LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 07-26-2005, 01:03 PM   #1
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Rep: Reputation: 15
Blocking Emule with Iptables


Iīm using a Linux Firewall at work and I can see that some userīs are connecting to Emule (etc). Thatīs terrible for the productivity of the internet connection for others, so I would like to block the access for Emule, and alikes.

I have these line to block Kazaa but didnīt find any for blocking the emule. Is it written correctly.

# Bloquear KaZaA
/sbin/iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
/sbin/iptables -A FORWARD -p TCP --dport 1214 -j REJECT

Thanks all!
 
Old 07-26-2005, 01:25 PM   #2
demian
Member
 
Registered: Apr 2001
Location: Bremen, Germany
Distribution: Debian
Posts: 303

Rep: Reputation: 30
Most p2p applications use configurable ports. So just blocking the well known ports works only for users who don't know what they are doing. I've had great success in cutting down p2p traffic with this:

http://www.ipp2p.org/
 
Old 07-26-2005, 02:18 PM   #3
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Original Poster
Rep: Reputation: 15
Well, Iīm a newbie so I wouldnīt try right now to put IPP2P on our server. My boss is on vacation (he is the system admin) and so Iīm just looking for something like putting a line in the IPtables rules to block access... The problem is that some of the users, know what they are doing, so can you guys help me with something less complicated that would do the trick. At least for about 20 days???

I would like something that if a problem occurs, I just have to comment the line and it would go back to normal...

anyway thanks a lot. And the IPP2P will be something I certainly will bring up when my boss arrives.

P.S.: Can I monitor the ports that are being used, is there a fixed IP number in order to connect to emule? So that I can block that IP and it would be done? Etc. Anything would be of great help.

Thanks again!
Palula Brasil.
 
Old 07-26-2005, 02:46 PM   #4
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 45
These are the ports used by eMule.
Blocking some of them might throws some mindless users away :
http://www.emule-project.net/home/pe...&rm=show_topic
 
Old 07-26-2005, 03:21 PM   #5
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Original Poster
Rep: Reputation: 15
Ports... I would like information regarding --dport --sport.

6) Local Port: any
Remote Port: 4665
Protocol: UDP
Direction: outgoing
Purpose: Source asking on servers
Note: Servers using the default port 4661 TCP (see #5) automatically set their port for source asking to 4665 UDP. If a server uses a different port in #5 the corresponding UDP port is set to [Connection Port + 4]. For firewalls the remote port here is any.



7) Local Port: 4711
Remote Port: any
Protocol: TCP
Direction: incoming
Purpose: Webserver
Note: This is the default port for the web interface. When using a router this port has to be forwarded or no connection to the webserver will be possible.

As you guys can see, the 4665 port is outgoing, and the 4711 port is incoming, so should I use --dport for 4665 and --sport for 4711. And what if a port is incoming/outgoing? For example: port 4662.

Thanks in advance!!!
 
Old 07-26-2005, 04:33 PM   #6
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 45
it depends on how you build your rules.
--dport mean "destination port", so the port "where your computer is trying to connect".
--sport mean "source port", so the port "from where you are trying to connect".

No need to remind that a network communication usually look like the following :
[Your Computer]port 30123------>port 4665[Server]
or
[Server]port 4665--------->port 30123[Your Computer]

it's all about how you build your firewall... like,if you are trying to prevent clients from talking to servers or preventing servers to answer to your clients (once your clients first tried to initiate communication).
 
Old 07-26-2005, 05:44 PM   #7
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Original Poster
Rep: Reputation: 15
Sorry but it still seems too far out for me...
Could you try to explain in a more understandable way?

For example, it is very easy for me to understand the Kazaa rules up there.
Based on what I said what would you do? I donīt want any kind of connection between the users of my LAN and Emule. I want Emule to be totally dead.

Thanks a lot.

Last edited by Palula; 07-27-2005 at 07:24 AM.
 
Old 07-27-2005, 07:22 AM   #8
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Original Poster
Rep: Reputation: 15
--dport mean "destination port", so the port "where your computer is trying to connect".
--sport mean "source port", so the port "from where you are trying to connect".

Is it more or less, like this?

--dport gives more importance to the server port...
--sport gives mor importance to my port (literally on my computer).

If I want to block connection "to" somewhere, I use --dport...
If I want to block connection "from something going out a specific port in my computer", I use --sport...

If thatīs the main thing within these two choices, I would automatically block the destination (-dport) because itīs more reliable isnīt it?

Letīs suppose emule uses port 1234 and that preferrably, users should open port 3223 to connect to that port (1234). If I block --sport to 3223, and the client to another port... It can still connect to 1234 using another source port. But what if I blocked the destination port 1234. There canīt be any connection at all right?

Was that way over my head?
Did I even get close!!!

Anybody could help??
Thanks a lot!
 
Old 07-27-2005, 07:37 AM   #9
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 45
yup, now you get it I think
 
Old 07-27-2005, 07:52 AM   #10
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Original Poster
Rep: Reputation: 15
One thing that intrigues me!!!

How does the firewall know what is coming from the net and what is going to the net?
For example, if I put this line:

/sbin/iptables -A FORWARD -p tcp --dport 4662 -j REJECT

For me it could be: anything that is going to the port 4662. It doesnīt matter if itīs going from my LAN to a computer outside... Or if itīs going from an outside connection to computers in my LAN, on port 4662.

In short... One line blocks either way, anything that is destined to the port 4662, no matter if itīs in or out of my LAN.

Is that true?
 
Old 07-27-2005, 09:24 AM   #11
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 45
yes it is true.
Usually, it is safer to use "-o <interface>" (output interface) or "-i <interface>" (input interface) arguement to avoid blocking useful trafic. As example :

/sbin/iptables -A OUTPUT -p tcp --dport 4662 -o ppp0 -j REJECT

Here, I assume you are "going to the net" using the interface "ppp0" (this is for dial-up or DSL, could be eth0 as well), this work. Of course in some case this kind of rules isn't applicable (as example, if your eth0 is used to access to the net AND to talk to a local network, trought a switch or a router as example), in that case you cuold use "-s <ip adress>" (source address) or "-d <ip address>" (destination ip address), as example :

/sbin/iptables -A OUTPUT -p tcp --dport 4662 -d !192.168.0.255/255.255.255.0 -j REJECT

This line reject all packets, going to the port 4662 that are NOT going to the destination "range" 192.168.0.255, (so if your "private network range" is 192.168.0.255, you will be able to use this port locally, but it it will be rejected if you try to go outside... clever, isn't it? :P )
 
Old 07-27-2005, 01:41 PM   #12
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Original Poster
Rep: Reputation: 15
Based on the configs exposed on the Emule site (common ports) would these rules work?

eth0 = My LAN NIC
eth1 = My WAN NIC

Code:
/sbin/iptables -A FORWARD -p tcp --dport 4662 -i eth1 -j REJECT
/sbin/iptables -A FORWARD -p tcp --sport 4662 -o eth1 -j REJECT
/sbin/iptables -A FORWARD -p udp --dport 4672 -i eth1 -j REJECT
/sbin/iptables -A FORWARD -p udp --sport 4672 -o eth1 -j REJECT
/sbin/iptables -A FORWARD -p tcp --sport 4661 -o eth1 -j REJECT
/sbin/iptables -A FORWARD -p udp --dport 4665 -o eth1 -j REJECT
/sbin/iptables -A FORWARD -p tcp --dport 4711 -i eth1 -j REJECT
Does that make any sense?
 
Old 08-26-2005, 01:21 PM   #13
jointano
LQ Newbie
 
Registered: Aug 2005
Posts: 1

Rep: Reputation: 0
To block eMule write:

Code:
iptables -A FORWARD -p tcp --dport 4661:4711 -j REJECT
iptables -A FORWARD -p udp --dport 4661:4711 -j REJECT
It's work's ...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
blocking an IP using iptables picox Linux - Security 7 12-10-2010 03:00 PM
iptables rules for emule in nat box eantoranz Linux - Networking 3 08-08-2005 10:37 PM
iptables - how to allow client in my local net use emule -- please help me b:z Linux - Networking 3 04-12-2005 10:53 AM
blocking MSN using iptables? systemgsr Linux - Networking 16 09-04-2003 12:59 PM
emule don't work with iptables/nat coyote gomen Linux - Networking 1 08-16-2003 05:19 PM


All times are GMT -5. The time now is 09:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration