLDonkey (or in my case KMLDonkey), some servers are saying that my port is not responding, even though I've made no changes in port fowarding (I checked and the port is properly forwarded).

Since I don't think this is a Moblock issue (more a block list issue), I doubt I'll get much help. It's just a bit of an annoyance and I'm hoping for some advice either way.

[unf4b1x]

Just press the "OK".

This is a so called "debconf" question. If your debconf interface doesn't support your mouse you have to use your keyboard: hit the "TAB" key until "OK" is highlighted and then press "RETURN".

You may also do a "sudo dpkg-reconfigure debconf" and select "Gnome" as your interface. Then you can use your mouse for debconf questions.

Thanks a lot. It works fine now.

Btw, as I was reinstalling it again,
1. Would it work fine too if I would install Mobloquer also?
2. Wouldn't there be any conflicts?
3. Having to use Mobloquer, does it integrate to iptables as well as Moblock?
4. Are there any security issues that I should know about Moblock? Or could you direct me to what site I should be reading?

Anyways, more power!

[lovinglinux]

Thanks a lot. It works fine now.

Btw, as I was reinstalling it again,
1. Would it work fine too if I would install Mobloquer also?
2. Wouldn't there be any conflicts?
3. Having to use Mobloquer, does it integrate to iptables as well as Moblock?
4. Are there any security issues that I should know about Moblock? Or could you direct me to what site I should be reading?

Anyways, more power!

Short answers:

1.yes
2.no
3.no
4. start it after firewall managers

Long answers:

1+2. Mobloquer is just a GUI to control/manage moblock-control functions and settings. It was designed to be installed with moblock and can't work alone. Nevertheless, you can use and control moblock without mobloquer using commands.

3. Moblock add it's rules (ip filtering) to the iptables and it also has custom scripts for adding regular customized rules. But mobloquer does not provide an iptables manager GUI like Firestarter or Gufw. You can add your rules to the custom scripts and moblock will run them when stopping and starting, even if you don't have mobloquer installed. If you don't need to change the iptables rules frequently, you can get rid of Firestarter and use only moblock scripts. That works pretty fine.

4. Not that I'm aware of, but I'm not a security expert. If you use a firewall manager like Firestarter, you need to start it before moblock, otherwise it will override moblock's rules. You can learn more about it here and here.

I'm having a bit of a problem. I know this isn't necessarily a Moblock issue as much as it is a block list problem, though.

Recently, I'm guessing since the switch to the new lists, I've been unable to connect to any ed2k servers using MLDonkey. I believe I tried aMule, and got similar results.

It almost seems like every ed2k server on my servers list (both programs, even) is blocked or not responding. I've noticed that, in the console window in MLDonkey (or in my case KMLDonkey), some servers are saying that my port is not responding, even though I've made no changes in port fowarding (I checked and the port is properly forwarded).

Since I don't think this is a Moblock issue (more a block list issue), I doubt I'll get much help. It's just a bit of an annoyance and I'm hoping for some advice either way.

Run this command

Code:

tail -f /var/log/moblock.log

or use the mobloquer logging feature to pinpoint which IP address is blocked when you try to connect to the server, then add this IP to your "/etc/moblock/allow.p2p" file or use the whitelist feature of mobloquer GUI.

you might want to add a bit to the wiki page about portforwards, there's no mention of the WHITE_TCP_IN= option, which i needed to add to /etc/default/moblock to get my hosted webpages (ntop and webmin), ftpd and sshd working again, as well as torrent ports, which is the whole point of moblock anyway, right?

Code:

cat /etc/default/moblock
# moblock.default - default configuration file for moblock-control

# In this file you can put any configuration variable from moblock.conf
# (/etc/moblock/moblock.conf). Values in moblock.conf will be overwritten by
# values in this file (moblock.default).

# Do a "moblock-control restart" when you have edited this file.
WHITE_TCP_OUT="1:65535"
WHITE_TCP_IN="20-22 3000 10000 20000:20009"
WHITE_IP_IN="20x.x.x.x/29"
WHITE_IP_OUT="20x.x.x.x/29"

also, by default, moblock seems to assume your subnet mask is /24, and whitelists that as the local lan. not so much a problem if you're on a smaller subnet like my /29, but perhaps an issue if you're on a larger subnet like a /23 or /16. i guess that's an upstream bug

I'm afraid that using "1:65535" in the WHITE_TCP_OUT will make moblock ignore all outgoing traffic. If you are using it for p2p, then this is really bad, because your client will be able to connect to peers blocked by the ip lists if the connection is requested by your client. It will block incoming connections but not outgoing.

You don't need to allow any outgoing or incoming ports to use p2p, because moblock will filter IP's and not ports. If you allow a port, then it will be completely ignored by the filter, regardless of the IP source or destination. If you are having trouble to connect to peers, then you should consider using less blocklists, not whitelisting ports.

If you access your machine with ssh from remote machines outside your LAN, then you can allow only the IP's of those machines instead of allowing the port. Unfortunately, this is not feasible if the remote machines have dynamic IP's.

[jre]

you might want to add a bit to the wiki page about portforwards, there's no mention of the WHITE_TCP_IN= option, which i needed to add to /etc/default/moblock to get my hosted webpages (ntop and webmin), ftpd and sshd working again, as well as torrent ports, which is the whole point of moblock anyway, right

First off, feel free to edit the wiki yourself, I would really appreciate this (I'm terribly short on time, currently)! Don't worry to write anything wrong - I'm notified of all changes, so I can correct things ...
Indeed WHITE_TCP_IN might be added as a separate question to the wiki page.
But the torrent ports must not be added! It's (one of) the point(s) of MoBlock to check exactly this traffic!

EDIT: Just had a closer look at your whitelisted ports: lovinglinux is right, you are whitelisting much too many ports. Allowing all traffic on OUT will most probably not be what you want.

also, by default, moblock seems to assume your subnet mask is /24, and whitelists that as the local lan. not so much a problem if you're on a smaller subnet like my /29, but perhaps an issue if you're on a larger subnet like a /23 or /16. i guess that's an upstream bug

This is a matter of moblock-control, so in this case I am upstream. I'll think about a solution for this. Until then, I recommend to manually whitelist the LAN (either via /etc/moblock/allow.p2p or the WHITE_IP_... variables).

Thanks
jre

[Just_a_man]

Hi

i did install moblock and it works just fine if i remember restart it always when i play whit the firewall.

And my promblem is that can you put a start up script in firestarter firewall so if it restarts/makes changes to it's firewall it restarts moblock.

or can you just take the iptable commands out of the moblock and use pre-firewall for cleaning the traffic

This is little bit a firestarter problem but it will help hundreds absent-minded persons who uses moblock.

[astarmathsandphysics]

I have a problem with moblock. It didn't install properly and now I can't install or uninstall any programs. I get this message.

E: dpkg was interrupted, you must manually run 'dpkg --configure -a' to correct the problem.
E: _cache->open() failed, please report.


When I type dpkg --configure -a into a terminal I opens the moblock screen and I can't work out how to configure or uninstall it. Any offers?

[jre]

When I type dpkg --configure -a into a terminal I opens the moblock screen and I can't work out how to configure or uninstall it. Any offers?

Quoting https://help.ubuntu.com/community/Mo...lock%20warning

Code:

I tried to install MoBlock but I'm stuck on a screen with a Moblock warning

This is a so called "debconf" question. Read the text and confirm by pressing "OK". If your debconf interface doesn't support your mouse, then you have to use your keyboard: hit the "TAB" key until "OK" is highlighted and then press "RETURN".

@Just_a_man: I'm not common with firestarter. but if someone has a solution I'd be glad to spread the word
Both ways that you describe would be nice. I'd prefer the one with an automatic "moblock-control restart"

[jre]

also, by default, moblock seems to assume your subnet mask is /24, and whitelists that as the local lan. not so much a problem if you're on a smaller subnet like my /29, but perhaps an issue if you're on a larger subnet like a /23 or /16. i guess that's an upstream bug

I've just fixed that. The subnetmask gets detected automatically now, too. It's already in the svn repository. I'll release the new moblock-control 1.2 soon.

[feistybird]

Hi,

My moblock suddenly blocks all my internet traffic, and I've tried various workarounds mentioned in the Ubuntu Help page, and this thread, but still no luck:

My platform: Ubuntu 8.10

Kernel: Custom Kernel 2.6.27.10 (but used to work fine with moblock)

Firewall Settings : NONE (ufw is not loaded)

Moblock Version:
moblock_0.9~rc2-21+intrepid_i386
moblock-control_1.1-1+intrepid_i386

My /etc/defaults/moblock settings are as follows:
(My LAN ip is 192.168.0.x)

Code:

WHITE_TCP_OUT="80 443 1863 22"
WHITE_TCP_IN="22"
WHITE_IP_IN="192.168.0.0/24"
WHITE_IP_OUT="192.168.0.0/24"

My /etc/moblock/allow.p2p is as follows:

Code:

192.168.0.1-192.168.0.255

My p2p applications are running properly as I can see usual upload/download status, but my moblock doesn't seem to follow the rules given in the /etc/defaults/moblock.

If I ping www.google.com, it returns: unknown host www.google.com, it only responses after the moblock is turned off

I've even disabled *ALL the lists* written in the /etc/moblock/blocklists.list, and did a moblock-control update && moblock-control restart, still the same, all my internet traffic are still blocked.

Code:

sudo moblock-control test

Trying to ping 4.2.144.95 from /etc/moblock/guarding.p2p ...
 * MoBlock marked the IP to be blocked and the IP did not answer. Test succeeded.

tail -f /var/log/moblock.log shows that moblock is still doing it's job, ie. :

Code:

Fri Jan  9 11:41:24| IN: Beijing Teletron Telecom Engineering Co., Ltd.,hits: 12,SRC: 124.207.144.194
Fri Jan  9 11:41:24| IN: China Digital Kingdom Technology Co.,Ltd,hits: 9,SRC: 60.247.1.87
Fri Jan  9 11:41:24| OUT: TELEFONICA DE ESPANA,hits: 12,DST: 88.5.247.177

However, /var/log/moblock-control.log seems to have some errors:

Code:

 CST Begin: moblock-control restart
Deleting iptables ...iptables v1.4.0: Couldn't load target `moblock_in':/lib/iptables/libipt_moblock_in.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.0: Couldn't load target `moblock_out':/lib/iptables/libipt_moblock_out.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.0: Couldn't load target `moblock_fw':/lib/iptables/libipt_moblock_fw.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
                                                                         [fail]
 * There occured some errors during the deletion of the iptables rules.
 * The most common reason for this is that they did not exist, because MoBlock
 * was not running. In this case you don't have to worry.
 * But if MoBlock was running there is some problem. Most probably you have
 * installed another firewall application that did delete the iptables rules.
 * A "moblock-control restart" will then fix the situation.
Executing /etc/moblock/iptables-custom-remove.sh ...                     [ OK ]
Stopping MoBlock ...                                                     [ OK ]
Inserting iptables ...                                                   [ OK ]
Executing /etc/moblock/iptables-custom-insert.sh ...                     [ OK ]
Starting MoBlock ...                                                     [ OK ]

Can anyone please help me?

Thanks!
---

SOLVED --- PUT MY DNS SERVER'S IP INTO /etc/moblock/allow.p2p AND IT STARTS TO WORK!

Perhaps the recent blocklist update from tbg.iblocklist.com have included my DNS IP for some reason....

[jre]

I just released moblock-control 1.2.

• New handling of blocklists:
  
  • php redirects are supported now. This allows to use the lists from iblocklist.com. All lists are downloaded from there per default now.
  • Since moblock-control 1.1 the default blocklists are by "The Blocklist Group" (tbg.iblocklist.com) instead of Bluetack (bluetack.co.uk).
  • The single blocklists are saved in new places now (but still under /var/spool/moblock/.
  • The master blocklist (e.g. guarding.p2p) is now saved in /var/lib/moblock/ instead of /etc/moblock/.
  • Several changes to make sure that the master blocklist exists and reflects the configuration. All changes are always applied on "start" now.
  • The (Debian) installation only requires the blocklists (and therefore network access) to be available, if the automatic start (init) is configured.
• Per default allow.p2p is not used for forwarded traffic.
• Dropped support for Ubuntu Feisty, as this is no more supported by Ubuntu since October 19th, 2008.

Find a detailed list of all changes in the changelog .

Feedback is very welcome!

Have fun!
jre


@feistybird: Glad to hear you solved it on your own. BTW, this was an excellent report giving much information! Don't worry about the errors in /var/log/moblock-control.log, they just result from trying to delete already deleted iptables rules.