LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-16-2012, 07:53 PM   #16
ac_kumar
Member
 
Registered: Aug 2011
Distribution: Ubuntu, Fedora
Posts: 175

Rep: Reputation: 9

See the key to blocking torrent downloading is not allow masquerading.
hope it helps.
 
Old 08-17-2012, 12:14 AM   #17
Hira Inam
LQ Newbie
 
Registered: Aug 2012
Posts: 15
Blog Entries: 3

Original Poster
Rep: Reputation: Disabled
I didnot get ur point :-(
 
Old 08-17-2012, 09:06 AM   #18
ac_kumar
Member
 
Registered: Aug 2011
Distribution: Ubuntu, Fedora
Posts: 175

Rep: Reputation: 9
Quote:
Originally Posted by Hira Inam View Post
I didnot get ur point :-(
Have implemented squid using similar rules in iptables:-

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

eth0(internet adapter)
eth1(internal network)
 
Old 08-17-2012, 10:38 AM   #19
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,950

Rep: Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693
Quote:
Originally Posted by ac_kumar View Post
Have implemented squid using similar rules in iptables:-

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128

eth0(internet adapter)
eth1(internal network)
Thanks for proving my point...you cannot block torrents with Squid. You're doing a redirect with iptables, which is not the same thing. Also, you can still download torrents with what you have stated above. Torrents are specifically designed to be hard to block, which is why layer seven filters exist, and which is why even ISP's have a hard time blocking/tracking them.

There are IPtables rules you can use with regex'es to TRY to block things, but even they don't work.

Last edited by TB0ne; 08-17-2012 at 10:41 AM.
 
Old 08-17-2012, 11:58 PM   #20
Hira Inam
LQ Newbie
 
Registered: Aug 2012
Posts: 15
Blog Entries: 3

Original Poster
Rep: Reputation: Disabled
Yes i have implemented the same iptables rule.
 
Old 08-18-2012, 06:58 AM   #21
ac_kumar
Member
 
Registered: Aug 2011
Distribution: Ubuntu, Fedora
Posts: 175

Rep: Reputation: 9
see if you will not use this command:
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

and manually feed proxy settings in client browser than only browser will be able to use internet and torrent programs will not get internet.
 
Old 08-18-2012, 04:11 PM   #22
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,950

Rep: Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693
Quote:
Originally Posted by ac_kumar View Post
see if you will not use this command:
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

and manually feed proxy settings in client browser than only browser will be able to use internet and torrent programs will not get internet.
Again, no. You are NOT using squid to block torrents, rather an IP tables rule. And again, you can run a torrent client and simply put the proxy port in, and bypass it, since by using your rules, all you're doing is a redirect. You're not blocking the ports used by torrent clients.
 
Old 08-19-2012, 03:43 PM   #23
ac_kumar
Member
 
Registered: Aug 2011
Distribution: Ubuntu, Fedora
Posts: 175

Rep: Reputation: 9
Quote:
Originally Posted by TB0ne View Post
Again, no. You are NOT using squid to block torrents, rather an IP tables rule. And again, you can run a torrent client and simply put the proxy port in, and bypass it, since by using your rules, all you're doing is a redirect. You're not blocking the ports used by torrent clients.
First of all I am using squid to provide internet on limited ports. (ok)
Than I agree that any one can run a torrent client and simply put the proxy port in, and bypass it. But if you will use delay pools than torrent download speed can be limited.

I suggest you try it practically. Than give me your feedback.
 
Old 08-19-2012, 06:08 PM   #24
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,950

Rep: Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693
Quote:
Originally Posted by ac_kumar View Post
First of all I am using squid to provide internet on limited ports. (ok)
Than I agree that any one can run a torrent client and simply put the proxy port in, and bypass it. But if you will use delay pools than torrent download speed can be limited.

I suggest you try it practically. Than give me your feedback.
I suggest you read the question, and read what you just posted. The OP posted that they want to BLOCK (that is TOTALLY STOP) torrent downloading. You CANNOT DO THAT WITH SQUID, PERIOD. You even then follow up by saying you KNOW it won't work, and the best your solution can do is limit the SPEED of downloading, providing that they do it through a web browser. Again, your 'solution' lets a torrent client BYPASS squid totally...and if you bypass squid, how exactly would the squid rules apply to that download????

I HAVE tried what you posted, a good while back, and so I KNOW it doesn't work.
 
Old 08-20-2012, 01:10 PM   #25
ac_kumar
Member
 
Registered: Aug 2011
Distribution: Ubuntu, Fedora
Posts: 175

Rep: Reputation: 9
First try it. See if torrent downloading speed is reduced beacuse of delay pools.
Practically testing is far better than Arguments.
 
Old 08-20-2012, 02:33 PM   #26
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 17,950

Rep: Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693Reputation: 3693
Quote:
Originally Posted by ac_kumar View Post
First try it. See if torrent downloading speed is reduced beacuse of delay pools.
Practically testing is far better than Arguments.
And if you read what I posted before, I HAVE TRIED IT, and it doesn't work. Again, if you bypass Squid, the squid rules don't apply.

And again, you have not addressed the OP's question. They want to BLOCK...not 'slow down'...torrent downloads. Your 'solution', does NOT BLOCK IT, so it DOES NOT WORK.
 
Old 08-21-2012, 02:43 PM   #27
ac_kumar
Member
 
Registered: Aug 2011
Distribution: Ubuntu, Fedora
Posts: 175

Rep: Reputation: 9
It worked for me as most user don't know to bypass it. I just wanted to help.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off




All times are GMT -5. The time now is 02:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration