Page 1 of 1

Help

Posted: Fri Jan 06, 2006 11:54 am
by tahiralijafri
Hello Friends!

I want to analize my LAN traffic, i have a squid running on FC3. I want to analize the applications running on my LAN. Can any one tell me a way to analize that which application is running on my LAN, I also want to block some applications , is squid providing this facility like ISA does.

Please describe briefly.

Waiting for reply

Re: Help

Posted: Fri Jan 06, 2006 1:18 pm
by lambda
try installing ntop, or snort.

Re: Help

Posted: Mon Jan 09, 2006 3:02 am
by syedali999
tahiralijafri wrote:Hello Friends!

I want to analize my LAN traffic, i have a squid running on FC3. I want to analize the applications running on my LAN. Can any one tell me a way to analize that which application is running on my LAN, I also want to block some applications , is squid providing this facility like ISA does.

Please describe briefly.

Waiting for reply


What about IPTRAF? i liked it tooooooao much...its easy, really great, n low weight. runs under Command Line Interface.



Thanks,
Regards


S. Rizvi
Customer Support Executive
======================
Customer Support Department
World Online (TM)
Cyber Soft Technologies Inc.
www.wol.net.pk
www.wol.com.pk
alirizvi@khi.wol.net.pk
======================
LPI ID: LPI000102069

Posted: Thu Jan 12, 2006 7:43 pm
by fawad
iptraf is awesome for realtime traffic monitoring.

Squid is not a monolithic firewall/caching proxy like ISA. In the Linux world, packet filtering is done by iptables and friends, and Squid just does HTTP, etc. As such, you need to block non-HTTP/FTP traffic using iptables.

Posted: Sat Feb 11, 2006 6:17 pm
by tahiralijafri
Dear Friends!

Thanks for your kind advice of iptraf, its great tool. please answer one more question, i am running network of 100 clients and i want mac bases auth. I mean internet will work only on macs that i will add to my list. i want to deny any other mac that is not in my mac list.
i have tried it with below mentioend rules but its notworking . Please let me know the simplest way to do so as i am not an expert on iptables.

iptables -I INPUT -p tcp -j DROP

OR

iptables -F INPUT
iptables -P INPUT DROP
iptables -A INPUT -i eth0 -m mac \
--mac-source 00-08-C7-EA-8C-42 -j ACCEPT

Posted: Sat Feb 11, 2006 8:20 pm
by shakirz1
Try this script, MAC authentication and transparent proxy.

Put your all user MAC address in /etc/user.allow file and run this script.

If you face any problem put here detail of error.

#!/bin/bash
# Flush and Delete Iptables
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -N MACtest

# Script Variables
int_if=eth0
ext_if=ppp0
int_ip=192.168.0.0/24


# Enable Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Authenticate user
for MAC in `cat /etc/user.allow | cut -c1-17`
do
/sbin/iptables -A MACtest -m mac --mac-source $MAC -j RETURN
echo Allow User $MAC
done
/sbin/iptables -A MACtest -j DROP
/sbin/iptables -A FORWARD -i $int_if -m state --state NEW -j MACtest
/sbin/iptables -A INPUT -i $int_if -m state --state NEW -j MACtest


# Transparent Proxy
/sbin/iptables -t nat -A PREROUTING -i $int_if -p tcp --dport 80 -j REDIRECT --to-port 8080

# Masquerade other request
/sbin/iptables -t nat -A POSTROUTING -s $int_ip -o $ext_if -j MASQUERADE
/sbin/iptables -A FORWARD -i $int_if -j ACCEPT

Posted: Sun Feb 12, 2006 9:38 pm
by tahiralijafri
Hello Shakirz!

Thanks for your kind reply, below mentioned is my firewall that i am currently using, i want to use ur suggested script with this firewall.
I have two network cards, 192.168.10.0 on eth0 and 10.0.0.0 on eth1. eth1 is my Lan and eth0 is my routers ip. Please suggest.

Regards
Tahir ALi Jafri
### My Firewall Starts Here ####
iptables --policy INPUT DROP
iptables --policy FORWARD DROP
iptables --policy OUTPUT DROP
####FTP MODULE LOADER####
modprobe ip_nat_ftp
modprobe ip_nat_irc
#########################
#### Traffic Comming to Our Machine####
iptables -A INPUT -p tcp -s 0/0 --dport 20484 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 20484 -j ACCEPT
###
iptables -A INPUT -p tcp -s 192.168.10.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 10.0.0.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.10.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 10.0.0.0/24 --dport 53 -j ACCEPT
###
iptables -A INPUT -p tcp --dport 67:68 -j ACCEPT
iptables -A INPUT -p udp --dport 67:68 -j ACCEPT
###
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -p udp --dport 3130 -j ACCEPT
iptables -A INPUT -p tcp --dport 3130 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i eth1 -p ICMP -j ACCEPT
###### Forwarding Rules ####
iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp --dport 51215 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2090 -j ACCEPT
iptables -A FORWARD -p udp --dport 2090 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2091 -j ACCEPT
iptables -A FORWARD -p udp --dport 2091 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2095 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5001:5020 -j ACCEPT
iptables -A FORWARD -p udp --dport 8100:8700 -j ACCEPT
iptables -A FORWARD -p tcp --dport 8100:8700 -j ACCEPT
iptables -A FORWARD -p udp --dport 1024:2500 -j ACCEPT
iptables -A FORWARD -p tcp --dport 7775:7777 -j ACCEPT
iptables -A FORWARD -p tcp --dport 11999 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2001:2120 -j ACCEPT
iptables -A FORWARD -p udp --dport 2001:2120 -j ACCEPT
iptables -A FORWARD -p tcp --dport 6801 -j ACCEPT
iptables -A FORWARD -p udp --dport 6801 -j ACCEPT
iptables -A FORWARD -p udp --dport 6901 -j ACCEPT
iptables -A FORWARD -p tcp --dport 6901 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1720 -j ACCEPT
iptables -A FORWARD -p udp --dport 1720 -j ACCEPT
########## Yahoo Voice Ports ########
iptables -A FORWARD -p tcp --dport 5050 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5001 -j ACCEPT
iptables -A FORWARD -p udp --dport 5010 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5000:5001 -j ACCEPT
iptables -A FORWARD -p udp --dport 5000:5010 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5100 -j ACCEPT
iptables -A FORWARD -p tcp --dport 7070 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5060 -j ACCEPT
iptables -A FORWARD -p tcp --dport 20:21 -j ACCEPT
iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -t mangle -p tcp --dport http -j TOS --set-tos Maximize-throughput
iptables -A FORWARD -t mangle -p tcp --dport 20 -j TOS --set-tos Minimize-delay
iptables -A FORWARD -t mangle -p tcp --dport 21 -j TOS --set-tos Minimize-delay
iptables -A FORWARD -t mangle -p tcp --dport 1863 -j TOS --set-tos Minimize-delay
iptables -A OUTPUT -t mangle -p tcp --dport http -j TOS --set-tos Maximize-throughput
iptables -A OUTPUT -t mangle -p tcp --dport 20 -j TOS --set-tos Minimize-delay
iptables -A OUTPUT -t mangle -p tcp --dport 21 -j TOS --set-tos Minimize-delay
#######
## For MSN thingy
iptables -I PREROUTING -t mangle -p tcp --dport 1863 -j TOS --set-tos Minimize-Delay
## For Yahoo thingy
iptables -I PREROUTING -t mangle -p tcp --dport 5000:5050 -j TOS --set-tos Minimize-Delay
## For 443 thingy
iptables -I PREROUTING -t mangle -p tcp --dport 443 -j TOS --set-tos Minimize-Delay
## For DNS thingy
iptables -A PREROUTING -t mangle -p udp --dport 53 -j TOS --set-tos Minimize-Delay
#########Transparent Proxy Redirection
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.10.0/24 --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth1 -p tcp -s 10.0.0.0/24 --dport 80 -j REDIRECT --to-port 8080
######Ip MASQURADING
iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/255.255.255.0 -j MASQUERADE
######
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
###################
echo 1 >/proc/sys/net/ipv4/ip_forward
echo 0 >/proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 0 >/proc/sys/net/ipv4/conf/all/accept_redirects
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
######### MIRC#####################
iptables -A FORWARD -p tcp --dport 6660:6669 -j ACCEPT
iptables -A FORWARD -p udp --dport 6660:6669 -j ACCEPT
iptables -A FORWARD -p tcp --dport 7000:7002 -j ACCEPT
iptables -A FORWARD -p udp --dport 7000:7002 -j ACCEPT
##### Paltalk custom ports #################
iptables -A FORWARD -t mangle -p tcp --dport 5001 -j TOS --set-tos Minimize-delay
iptables -A FORWARD -p udp --dport 2090 -j ACCEPT
iptables -A FORWARD -p udp --dport 2091 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2090 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2091 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2095 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5001:50015 -j ACCEPT
iptables -A FORWARD -p tcp --dport 8200:8700 -j ACCEPT
iptables -A FORWARD -p udp --dport 8200:8700 -j ACCEPT
iptables -A FORWARD -p udp --dport 1025:2500 -j ACCEPT
########### Accepted Ports ##############
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p udp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3128 -j ACCEPT
iptables -A OUTPUT -p udp --dport 3130 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3130 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 8080 -j ACCEPT
iptables -A OUTPUT -p udp --dport 8080 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 67:68 -j ACCEPT
iptables -A OUTPUT -p udp --dport 67:68 -j ACCEPT
iptables -A OUTPUT -p udp --dport 42 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 42 -j ACCEPT
#### experiment with port 5000 ################
iptables -A OUTPUT -p tcp -s 192.168.10.0/24 --dport 54214 -j DROP
iptables -A OUTPUT -p udp -s 192.168.10.0/24 --dport 54214 -j DROP
iptables -A INPUT -p tcp -s 192.168.10.0/24 --dport 54214 -j DROP
iptables -A INPUT -p udp -s 192.168.10.0/24 --dport 54214 -j DROP
iptables -A OUTPUT -p TCP --dport 1484 -j REJECT
iptables -A INPUT -p TCP --dport 1484 -j REJECT
iptables -A FORWARD -p TCP --dport 1484 -j REJECT
iptables -A OUTPUT -p UDP --dport 1484 -j REJECT
iptables -A INPUT -p UDP --dport 1484 -j REJECT
iptables -A FORWARD -p UDP --dport 1484 -j REJECT
iptables -A OUTPUT -p TCP --dport 54214 -j REJECT
iptables -A INPUT -p TCP --dport 54214 -j REJECT
iptables -A FORWARD -p TCP --dport 54214 -j REJECT
iptables -A OUTPUT -p UDP --dport 54214 -j REJECT
iptables -A INPUT -p UDP --dport 54214 -j REJECT
iptables -A FORWARD -p UDP --dport 54214 -j REJECT
###### webmin ######
iptables -A INPUT -p TCP --dport 10000 -j ACCEPT
iptables -A OUTPUT -p ICMP -j ACCEPT
########## New Firewall #####
#iMesh:
iptables -A FORWARD -s 192.168.1.0/24 -d 216.35.208.0/24 -j REJECT
iptables -A FORWARD -s 10.0.0.0/24 -d 216.35.208.0/24 -j REJECT
#BearShare:
iptables -A FORWARD -p TCP --dport 6346 -j REJECT
#ToadNode:
iptables -A FORWARD -p TCP --dport 6346 -j REJECT
#WinMX:
iptables -A FORWARD -d 209.61.186.0/24 -j REJECT
iptables -A FORWARD -d 64.49.201.0/24 -j REJECT
#Napigator:
iptables -A FORWARD -d 209.25.178.0/24 -j REJECT
#Morpheus:
iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
iptables -A FORWARD -p TCP --dport 1214 -j REJECT
#KaZaA:
#iptables -t filter -A INPUT -i ppp0 -p tcp --dport http -m string --string "kazaa" -j DROP
iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
#iptables -A FORWARD -p TCP --dport 1214 -j REJECT
#iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP
#iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP
#iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP
#iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP
#iptables -A FORWARD -m string --string "Kazaa" -j DROP
#iptables -A FORWARD -m string --string "msn." -j DROP
#iptables -A FORWARD -m string --string ".mp3" -j DROP
#Limewire:
iptables -A FORWARD -p TCP --dport 6346 -j REJECT
iptables -A INPUT -p TCP --dport 6346 -j REJECT
iptables -A OUTPUT -p TCP --dport 6346 -j REJECT
#Audiogalaxy:
iptables -A FORWARD -d 64.245.58.0/23 -j REJECT
iptables -A FORWARD -m unclean -j DROP
iptables -A INPUT -p tcp --syn -j DROP
# Blocking Blaster\Sasser
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 135 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 135 -j DROP
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 139 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 139 -j DROP
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 445 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 445 -j DROP
#Windows Media Service
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d mediasrv-2.ig.com.br -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d volstag2.uol.com.br -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d 200.221.5.17 -j DROP
###### Nettelephone Allow##########
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1800 -j REDIRECT --to-ports 1800
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1719 -j REDIRECT --to-ports 1719
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1720 -j REDIRECT --to-ports 1720
iptables -t nat -A PREROUTNIG -i eth0 -p tcp --dport 6060 -j REDIRECT --to-ports 6060
iptables -t nat -A PREROUTNIG -i eth0 -p udp --dport 6060 -j REDIRECT --to-ports 6060
################ virus ################
iptables -A FORWARD -p tcp -i eth0 -s 0/0 --dport 135 -j REJECT
iptables -A FORWARD -p udp -i eth0 -s 0/0 --dport 135 -j REJECT
iptables -A FORWARD -p tcp -i eth0 -s 0/0 --dport 139 -j REJECT
iptables -A FORWARD -p udp -i eth0 -s 0/0 --dport 139 -j REJECT
iptables -A FORWARD -p tcp -i eth0 -s 0/0 --dport 445 -j REJECT
iptables -A FORWARD -p udp -i eth0 -s 0/0 --dport 445 -j REJECT
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 135 -j REJECT
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 135 -j REJECT
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 139 -j REJECT
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 139 -j REJECT
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 445 -j REJECT
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 445 -j REJECT
############
ulimit -HSn 32768
/usr/local/squid/sbin/squid -D
#### Mac Based Auth ###
#!/bin/bash
# Flush and Delete Iptables
#/sbin/iptables -F
#/sbin/iptables -X
#/sbin/iptables -t nat -F
#/sbin/iptables -t nat -X
#/sbin/iptables -N MACtest
###### Script Variables
int_if=eth1
ext_if=ppp0
int_ip=10.0.0.0/255.255.255.0
##### Enable Forwarding
##### Enable Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
##### Authenticate user
for MAC in `cat /etc/user.allow | cut -c1-17`
do
/sbin/iptables -A MACtest -m mac --mac-source $MAC -j RETURN
echo Allow User $MAC
done
/sbin/iptables -A MACtest -j DROP
/sbin/iptables -A FORWARD -i $int_if -m state --state NEW -j MACtest
/sbin/iptables -A INPUT -i $int_if -m state --state NEW -j MACtest
# Masquerade other request
/sbin/iptables -t nat -A POSTROUTING -s $int_ip -o $ext_if -j MASQUERADE
/sbin/iptables -A FORWARD -i $int_if -j ACCEPT

Posted: Mon Feb 13, 2006 9:18 am
by syedali999
m i permitted to supply you the more generous solution???

first of all for Http, re-compile your squid with --enable-arp-acl option

or go for :

http://www.linuxpakistan.net/forum2x/vi ... php?t=2182

Re

Posted: Thu Feb 16, 2006 1:01 pm
by tahiralijafri
Dear Mr. Ali Rizvi!

Sure you can suggest me . My squid is already compliled with enable-arp-acl . Your suggestion will be appreciated .

Regards

Tahir ALi Jafri

Posted: Thu Feb 16, 2006 1:04 pm
by tahiralijafri
Hello Ali!

I have seen this script. My requirment is simple. I just want to allow some macs and deny any other mac on my network. willl this script do it for me if yes then please brief me about it. I will be very thankful to you

Regards

Tahir ALi

Posted: Thu Feb 16, 2006 5:23 pm
by mahin
tahiralijafri wrote: willl this script do it for me if yes then please brief me about it. I will be very thankful to you i


Follow what is in last post by LinuxFreak.

If you feel it need more explanation / hand holding then please do point so it can be improved.

This is supposed to wark as advertized :) but if does not then please post here what is not working.

Posted: Thu Feb 16, 2006 10:08 pm
by phparion
mahin wrote:
tahiralijafri wrote: willl this script do it for me if yes then please brief me about it. I will be very thankful to you i


Follow what is in last post by LinuxFreak.

If you feel it need more explanation / hand holding then please do point so it can be improved.

This is supposed to wark as advertized :) but if does not then please post here what is not working.


Mahin! Interestingly in your post there is no technical and informtive thing so you just put more burden on this thead with meaningless reply :twisted: :twisted: :twisted:

Posted: Sat Feb 18, 2006 10:47 am
by crazy_frog
syedali999 wrote:m i permitted to supply you the more generous solution???

first of all for Http, re-compile your squid with --enable-arp-acl option

or go for :

http://www.linuxpakistan.net/forum2x/vi ... php?t=2182


Thanks ...

This link had all the things I needed and even more. :)