Page 65 of 65 FirstFirst ... 1555636465
Results 641 to 650 of 650

Thread: General MoBlock thread

  1. #641
    Join Date
    Oct 2012
    Beans
    12

    Re: General MoBlock thread

    Ok, I did this:

    sudo pglcmd stop
    sudo rm -rf /var/spool/pgl/
    sudo pglcmd start


    and here's the terminal:

    Code:
    :~$ sudo pglcmd stop
    [sudo] password for: 
     * Stopping PeerGuardian Linux pgld                                      [ OK ] 
    :~$ sudo rm -rf /var/spool/pgl/
    :~$ sudo pglcmd start
     * Starting PeerGuardian Linux pgld                                      [ OK ] 
    :~$ pglgui
    ** Debug: "/usr/lib/i386-linux-gnu/pgl/pglcmd.defaults" 
    ** Debug: Connection to DBus was successful. 
    ** Debug: ~AddExceptionDialog() 
    ** Warning: bool hasPermissions(const QString&) Could not read from file "/etc/test_file" 
    ** Debug: Executing commands: 
     ("/usr/bin/gksudo "/usr/bin/pglcmd start"") 
     
    ** Debug: void ProcessT::executeCommand(const QString&, const QProcess::ProcessChannelMode&, bool) "" 
    ** Warning: bool hasPermissions(const QString&) Could not read from file "/etc/test_file" 
    ** Debug: Executing commands: 
     ("/usr/bin/gksudo "/usr/bin/pglcmd reload"") 
     
    ** Debug: void ProcessT::executeCommand(const QString&, const QProcess::ProcessChannelMode&, bool) "/usr/bin/gksudo "/usr/bin/pglcmd start"" 
    ** Warning: bool hasPermissions(const QString&) Could not read from file "/etc/test_file" 
    ** Debug: Executing commands: 
     ("/usr/bin/gksudo "/usr/bin/pglcmd update"") 
     
    ** Debug: void ProcessT::executeCommand(const QString&, const QProcess::ProcessChannelMode&, bool) "/usr/bin/gksudo "/usr/bin/pglcmd reload"" 
    
    ** Debug: void ProcessT::executeCommand(const QString&, const QProcess::ProcessChannelMode&, bool) "/usr/bin/gksudo "/usr/bin/pglcmd start"" 
    ** Warning: bool hasPermissions(const QString&) Could not read from file "/etc/test_file" 
    ** Debug: Executing commands: 
     ("/usr/bin/gksudo "/usr/bin/pglcmd update"") 
     
    ** Debug: void ProcessT::executeCommand(const QString&, const QProcess::ProcessChannelMode&, bool) "/usr/bin/gksudo "/usr/bin/pglcmd reload"" 
    ** Warning: bool hasPermissions(const QString&) Could not read from file "/etc/test_file" 
    ** Debug: Executing commands: 
     ("/usr/bin/gksudo "/usr/bin/pglcmd update"") 
     
    ** Debug: void ProcessT::executeCommand(const QString&, const QProcess::ProcessChannelMode&, bool) "/usr/bin/gksudo "/usr/bin/pglcmd update"" 
    ** Warning: ~Peerguardian() 
    ** Debug: ~GuiOptions() 
    
    :~$ pglgui
    ** Debug: "/usr/lib/i386-linux-gnu/pgl/pglcmd.defaults" 
    ** Debug: Connection to DBus was successful. 
    ** Debug: "INFO: Started." 
    ** Debug: "ERROR: Error loading /var/lib/pgl/master_blocklist.p2p" 
    ** Debug: "INFO: Blocking 0 IP ranges (0 IPs)." 
    ** Debug: "ERROR: Cannot load the blocklist(s)"


    And this is /etc/pgl/blocklists.list, but there's nothing in it:

    Code:
    # blocklists.list - lists the remote blocklists that pglcmd handles.
    
    # Place one URL per line for every blocklist.
    # Any line which starts with a # (hash) is a comment and is ignored.
    
    # Have a look at /usr/share/doc/pglcmd/README.blocklists.gz for detailed
    # information about some available blocklists.
    
    # Instead or additionally to the remote blocklists that are specified here, you
    # can put local blocklists in LOCAL_BLOCKLIST_DIR (/etc/pgl/blocklists.local/).
    # All blocklists in that directory (except those in subdirectories, or which end
    # in "~" or start with ".") are used. They may be in any supported format and
    # have to be either unpacked or gzip'ped.
    
    # Do a "pglcmd reload" (or "restart" or "update") when you have edited this
    # file.


    So my lists are not updated via URL/PGL because I download them manually with my browser and keep them in my home directory. The lists are local, could this be part of the problem? I also tried moving all the lists directly to /etc/pgl/blocklists.local and loaded them up from there, but that just made things worse. And as you can see, /etc/pgl/blocklists.list has not been changed in any way. Do I need to add the paths to my local blocklist here?

  2. #642
    Join Date
    Jan 2007
    Beans
    772

    Re: General MoBlock thread

    Placing them directly or linking them in /etc/pgl/blocklists.local/ both work here perfectly.
    Can you test with only one blocklist, e.g. one with a line like
    Code:
    Multicast: 228.0.0.0-228.255.255.255
    If this works, please try your local blocklists separately. I suppose one is broken. If you find the culprit you might send it to me for further debugging.

    Did you make any changes, especially related to "LOWMEM"? What's your /etc/pgl/pglcmd.conf?
    Did you compile on your own or do you use the binary from my repository?
    Please post your logfiles and output of commands wrapped in code tags:
    Code:
    [code]output[/code]
    Co-author of PeerGuardian Linux (pgl). Maintainer of the pgl package repositories for Debian and Ubuntu.

  3. #643
    Join Date
    Oct 2012
    Beans
    12

    Re: General MoBlock thread

    "Did you make any changes, especially related to "LOWMEM"?"

    Not that I'm aware of. I think the only thing I did was whitelist ports 80 and 443, TCP, out only.


    "What's your /etc/pgl/pglcmd.conf?"

    Code:
    WHITE_TCP_OUT="80 443" 
    INIT="0" 
    CRON="0"

    "Did you compile on your own or do you use the binary from my repository?"

    I always go to http://moblock-deb.sourceforge.net and follow the install instructions there (I use your repository). This is what I put in my sources list:

    Code:
    deb http://ppa.launchpad.net/jre-phoenix/pgl-experimental/ubuntu precise main
    deb-src http://ppa.launchpad.net/jre-phoenix/pgl-experimental/ubuntu precise main
    I also added your ppa from here:
    https://launchpad.net/~jre-phoenix/+archive/ppa

    But on the last step, installing the .deb file, the software center said it was a dummy package and being ignorant of what that meant, I didn't install it. I was trying to install this because of what I had read earlier in this thread and thought it might solve this problem.

    Just as a side note, I want to say thanks for the clear, step-by-step install instructions at moblock-deb.sourceforge.net. Having that there has always made a HUGE difference for me. I've even used it to help me figure out how to install other software when I was still learning how to do it.


    So I removed all the old lists (and did "sudo pglcmd force-reload"),
    made the multicast blocklist and added it (through the GUI),
    restarted my system,
    turned on pglgui, pressed start, got no error but the list didn't load.
    Pressed start again and got the pop-up error message.

    Here's the logs when I tried that:

    pgld.log:

    Code:
    Oct 30 18:28:09 INFO: Connected to dbus system bus.
    Oct 30 18:28:09 INFO: Started.
    Oct 30 18:28:09 ERROR: Error loading /var/lib/pgl/master_blocklist.p2p
    Oct 30 18:28:09 INFO: Blocking 0 IP ranges (0 IPs).
    Oct 30 18:28:09 ERROR: Cannot load the blocklist(s)
    pglcmd.log:

    Code:
    2012-10-30 18:28:08 PDT Begin: pglcmd start
    Inserting iptables ...
    ..Setting up iptables for INPUT:
    ....Creating chain and inserting NFQUEUE rule   ...done.
    ....Whitelisting IP ranges   ...done.
    ....Inserting block rule   ...done.
    ..Setting up iptables for OUTPUT:
    ....Creating chain and inserting NFQUEUE rule   ...done.
    ....Whitelisting ports   ...done.
    ....Whitelisting IP ranges   ...done.
    ....Inserting block rule   ...done.
    ..Setting up iptables for FORWARD:
    ....Creating chain and inserting NFQUEUE rule   ...done.
    ....Inserting block rule   ...done.
    ..Allowing loopback traffic: INPUT OUTPUT   ...done.
    ..Allowing OUTPUT traffic to DNS server 127.0.0.1   ...done.
    ..Allowing FORWARD traffic to DNS server 127.0.0.1   ...done.
    ..Allowing LAN traffic ...
    ....INPUT from 10.0.0.0/24   ...done.
    ....OUTPUT to 10.0.0.0/24   ...done.
    ....FORWARD from 10.0.0.0/24 to 10.0.0.0/24   ...done.
    ..LAN traffic allowed.
    ..Activating chains:
    ....INPUT
    ....OUTPUT
    ....FORWARD
    ..Chains activated.
    Iptables inserted.
    Starting pgld   ...done.
    Starting pglcmd.wd   ...done.
    2012-10-30 18:28:09 PDT End: pglcmd start
    2012-10-30 18:28:57 PDT Begin: pglcmd start
    Problematic daemon status: 1
    * pgld is not running


    I even tried manually adding the multicast IP range to the master_blocklist.p2p but it didn't take. But I don't know what the format looks like for IP ranges in this file anyway (I'm assuming it's different and don't even know if this would work).



    I'd like to try adding a list just using the command line, but honestly, I don't know how to do it. I see

    Code:
    pgld [-c CHARSET] -m [BLOCKLIST(S)]
    so if I have my list here: /home/anonymous/Lists/Multicast.gz, is this the command to load it?:

    Code:
    pgld -c UTF-8 -m /home/anonymous/Lists/Multicast.gz
    I don't even know if it's UTF-8 or not, let alone figuring that out.



    I also tried using the URL instead of local lists (blocklist name was bluetack_dshield here), and got some different results (pgld.log was the same as before though):

    pglcmd.log:

    Code:
    2012-10-30 18:32:34 PDT Begin: pglcmd stop
    Stopping pglcmd.wd   ...done.
    Deleting iptables ...
    ..Executing iptables remove script /var/lib/pgl/.pglcmd.iptables.remove.sh   ...done.
    ..Removing iptables remove script /var/lib/pgl/.pglcmd.iptables.remove.sh   ...done.
    Iptables deleted.
    Stopping pgld/sbin/start-stop-daemon: warning: failed to kill 3675: No such process
    ...done.
    2012-10-30 18:32:34 PDT End: pglcmd stop
    2012-10-30 19:02:45 PDT Begin: pglcmd reload
    pgld is not running, doing nothing.
    2012-10-30 19:02:45 PDT End: pglcmd reload
    2012-10-30 19:02:58 PDT Begin: pglcmd update
    Updating blocklists ...
    Updating bluetack_dshield... done.
    Extracting bluetack_dshield, detected gz... done.
    Blocklists updated.
    pgld is not running, doing nothing.
    2012-10-30 19:03:16 PDT End: pglcmd update
    2012-10-30 19:04:20 PDT Begin: pglcmd start
    Building blocklist ...
    WARN: Invalid ASCII line: Binary file standard input matches
    ERROR: Error opening (null) as binary.
    INFO: Blocking 0 IP ranges (0 IPs).
    Blocklist built.
    Inserting iptables ...
    ..Setting up iptables for INPUT:
    ....Creating chain and inserting NFQUEUE rule   ...done.
    ....Whitelisting IP ranges   ...done.
    ....Inserting block rule   ...done.
    ..Setting up iptables for OUTPUT:
    ....Creating chain and inserting NFQUEUE rule   ...done.
    ....Whitelisting ports   ...done.
    ....Whitelisting IP ranges   ...done.
    ....Inserting block rule   ...done.
    ..Setting up iptables for FORWARD:
    ....Creating chain and inserting NFQUEUE rule   ...done.
    ....Inserting block rule   ...done.
    ..Allowing loopback traffic: INPUT OUTPUT   ...done.
    ..Allowing OUTPUT traffic to DNS server 127.0.0.1   ...done.
    ..Allowing FORWARD traffic to DNS server 127.0.0.1   ...done.
    ..Allowing LAN traffic ...
    ....INPUT from 10.0.0.0/24   ...done.
    ....OUTPUT to 10.0.0.0/24   ...done.
    ....FORWARD from 10.0.0.0/24 to 10.0.0.0/24   ...done.
    ..LAN traffic allowed.
    ..Activating chains:
    ....INPUT
    ....OUTPUT
    ....FORWARD
    ..Chains activated.
    Iptables inserted.
    Starting pgld   ...done.
    Starting pglcmd.wd   ...done.
    2012-10-30 19:04:21 PDT End: pglcmd start
    2012-10-30 19:05:01 PDT Begin: pglcmd reload
    Problematic daemon status: 1
    * pgld is not running
    2012-10-30 19:05:16 PDT Begin: pglcmd start
    Problematic daemon status: 1
    * pgld is not running

    Well, sorry it's been so difficult! I'll try anymore suggestions you have and I'd really like to try to load a list with the command-line only; if you don't mind teaching me how.

  4. #644
    Join Date
    Jan 2007
    Beans
    772

    Re: General MoBlock thread

    Quote Originally Posted by lemwt View Post
    They are also .gz format.
    While rereading your post I just realized that you are using packed blocklists. I think we removed support for that in pgld itself (IMHO extracting should be done with external applications, which are installed anyway. further there is not only gz out there, but also other like 7z).
    Anyway, unpack your blocklists and try again.


    Just for completeness:
    1. "pglcmd status" gives you the correct line to start pgld:
      Code:
      /usr/sbin/pgld -s -l /var/log/pgl/pgld.log -d -p /var/run/pgld.pid -q 92 -r 10 -a 20 /var/lib/pgl/master_blocklist.p2p
      Please note that pgld depends on correctly inserted iptables rules (this is done by pglcmd on "pglcmd start". Only starting pgld will not work.
    2. CAUTION: master_blocklist.p2p is generated automatically from all local blocklists and the remote lists specified in /etc/pgl/blocklists.list. Manually adding ranges may, if at all, just work for a short time.
    3. But on the last step, installing the .deb file, the software center said it was a dummy package and being ignorant of what that meant, I didn't install it. I was trying to install this because of what I had read earlier in this thread and thought it might solve this problem.
      This relates to the transitional packages moblock, blockcontrol and mobloquer/pgl-gui, which just install the real new packages pgld, pglcmd and pglgui.
    4. Whitelisting ports (e.g. 80 and 443 outbound) is still a security risk, because malicious hosts might listen on these ports and thus circumvent pgl's protection.
    Last edited by jre; November 11th, 2012 at 04:42 PM.
    Please post your logfiles and output of commands wrapped in code tags:
    Code:
    [code]output[/code]
    Co-author of PeerGuardian Linux (pgl). Maintainer of the pgl package repositories for Debian and Ubuntu.

  5. #645
    Join Date
    Oct 2012
    Beans
    12

    Re: General MoBlock thread

    Hi, and thank you for your response!


    Unfortunately, it's still not working. I tried everything you suggested but it's just being real stubborn.


    I should have mentioned earlier that I had tried using different types of compression as well as plain text documents.

    When I click "Add a remote or local blocklist",
    then "Browse",
    then "All Supported files",
    the extension list lists: P2P, Zip, 7z, Gzip and Dat.

    I actually am not allowed to select a plain text file (or an extensionless file), to load.


    I haven't given up but I'm out of ideas. After switching to 12.04 (precise) I've had so many other problems that it wouldn't surprise me at all if it had something with the operating system.


    Thanks for the diligent effort to help and for always responding. Thank you for explaining what a dummy package is. I appreciate all the time you put very much!

  6. #646
    Join Date
    Jan 2007
    Beans
    772

    Re: General MoBlock thread

    pglgui needs some improvement for local blocklists.
    E.g. pglgui is too strict about the allowed local blocklists. pglgui is just an extension for pgld/pglcmd - they allow using blocklists with any extension (as long as they are in a known format).
    There also seem to be some issues with removing local blocklists. We are working on this.

    Although the problems I know of are not related to your problems, please don't use pglgui to set your local blocklists for now.

    So let's start fresh again:
    Please be careful to exactly follow the following instructions (not more, not less) to avoid any misunderstandings.
    1. Code:
      sudo pglcmd stop
    2. Code:
      sudo pglcmd status
      . You should get the following output:
      Code:
      Run "status" as root to verify your iptables settings!
      
      [FAIL] pgld is not running ... failed!
      [FAIL] pglcmd.wd is not running ... failed!
    3. verify that your /etc/pgl/blocklists.list does not contain any blocklist entries (so you are still using the same as in you posted previously in this 641
    4. remove any files from /etc/pgl/blocklists.local/
    5. create the file /etc/pgl/blocklists.local/test.p2p with the following content:
      Code:
      test:0.0.0.0-255.255.255.255
    6. sudo pglcmd start

    Now, everything should work and your whole internet access should be blocked. Start pglgui, it should show "Blocking 1 IP ranges (4294967295 IPs).

    If not, do you use the current version? Please check
    Code:
    dpkg -l pgld pglcmd pglgui
    and update to 2.2.2-1.
    If the update fails (due to your current problems), check the update for a hint how to solve it (something like "dpkg-reconfigure ...")

    This setup really should work!

    If not, please purge your whole installation (sudo aptitude purge pgld pglcmd pglgui) and try again with the default configuration (default remote blocklists, no local blocklists).




    Now, if this works, please test with your own local blocklists one for one. If one doesn't load, please send it to me: jre-phoenix at users.sourceforge.net
    Last edited by jre; November 20th, 2012 at 04:53 PM. Reason: typo
    Please post your logfiles and output of commands wrapped in code tags:
    Code:
    [code]output[/code]
    Co-author of PeerGuardian Linux (pgl). Maintainer of the pgl package repositories for Debian and Ubuntu.

  7. #647
    Join Date
    Oct 2012
    Beans
    12

    Re: General MoBlock thread

    HOORAY it works!


    Code:
    2012-11-19 14:20:06 PST End: pglcmd stop
    2012-11-19 14:28:40 PST Begin: pglcmd start
    Building blocklist ...
    INFO: ASCII: 1 entries loaded from "STDIN"
    INFO: Blocking 1 IP ranges (4294967295 IPs).
    Blocklist built.

    I did step 1-6 and that did it! And yes, I am using v2.2.2-1. I loaded all my blocklists uncompressed with .p2p extension and can see that each one was accepted in the log.

    Thank you very much! Sorry, one more question:

    I'd like to add my allow list now. Where or how should I add it?

  8. #648
    Join Date
    Jan 2007
    Beans
    772

    Re: General MoBlock thread

    Well, that was easy
    Seeing this whole story, I guess you were just hit by the problems in pglgui we just recently realized. pgld and pglcmd were not affected.

    Quote Originally Posted by lemwt View Post
    I'd like to add my allow list now. Where or how should I add it?
    Per default /etc/pgl/allow.p2p is used for incoming and outgoing connections (you should not use it for forwarded connections, e.g. in routers/for virtual machines).
    No support for that in pglgui yet
    And in the long run, there are major changes planned for this. But nothing to worry about now. And I will make the changes compatible to the current setup.

    Greets and have fun
    Please post your logfiles and output of commands wrapped in code tags:
    Code:
    [code]output[/code]
    Co-author of PeerGuardian Linux (pgl). Maintainer of the pgl package repositories for Debian and Ubuntu.

  9. #649
    Join Date
    Feb 2013
    Beans
    2

    Re: General MoBlock thread

    I've posted these questions on sourceforge already but the forum there seems to be deserted...

    So I'll try my luck here:


    1) Is there any difference (especially concerning security) between running pglgui as normal user (and using gksu/gksudo to actually start the filter) and running it directly as root?
    I know that I should avoid to start applications as root, but pgl needs root's power to change iptables anyway...


    2) How to update default lists in pgl? Does pgl update them on its own somehow, if so, is there some indicator that the lists are actually up-to date?

  10. #650
    Join Date
    Jan 2007
    Beans
    772

    Re: General MoBlock thread

    Quote Originally Posted by Patty X View Post
    I've posted these questions on sourceforge already but the forum there seems to be deserted...
    Just answered at
    https://sourceforge.net/p/peerguardi...read/3c02fb52/ and
    https://sourceforge.net/p/peerguardi...read/e1826b35/

    btw, yes I'm quite busy and the others probably too. But we are still around and everybody is welcome to join.
    Please post your logfiles and output of commands wrapped in code tags:
    Code:
    [code]output[/code]
    Co-author of PeerGuardian Linux (pgl). Maintainer of the pgl package repositories for Debian and Ubuntu.

Page 65 of 65 FirstFirst ... 1555636465

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •