Page 20 of 120 FirstFirst ... 1018192021223070 ... LastLast
Results 191 to 200 of 1196

Thread: Moblock (peerguardian linux alternative)

  1. #191
    Join Date
    Sep 2006
    Beans
    64

    Re: Moblock (peerguardian linux alternative)

    pelle.k: Well i removed my firewall completely. Moblock should work correct? I ran some commands to confirm its operational state:

    I removed ubuntu-firewall script from /etc/rc* directories (ex. rm /etc/rc1.d/*ubuntu-firewall.sh) and all its configuration files(ex sudo rm /etc/default/ubuntu-firewall-*)

    >tail command...:
    Code:
    >tail -f /var/log/moblock.log
    
    Skipping useless range: adelinatech.com
    Skipping useless range: CWS
    Skipping useless range: ns1/ns2.playercodec.net
    Skipping useless range: www.buhartes.info|BT|Hijackers
    Skipping useless range: adv549|CWS|BT|Hijackers
    Skipping useless range: Pluginaccess.com/Dialeraccess.com[CWS]
    Ranges loaded: 4445
    Merged ranges: 9
    Skipped useless ranges: 223
    NFQUEUE: binding to queue '0'
    Code:
    ###@linux-core-pc:/etc/default$ ping microsoft.com
    PING microsoft.com (207.46.250.119) 56(84) bytes of data.
    
    --- microsoft.com ping statistics ---
    26 packets transmitted, 0 received, 100% packet loss, time 25069ms
    
    ###@linux-core-pc:/etc/default$ ping www.microsoft.com
    PING lb1.www.ms.akadns.net (207.46.199.30) 56(84) bytes of data.
    
    --- lb1.www.ms.akadns.net ping statistics ---
    6 packets transmitted, 0 received, 100% packet loss, time 5000ms
    
    ###@linux-core-pc:/etc/default$ ping adelinatech.com
    PING adelinatech.com (68.178.232.100) 56(84) bytes of data.
    
    --- adelinatech.com ping statistics ---
    3 packets transmitted, 0 received, 100% packet loss, time 2001ms
    
    ###@linux-core-pc:/etc/default$
    I have no firewall rules active and im not blocking sites... via firefox i can connect to microsoft's main site.

    Does moblock require firehol?

  2. #192
    Join Date
    Nov 2005
    Location
    Scandinavia
    Beans
    939

    Re: Moblock (peerguardian linux alternative)

    no, not at all. running moblock without a firewall such as firehol is actually less painful, as moblock creates rules in iptables automaticly. this is the reason it doesn't work with other firewalls, because after moblock has setup some rules in iptables, the "firewall" put it's own rules also in iptables, and it becomes a mess.
    Iptables can (unforuately) only have one application at a time create rules for it. _If_ you customize firehol a bit, then you can have them both running, that's the reason i have that bit in my howto, but it's not at all necessary.
    - "though It seems that I know that I know, what I would like to see Is the I that sees me, when I know that I know that I know" / Alan Watts

  3. #193
    Join Date
    Sep 2006
    Beans
    64

    Re: Moblock (peerguardian linux alternative)

    After flushing all iptables and deleting chains to make sure moblock has full control of iptables without the use of a firewall i ran the following commands.

    Code:
    iptables -X MOBLOCK (MOBLOCK_FW MOBLOCK_IN MOBLOCK_OUT)
    
    iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination

    Then loaded moblock from init.d:
    Code:
    /etc/init.d/moblock-nfq restart
     * Restarting moblock moblock                       [Ok]
    Then check iptables' current listing show:

    Code:
    # iptables -L
    Chain INPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    MOBLOCK_IN  all  --  anywhere             anywhere            state NEW
    
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination
    MOBLOCK_FW  all  --  anywhere             anywhere            state NEW
    
    Chain MOBLOCK_FW (1 references)
    target     prot opt source               destination
    NFQUEUE    all  --  anywhere             anywhere            NFQUEUE num 0
    
    Chain MOBLOCK_IN (1 references)
    target     prot opt source               destination
    NFQUEUE    all  --  anywhere             anywhere            NFQUEUE num 0
    
    Chain MOBLOCK_OUT (1 references)
    target     prot opt source               destination
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https
    ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
    NFQUEUE    all  --  anywhere             anywhere            NFQUEUE num 0
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination
    ACCEPT     all  --  anywhere             anywhere
    MOBLOCK_OUT  all  --  anywhere             anywhere            state NEW
    Now quickly see my /etc/cron.daily/moblock-nfq::

    Code:
    cat /etc/cron.daily/moblock-nfq |grep BLOCKLIST
    # use from BLOCKLISTS.
    #BLOCKLISTS="ads-trackers-and-bad-pr0n level1 level2  Microsoft  spyware "
    BLOCKLISTS="nipfilter.dat ads-trackers-and-bad-pr0n"
    #BLOCKLISTTXT="templist dshield"
    BLOCKLISTTXT="dshield"
    Now when i try to hit microsoft.com website. i get access to it.. (nipfilter.dat contains all level spyware and microsoft db's)

    However, when i try an ip from the list:

    Code:
    >tail /etc/moblock/guarding.p2p
    
    www.tendomain.com|Hijack|BT:218.38.13.220-218.38.13.220
    CYBERSURFING:218.236.112.0-218.236.112.127
    y3y.net/555y.com:219.129.216.39-219.129.216.39
    xpire.info-Hijacker[spy]:221.139.50.11-221.139.50.11
    Dabber.B|BT:221.236.167.192-221.236.167.192
    MS Word Exploit|BT:222.92.208.225-222.92.208.225
    hongnanjing.com:222.189.228.5-222.189.228.5
    80ke.com:222.189.238.77-222.189.238.77
    zinanjing.com:222.223.183.30-222.223.183.30
    W32/Downloader/http.down.love.witlog.net:222.237.76.91-222.237.76.91
    Code:
    And pinging 80ke.com, my moblock log returns:
    Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 1,SRC: 204.16.208.90
    Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 2,SRC: 204.16.208.90
    Blocked OUT: 80ke.com,hits: 1,DST: 222.189.238.77
    Blocked OUT: 80ke.com,hits: 2,DST: 222.189.238.77
    Blocked OUT: 80ke.com,hits: 3,DST: 222.189.238.77
    Blocked OUT: 80ke.com,hits: 4,DST: 222.189.238.77
    Blocked OUT: 80ke.com,hits: 5,DST: 222.189.238.77
    Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 3,SRC: 204.16.208.167
    Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 4,SRC: 204.16.208.167
    Blocked OUT: MS Hotmail,hits: 1,DST: 64.4.32.7
    Blocked OUT: MS Hotmail,hits: 2,DST: 64.4.32.7
    Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 5,SRC: 204.16.208.239
    Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 6,SRC: 204.16.208.183
    Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 7,SRC: 204.16.208.114
    Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 8,SRC: 204.16.208.114
    Blocked IN: [DShield block] FAST COLOCATION SERVICES,hits: 9,SRC: 204.16.208.20

    So the darn thing is working... Now to reinstall using Firehol. I hope im able to NAT easily from there.. I'm pretty savvy with **** but iptables troubles me.

    Thanks for the support. Would be nice to have ubuntu-firewall work with this. Its a great script.

  4. #194
    Join Date
    Nov 2005
    Location
    Scandinavia
    Beans
    939

    Re: Moblock (peerguardian linux alternative)

    No sweat.
    I'm no fan of iptables either. It's built for handwritten custom configurations.
    I would rather have software using it directly, not through scripts, so that it could have slots for more than one application, and also not let one application change rules to a busy slot, but use it's own slot. Also this would make applications aware of each other through iptables, and one could tell iptables wich application would have the first slot.
    Then the firewall could filter traffic in slot one, and moblock have it's own rules in slot two wich the filtered traffic would come to after slot 1.
    Maybe i make no sense at all.

    Then again, it would be nice if moblock didn't use iptables at all to filter traffic (let firewalls and such have iptables for them self) but filter all traffic that goes in or out of the kernel by default.
    - "though It seems that I know that I know, what I would like to see Is the I that sees me, when I know that I know that I know" / Alan Watts

  5. #195
    Join Date
    Sep 2006
    Beans
    64

    Re: Moblock (peerguardian linux alternative)

    Another gripe im having is that i noticed that i can access http://www.microsoft.com http://mpaa.org and sites of that nature.

    Why do i connect to the microsoft site if i have all the lists blocking for me. Specially Microsoft.

    Are there any bench marking tools/sites that can test my moblock

  6. #196
    Join Date
    Nov 2005
    Location
    Scandinavia
    Beans
    939

    Re: Moblock (peerguardian linux alternative)

    You know http traffic is whitelisted by default right?
    - "though It seems that I know that I know, what I would like to see Is the I that sees me, when I know that I know that I know" / Alan Watts

  7. #197
    Join Date
    Sep 2006
    Beans
    64

    Re: Moblock (peerguardian linux alternative)

    meaning no matter what im blocking if its coming on via TCP 80 its entering coming in?

    Makes no sense.. dont you think?

  8. #198
    Join Date
    Sep 2006
    Beans
    64

    Re: Moblock (peerguardian linux alternative)

    Id hate to be out of the scope of the project, but since i had to resort to another firewall... What type of rules can i put here. Is there any documented examples i can build off of.

    How would i put blocks to certain ports.. or NAT for my other interfaces can receive internet? DHCP is already configured

    In any event, as requested:

    /etc/default/firehol :

    Code:
    $ cat /etc/default/firehol START_FIREHOL=YES
    
    #If you want to have firehol wait for an iface to be up add it here
    WAIT_FOR_IFACE="eth0"

    /etc/firehol/firehol.conf:
    Code:
    #
    # $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
    #
    # This configuration file will allow all requests originating from the
    # local machine to be send through all network interfaces.
    #
    # No requests are allowed to come from the network. The host will be
    # completely stealthed! It will not respond to anything, and it will
    # not be pingable, although it will be able to originate anything
    # (even pings to other hosts).
    #
    
    version 5
    
    ########################
    ### moblock
    
    iptables --new MOBLOCK
    iptables -A MOBLOCK -j NFQUEUE
    
    ##
    ########################
    
    
    
    # Your internet interface
    
    interface eth0 internet
    
            server ssh accept
    
    
            # This will send http traffic directly
            # to accept instead of moblock
            # thus whitelisting it...
            client http accept
    
            client all MOBLOCK
    
    # Your local network
    interface eth1 home
    
    
            # You can access whatever on your lan
            client all accept
    
            # If you want your lan user to access your http server
            server http accept
    
    router internet2home inface eth0 outface eth1
    
    router home2internet inface eth1 outface eth0
            route all accept
    edit:

    I made changes to my conf file. I want to give the world access to my ssh server for remote administrating.. hopefully this works since im on my way to work in a few.
    Last edited by shookone; September 29th, 2006 at 01:21 AM. Reason: made changes to my firehol.conf

  9. #199
    Join Date
    Nov 2005
    Location
    Scandinavia
    Beans
    939

    Re: Moblock (peerguardian linux alternative)

    why is whitelisting port 80 stupid? all ports are open by default, moblock just filters them. if you want to contact microsoft on port 80, i has to be whitelisted.

    as for nat, add this entry before the interfaces;
    Code:
     # fill in ip as needed, ethx = internet device
     dnat to 192.168.0.x:ssh inface ethx proto tcp dport 12345
    do this with your router; (just an example)
    Code:
     router lan2internet inface eth1 outface eth0
     masquerade reverse #now you can "imagine" it as a client, and not use route command...
     client all accept
    
     router internet2lan inface eth1 outface eth0
     route ssh accept dst 192.168.0.x
    - "though It seems that I know that I know, what I would like to see Is the I that sees me, when I know that I know that I know" / Alan Watts

  10. #200
    Join Date
    Sep 2006
    Beans
    64

    Re: Moblock (peerguardian linux alternative)

    Pelle:

    I misunderstood i guess. I thought that no matter what moblock is blocking if its port 80 it will come in. I have updated my firehol after much reading of the documentations. Would you mind a quick guidance since I cannot find a firehol.conf thread anywhere.

    This is my current firehol.conf:

    Code:
    cat /etc/firehol/firehol.conf
    #
    # $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
    #
    # This configuration file will allow all requests originating from the
    # local machine to be send through all network interfaces.
    #
    # No requests are allowed to come from the network. The host will be
    # completely stealthed! It will not respond to anything, and it will
    # not be pingable, although it will be able to originate anything
    # (even pings to other hosts).
    #
    
    version 5
    
    ########################
    ### moblock
    
    iptables --new MOBLOCK
    iptables -A MOBLOCK -j NFQUEUE
    
    ##
    ########################
    
    
    # The network of eth1
    home_ips=192.168.100.2/24
    
    # Your local network
    interface eth1 home src "${home_ips}"
    
            policy reject
            server "dhcp samba" accept
            client "samba" accept
    
            # You can access whatever on your lan
            client all accept
    
            # If you want your lan user to access your http server
            server http accept
    
    # Your internet interface
    
    interface eth0 internet src not "${home_ips} ${UNROUTABLE_IPS}"
    
            protection strong 10/sec 10
            server "ssh ftp" accept
    
    
            # This will send http traffic directly
            # to accept instead of moblock
            # thus whitelisting it...
            client all MOBLOCK
    
    router home2internet inface eth1 outface eth0
            masquerade
            route all accept
    I'm searching for a front end that will allow me to better understand how this works.

    Basically i have my ubuntu box with is directly connected to cable modem via eth0 and i have a xbox running both games and linux via eth1.

    There are some ports i need to go from eth1 to the net. I'm not sure how to specify. I'm currently reading more into it but i managed to get the internet on my xbox/linux box.

    Again much appreciation for the support. I'm still able to access microsoft.com via the web.. so how do i know if im blocking that stuff.
    Last edited by shookone; September 30th, 2006 at 05:30 AM.

Page 20 of 120 FirstFirst ... 1018192021223070 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •