LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-08-2004, 04:40 AM   #1
esears
Member
 
Registered: Mar 2004
Location: Iraq, Baghdad
Posts: 32

Rep: Reputation: 15
Block ports and limit access


I'm running a network over here in and due to much help from people on this board it's all running wonderfully. I have however hit one wall which is seriously degrading the network. Here is my setup:

I have one satellite connection running into an IpCop box that is doing all the firewall. I really like IpCop since it's easy to administer and when I'm not around my roommate can keep the network up since he's not linux savvy. I

The connection is then distributed via different means to 43 other computers. The main use of this network is for web browsing, e-mail , instant messaging and webcam to allow some soldiers to communicate with their families back home. Right now it does that.

However there are approximetly 4 people on the network who insist on using Kazaa and other various p2p products. It's been put out that these are off-limits however I don't want to totally cut off their net access. All I want to do is is limit their access to not include any p2p products. I've looked at stuff like IPP2P and while it looks nice I'm not sure on how I would incorporate it into IpCop without rebuilding it all. This net is up and I really can't afford to bring it down for an extended period of time maybe more than 2 hours.

98% of the people connected and running windows except for myself and the other sysadmin and I'm pretty sure most of them have no knowledge on running kazaa or other programs on other ports so I'm not too worried about that. I'm just trying to shut it down.

I've looked into iptables and I know it can block via ports but I can't figure out how to do it. I'm reasonably good with linux just new at this firewall stuff.

I am willing if neccasary to use my backup to route the network for a day or so and switch to a distro if needed if that would make this easier. It's just getting extreme when with the limited bandwidth we have that I can't even open a webpage.

Another thing after I get this one problem resolved is closing off ftp ports except to certain local ip addresses who express a need to get into them.

I really appreciate any help.
 
Old 06-08-2004, 11:08 PM   #2
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Real Washington
Distribution: Debian, Android
Posts: 1,819

Rep: Reputation: 46
Peer to Peer clients are the bane of every network administrator. The are particularly difficult to deal with at the firewall level as most can use virtually any port they can find to get to the Internet. The way we deal with them on our network is by running Snort. It alerts us when we have peer-to-peer clients launch on the network, telling us the source ip of the client and therefore who is doing it. P2P is a user problem, and is normally dealt with as such. You may be able to implement bandwidth limiting at the firewall level though.
 
Old 06-09-2004, 01:45 AM   #3
esears
Member
 
Registered: Mar 2004
Location: Iraq, Baghdad
Posts: 32

Original Poster
Rep: Reputation: 15
Lightbulb

That sounds like it would work right now too. I'm taking it since snort is included in IpCop I could just add that configuration to it and find out who exactly is using p2p programs. I'd rather give the people a chance to cease their p2p stuff since they are also using it for communication with their family back home but I have no problem cutting them off if they continue since it totally limits everyone else from being able to talk. Would you be willing to share your snort cfg for that aspect of it? Appreciate your help and ideas though. Hopefully I can get this under control and get some of my bandwitdh back to the users who need it for legitmate reasons.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ide1(22,7): write failed, user block limit reached. andy18 Linux - General 1 07-05-2005 01:14 PM
Ports to Block chrisfirestar Linux - General 1 10-28-2003 04:27 AM
how to check for block ports by isp? Drogo Linux - Software 2 10-26-2003 06:15 PM
How to Block music ports JohnRide Linux - Security 1 12-02-2002 04:17 PM
how to block ports furquan Linux - Security 9 02-21-2002 07:23 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration