Topic: blocking emule and other p2p software

[blacksheep]

Hi

I need to block emule and other p2p software and was wondering if I could do this through SME server or any add on?

The main problem is emule can use any port including port 80 so am going to have to use something that sniffs the packets and bins any from emule or any other p2p software.

Any hints/ideas?

[p-jones]

There is a content filtering addon which can be located searching the archives which will probably block the e-mule url(s). I would expect that if you block those then you will have probaly closed the door to all e-mule traffic. Likewise Limewire. I have used it on V6.0 to block all sorts of things successfully. I dont know if it works on V6.5 or V7 though.

It was a while ago I set it up and I havent needed to revisit it since so I am a bit vague on all the details. As I say, I found it initially by searching the list but maybe someone else can point you to a more specific url with the appropiate rpm's and howto. If I find it I will post again.

[gregswallow]

I made a contrib for ipp2p (see ipp2p.org) for SME7, but it is not up to date for the latest kernel.  I'll try to get it up to date in teh next day or two.

Check here:
http://mirror.contribs.org/smeserver/contribs//gswallow/ipp2p-sme7/new/

[gdbs]

Thx Greg! I'm waiting for it too...

Is it possible to create add squidguard/dansguardian and ipp2p to SME7 as a default feature? it's so asked by anyone use sme!

[gregswallow]

New rpms are here for IPP2P (for example for i686):

http://mirror.contribs.org/smeserver/contribs//gswallow/sme7/addons-testing/ipp2p/e-smith-ipp2p-0.1.0-01.noarch.rpm
http://mirror.contribs.org/smeserver/releases/7/builds/rpms/RPMS/i686/ipp2p-0.8.0-01.i686.rpm
http://mirror.contribs.org/smeserver/releases/7/builds/rpms/RPMS/i686/kernel-module-ipp2p-0.8.0-01_2.6.9_22.0.2.EL.i686.rpm

If you have SMP kernel, or i586 then use the approprite rpms from the nearby folders.  

Just install the rpms and do this:

/sbin/e-smith/config setprop masq \
 ipp2p-ipp2p tcp \
 ipp2p-ares tcp \
 ipp2p-apple tcp \
 ipp2p-winmx tcp \
 ipp2p-soul tcp \
 ipp2p-bit tcp

then this:

/etc/rc7.d/S36masq restart

[lu2fgn]

Hi..

Went to the link and is not there any more, can you update it ...

Thanks

Alberto

[gregswallow]

I fixed d the link to the first rpm, but the others are out of date now - SME7RC1 uses a newer kernel.  I'll make new rpms soon.

[Franco]

What can I use to bring the same functionality to SME6? Any ideas? Right now I'm having to use pfsense in between the SME so I can block/control P2P.

[gdbs]

It seems that the RC2 and the final will have the same archi. Can we espect a release for rc2/final to ipp2p?

Thx again for your great work!

[gregswallow]

They are there - just install the ipp2p and kernel-module or kernel-smp-module (for multi-processor) for the the right arch., and the e-smith-ipp2p rpm and configure it according to the instructions given before:

http://mirror.contribs.org/smeserver/releases/7/builds/rpms/RPMS/i586/ipp2p-0.8.0-01.i586.rpm

http://mirror.contribs.org/smeserver/releases/7/builds/rpms/RPMS/i586/kernel-module-ipp2p-0.8.0-01_2.6.9_34.EL.i586.rpm

http://mirror.contribs.org/smeserver/releases/7/builds/rpms/RPMS/i586/kernel-smp-module-ipp2p-0.8.0-01_2.6.9_34.EL.i586.rpm

http://mirror.contribs.org/smeserver/releases/7/builds/rpms/RPMS/i686/ipp2p-0.8.0-01.i686.rpm

http://mirror.contribs.org/smeserver/releases/7/builds/rpms/RPMS/i686/kernel-module-ipp2p-0.8.0-01_2.6.9_34.EL.i686.rpm

http://mirror.contribs.org/smeserver/releases/7/builds/rpms/RPMS/i686/kernel-smp-module-ipp2p-0.8.0-01_2.6.9_34.EL.i686.rpm

http://mirror.contribs.org/smeserver/contribs//gswallow/sme7/addons-testing/ipp2p/e-smith-ipp2p-0.1.0-01.noarch.rpm

[gdbs]

Thx a lot, it works great!

Just something to add: don't forget to reconfigure your server to make it work.

[gregswallow]

After install ing the rpms do:

Code: [Select]

/sbin/e-smith/config setprop masq \
 ipp2p-ipp2p tcp \
 ipp2p-ares tcp \
 ipp2p-apple tcp \
 ipp2p-winmx tcp \
 ipp2p-soul tcp \
 ipp2p-bit tcp

and then...

Code: [Select]

/etc/rc7.d/S36masq restart

Do you still have to post-upgrade/reboot after that?  I haven't checked...

[gdbs]

yes, i've done it yesterday. after these 2 parts, emule still work fine.... so i've tried to reconf, and after that, connection to emule's servers didn't work anymore...

[kruhm]

do you think you could:
-rename the contrib to follow the new convention (smeserver-ipp2p)
-add a description.txt in the dir with:
-a description of the contrib
-the install process

FYI -added to contribs section.[/list]

[gdbs]

Hi,

Since i have install Dansguardian and change the transproxy port to use the dansguardian's one (8080)

Or maybe it's since the last updates....

Ipp2p doesn't work anymore....  Emule can download files et connect to servers!

Is there anything to change to make it work again?

I'v tried to make a rpm -Uvh to reinstall the 3 files and then to do:

/sbin/e-smith/config setprop masq \
ipp2p-ipp2p tcp \
ipp2p-ares tcp \
ipp2p-apple tcp \
ipp2p-winmx tcp \
ipp2p-soul tcp \
ipp2p-bit tcp

but after doing :

etc/rc7.d/S36masq restart

the server answer:

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
done


Thx for your help!

[cool34000]

Hi there !

I'm very interrested in this contrib, so i'm wondering if it can work in server-only mode... And if is this contrib working on a SME v7.0 final up to date server ?

Thanks in advance for your replys

[Janm]

SME 7 Final gregswallow Contribs blocking emule and other p2p software


rpm -Uvh *.rpm
Preparing...                ########################################### [100%]
   1:ipp2p                  ########################################### [ 25%]
   2:e-smith-ipp2p          ########################################### [ 50%]
   3:kernel-module-ipp2p    ########################################### [ 75%]
   4:kernel-smp-module-ipp2p########################################### [100%]
/sbin/e-smith/config setprop masq
/sbin/e-smith/db dbfile setprop key prop1 val1 [prop2 val2] [prop3 val3] ...
/sbin/e-smith/config setprop masq ipp2p-ipp2p tcp
/sbin/e-smith/config setprop masq ipp2p-ares tcp
/sbin/e-smith/config setprop masq ipp2p-apple tcp
/sbin/e-smith/config setprop masq ipp2p-winmx tcp
/sbin/e-smith/config setprop masq ipp2p-soul tcp
/sbin/e-smith/config setprop masq ipp2p-bit tcp
/etc/rc7.d/S36masq restart

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: done
/sbin/e-smith/config show masq
masq=service
    DenylogTarget=drop
    Logging=none
    Stealth=no
    TCPMinimizeDelay=22
    Trace=disabled
    ipp2p-apple=tcp
    ipp2p-ares=tcp
    ipp2p-bit=tcp
    ipp2p-ipp2p=tcp
    ipp2p-soul=tcp
    ipp2p-winmx=tcp
    pptp=yes
    status=enabled
signal-event post-upgrade
signal-event reboot

Broadcast message from root (pts/0) (Sat Sep  2 12:40:17 2006):

The system is going down for reboot NOW!

Regards Jan

[gdbs]

you install the modul for smp and for i686??? why? you only have to install 1 of those... use uname -a to know which kernel you run...

[cool34000]

You could say it's a joke... No, it's a noob question...

I got that trying uname -a :

Code: [Select]

Linux sme 2.6.9-34.0.2.ELsmp #1 SMP Fri Jul 7 19:52:49 CDT 2006 i686 athlon i386 GNU/Linux

So, what am I ??? SMP, i386 or i686 ??? or maybe each one

[Janm]

uname -a
Linux www 2.6.9-34.0.2.ELsmp #1 SMP Fri Jul 7 19:52:49 CDT 2006 i686 i686 i386 GNU/Linux

Jan

[gdbs]

smp... but i386 and i686 compliant. that's why you can install i386 or i686 rpms.

But using smp rpms may be better for perfomances

someone to confirm this fact?

[Janm]

System Vital
Canonical Hostname sme.jm-data.dk
Listening IP 83.92.166.x
Kernel Version 2.6.9-34.0.2.ELsmp (SMP)
Distro Name  CentOS release 4.3 (Final) - SME Server 7.0
Uptime 58 minutes
Current Users 0
Load Averages 0.00 0.06 0.07

Network Usage
Device Received Sent Err/Drop
lo 1.14 MB 1.14 MB 0/0
bond0 0.00 KB 0.00 KB 0/0
eth0 1008.67 KB 7.56 MB 0/0
eth1 6.95 MB 827.14 KB 0/0
 
Hardware Information
Processors 2
Model Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU Speed 2.99 GHz
Cache Size 2048 KB
System Bogomips 11975.82
PCI Devices 00:02.0 VGA compatible controller: Intel Corporation 945G/GZ Express Integrated Graphics Controller
00:1b.0 Audio device: Intel Corporation 82801G
00:1f.1 IDE interface: Intel Corporation 82801G
00:1f.2 IDE interface: Intel Corporation 82801GB/GR/GH
05:04.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+
3f:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5752 Gigabit Ethernet PCI Express
 
IDE Devices hda: HL-DT-STDVD-ROM GDR8164B
SCSI Devices ATA ST3250620AS (Direct-Access)
USB Devices Linux 2.6.9-34.0.2.ELsmp uhci_hcd UHCI Host Controller
Linux 2.6.9-34.0.2.ELsmp uhci_hcd UHCI Host Controller
Linux 2.6.9-34.0.2.ELsmp uhci_hcd UHCI Host Controller
Linux 2.6.9-34.0.2.ELsmp uhci_hcd UHCI Host Controller
Linux 2.6.9-34.0.2.ELsmp ehci_hcd EHCI Host Controller
 
 Memory Usage
Type Percent Capacity Free Used Size
Physical Memory   9%  2.25 GB 223.16 MB 2.47 GB
- Kernel + applications   4%    105.10 MB  
- Buffers   1%    25.88 MB  
- Cached   4%    92.19 MB  
Disk Swap   0%  1.94 GB 0.00 KB 1.94 GB
 
Mounted Filesystems
Mount Type Partition Percent Capacity Free Used Size
/ ext3 /dev/mapper/main-root  15% 181.92 GB 33.67 GB 227.13 GB
/dev/shm proc none  0% 1.23 GB 0.00 KB 1.23 GB
/dev/shm sysfs none  0% 1.23 GB 0.00 KB 1.23 GB
/dev/shm devpts none  0% 1.23 GB 0.00 KB 1.23 GB
/boot ext3 /dev/md1  19% 74.87 MB 18.69 MB 98.65 MB
/dev/shm tmpfs none  0% 1.23 GB 0.00 KB 1.23 GB
/dev/shm tmpfs none  0% 1.23 GB 0.00 KB 1.23 GB
Totals :    15% 183.23 GB 33.69 GB 228.46 GB

The System
Jan

[cool34000]

Thanks for your answer gdbs, now it's a bit clearer for me.

[gdbs]

Ok i've resolve my probleme... i didn't see that there's new kernel-module rpm for the last kernel update..........................  

Can someone told me the difference between le kernel-hugemem-module and the kernel-module rpm???

Thx

[jsk]

Hi,
I've installed ipp2p followed by howto but ipp2p doesn't work.
After command /etc/rc7.d/S36masq restart the server answer:

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: iptables v1.2.11: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/masq: line 146: REDIRECT: command not found
iptables v1.2.11: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/init.d/masq: line 148: REDIRECT: command not found
done

 Please help me to fix the problem.

Regards
John

[gregswallow]

Are you sure you didn't do something else to iptables?  There is no "-j" in the instructions for ipp2p.

This maybe?
http://www.google.com/search?q=site%3Acontribs.org+%22Unknown+arg+-j%22

BTW, for people that have the smeupdates-testing repo enabled, someone on the Centos-devel list is making ipp2p packages for that kernel (.42.0.2.EL).  The files are here:
http://homen.vsb.cz/~hrb33/el4/hrb/stable/i386/
(no i586, just i686)
This was his message to the list:
http://lists.centos.org/pipermail/centos-devel/2006-August/002393.html

[jsk]

Thanks for your reply Greg.

Are you sure you didn't do something else to iptables? There is no "-j" in the instructions for ipp2p.

This maybe?
http://www.google.com/search?q=site%3Acontribs.org+%22Unknown+arg+-j%22

KegRaider
Just make sure the longer lines are not split on to 2 lines. I think that was my problem before.

I put all in one line and server answer is:

/etc/rc7.d/S36masq restart
Shutting down IP masquerade and firewall rules:         Done!
Enabling IP masquerading: done

Best regards
John