-   Linux - Security (
-   -   Block ports and limit access (

esears 06-08-2004 04:40 AM

Block ports and limit access
I'm running a network over here in and due to much help from people on this board it's all running wonderfully. I have however hit one wall which is seriously degrading the network. Here is my setup:

I have one satellite connection running into an IpCop box that is doing all the firewall. I really like IpCop since it's easy to administer and when I'm not around my roommate can keep the network up since he's not linux savvy. I

The connection is then distributed via different means to 43 other computers. The main use of this network is for web browsing, e-mail , instant messaging and webcam to allow some soldiers to communicate with their families back home. Right now it does that.

However there are approximetly 4 people on the network who insist on using Kazaa and other various p2p products. It's been put out that these are off-limits however I don't want to totally cut off their net access. All I want to do is is limit their access to not include any p2p products. I've looked at stuff like IPP2P and while it looks nice I'm not sure on how I would incorporate it into IpCop without rebuilding it all. This net is up and I really can't afford to bring it down for an extended period of time maybe more than 2 hours.

98% of the people connected and running windows except for myself and the other sysadmin and I'm pretty sure most of them have no knowledge on running kazaa or other programs on other ports so I'm not too worried about that. I'm just trying to shut it down.

I've looked into iptables and I know it can block via ports but I can't figure out how to do it. I'm reasonably good with linux just new at this firewall stuff.

I am willing if neccasary to use my backup to route the network for a day or so and switch to a distro if needed if that would make this easier. It's just getting extreme when with the limited bandwidth we have that I can't even open a webpage.

Another thing after I get this one problem resolved is closing off ftp ports except to certain local ip addresses who express a need to get into them.

I really appreciate any help.

Pcghost 06-08-2004 11:08 PM

Peer to Peer clients are the bane of every network administrator. The are particularly difficult to deal with at the firewall level as most can use virtually any port they can find to get to the Internet. The way we deal with them on our network is by running Snort. It alerts us when we have peer-to-peer clients launch on the network, telling us the source ip of the client and therefore who is doing it. P2P is a user problem, and is normally dealt with as such. You may be able to implement bandwidth limiting at the firewall level though.

esears 06-09-2004 01:45 AM

That sounds like it would work right now too. I'm taking it since snort is included in IpCop I could just add that configuration to it and find out who exactly is using p2p programs. I'd rather give the people a chance to cease their p2p stuff since they are also using it for communication with their family back home but I have no problem cutting them off if they continue since it totally limits everyone else from being able to talk. Would you be willing to share your snort cfg for that aspect of it? Appreciate your help and ideas though. Hopefully I can get this under control and get some of my bandwitdh back to the users who need it for legitmate reasons.

All times are GMT -5. The time now is 06:49 PM.