Help

General discussion about PLUC and Linux in Pakistan.
Post Reply
tahiralijafri
Lance Naik
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
Location: Rawalpindi
Contact:

Help

Post by tahiralijafri »

Hello Friends!

I want to analize my LAN traffic, i have a squid running on FC3. I want to analize the applications running on my LAN. Can any one tell me a way to analize that which application is running on my LAN, I also want to block some applications , is squid providing this facility like ISA does.

Please describe briefly.

Waiting for reply
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Re: Help

Post by lambda »

try installing ntop, or snort.
syedali999
Battalion Havaldaar Major
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Location: Karachi
Contact:

Re: Help

Post by syedali999 »

tahiralijafri wrote:Hello Friends!

I want to analize my LAN traffic, i have a squid running on FC3. I want to analize the applications running on my LAN. Can any one tell me a way to analize that which application is running on my LAN, I also want to block some applications , is squid providing this facility like ISA does.

Please describe briefly.

Waiting for reply
What about IPTRAF? i liked it tooooooao much...its easy, really great, n low weight. runs under Command Line Interface.



Thanks,
Regards


S. Rizvi
Customer Support Executive
======================
Customer Support Department
World Online (TM)
Cyber Soft Technologies Inc.
www.wol.net.pk
www.wol.com.pk
alirizvi@khi.wol.net.pk
======================
LPI ID: LPI000102069
fawad
Site Admin
Posts: 918
Joined: Wed Aug 07, 2002 8:00 pm
Location: Addison, IL
Contact:

Post by fawad »

iptraf is awesome for realtime traffic monitoring.

Squid is not a monolithic firewall/caching proxy like ISA. In the Linux world, packet filtering is done by iptables and friends, and Squid just does HTTP, etc. As such, you need to block non-HTTP/FTP traffic using iptables.
tahiralijafri
Lance Naik
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
Location: Rawalpindi
Contact:

Post by tahiralijafri »

Dear Friends!

Thanks for your kind advice of iptraf, its great tool. please answer one more question, i am running network of 100 clients and i want mac bases auth. I mean internet will work only on macs that i will add to my list. i want to deny any other mac that is not in my mac list.
i have tried it with below mentioend rules but its notworking . Please let me know the simplest way to do so as i am not an expert on iptables.

iptables -I INPUT -p tcp -j DROP

OR

iptables -F INPUT
iptables -P INPUT DROP
iptables -A INPUT -i eth0 -m mac \
--mac-source 00-08-C7-EA-8C-42 -j ACCEPT
shakirz1
Battalion Quarter Master Havaldaar
Posts: 207
Joined: Sat Aug 09, 2003 5:00 pm
Location: Karachi
Contact:

Post by shakirz1 »

Try this script, MAC authentication and transparent proxy.

Put your all user MAC address in /etc/user.allow file and run this script.

If you face any problem put here detail of error.

#!/bin/bash
# Flush and Delete Iptables
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -N MACtest

# Script Variables
int_if=eth0
ext_if=ppp0
int_ip=192.168.0.0/24


# Enable Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Authenticate user
for MAC in `cat /etc/user.allow | cut -c1-17`
do
/sbin/iptables -A MACtest -m mac --mac-source $MAC -j RETURN
echo Allow User $MAC
done
/sbin/iptables -A MACtest -j DROP
/sbin/iptables -A FORWARD -i $int_if -m state --state NEW -j MACtest
/sbin/iptables -A INPUT -i $int_if -m state --state NEW -j MACtest


# Transparent Proxy
/sbin/iptables -t nat -A PREROUTING -i $int_if -p tcp --dport 80 -j REDIRECT --to-port 8080

# Masquerade other request
/sbin/iptables -t nat -A POSTROUTING -s $int_ip -o $ext_if -j MASQUERADE
/sbin/iptables -A FORWARD -i $int_if -j ACCEPT
tahiralijafri
Lance Naik
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
Location: Rawalpindi
Contact:

Post by tahiralijafri »

Hello Shakirz!

Thanks for your kind reply, below mentioned is my firewall that i am currently using, i want to use ur suggested script with this firewall.
I have two network cards, 192.168.10.0 on eth0 and 10.0.0.0 on eth1. eth1 is my Lan and eth0 is my routers ip. Please suggest.

Regards
Tahir ALi Jafri
### My Firewall Starts Here ####
iptables --policy INPUT DROP
iptables --policy FORWARD DROP
iptables --policy OUTPUT DROP
####FTP MODULE LOADER####
modprobe ip_nat_ftp
modprobe ip_nat_irc
#########################
#### Traffic Comming to Our Machine####
iptables -A INPUT -p tcp -s 0/0 --dport 20484 -j ACCEPT
iptables -A OUTPUT -p tcp -s 0/0 --dport 20484 -j ACCEPT
###
iptables -A INPUT -p tcp -s 192.168.10.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -s 10.0.0.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 192.168.10.0/24 --dport 53 -j ACCEPT
iptables -A INPUT -p udp -s 10.0.0.0/24 --dport 53 -j ACCEPT
###
iptables -A INPUT -p tcp --dport 67:68 -j ACCEPT
iptables -A INPUT -p udp --dport 67:68 -j ACCEPT
###
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -p udp --dport 3130 -j ACCEPT
iptables -A INPUT -p tcp --dport 3130 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -i eth1 -p ICMP -j ACCEPT
###### Forwarding Rules ####
iptables -A FORWARD -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp --dport 51215 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2090 -j ACCEPT
iptables -A FORWARD -p udp --dport 2090 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2091 -j ACCEPT
iptables -A FORWARD -p udp --dport 2091 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2095 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5001:5020 -j ACCEPT
iptables -A FORWARD -p udp --dport 8100:8700 -j ACCEPT
iptables -A FORWARD -p tcp --dport 8100:8700 -j ACCEPT
iptables -A FORWARD -p udp --dport 1024:2500 -j ACCEPT
iptables -A FORWARD -p tcp --dport 7775:7777 -j ACCEPT
iptables -A FORWARD -p tcp --dport 11999 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2001:2120 -j ACCEPT
iptables -A FORWARD -p udp --dport 2001:2120 -j ACCEPT
iptables -A FORWARD -p tcp --dport 6801 -j ACCEPT
iptables -A FORWARD -p udp --dport 6801 -j ACCEPT
iptables -A FORWARD -p udp --dport 6901 -j ACCEPT
iptables -A FORWARD -p tcp --dport 6901 -j ACCEPT
iptables -A FORWARD -p tcp --dport 1720 -j ACCEPT
iptables -A FORWARD -p udp --dport 1720 -j ACCEPT
########## Yahoo Voice Ports ########
iptables -A FORWARD -p tcp --dport 5050 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5001 -j ACCEPT
iptables -A FORWARD -p udp --dport 5010 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5000:5001 -j ACCEPT
iptables -A FORWARD -p udp --dport 5000:5010 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5100 -j ACCEPT
iptables -A FORWARD -p tcp --dport 7070 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5060 -j ACCEPT
iptables -A FORWARD -p tcp --dport 20:21 -j ACCEPT
iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -t mangle -p tcp --dport http -j TOS --set-tos Maximize-throughput
iptables -A FORWARD -t mangle -p tcp --dport 20 -j TOS --set-tos Minimize-delay
iptables -A FORWARD -t mangle -p tcp --dport 21 -j TOS --set-tos Minimize-delay
iptables -A FORWARD -t mangle -p tcp --dport 1863 -j TOS --set-tos Minimize-delay
iptables -A OUTPUT -t mangle -p tcp --dport http -j TOS --set-tos Maximize-throughput
iptables -A OUTPUT -t mangle -p tcp --dport 20 -j TOS --set-tos Minimize-delay
iptables -A OUTPUT -t mangle -p tcp --dport 21 -j TOS --set-tos Minimize-delay
#######
## For MSN thingy
iptables -I PREROUTING -t mangle -p tcp --dport 1863 -j TOS --set-tos Minimize-Delay
## For Yahoo thingy
iptables -I PREROUTING -t mangle -p tcp --dport 5000:5050 -j TOS --set-tos Minimize-Delay
## For 443 thingy
iptables -I PREROUTING -t mangle -p tcp --dport 443 -j TOS --set-tos Minimize-Delay
## For DNS thingy
iptables -A PREROUTING -t mangle -p udp --dport 53 -j TOS --set-tos Minimize-Delay
#########Transparent Proxy Redirection
iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.10.0/24 --dport 80 -j REDIRECT --to-port 8080
iptables -t nat -A PREROUTING -i eth1 -p tcp -s 10.0.0.0/24 --dport 80 -j REDIRECT --to-port 8080
######Ip MASQURADING
iptables -t nat -A POSTROUTING -o eth0 -s 10.0.0.0/255.255.255.0 -j MASQUERADE
######
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
###################
echo 1 >/proc/sys/net/ipv4/ip_forward
echo 0 >/proc/sys/net/ipv4/conf/all/accept_source_route
echo 0 > /proc/sys/net/ipv4/tcp_timestamps
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 0 >/proc/sys/net/ipv4/conf/all/accept_redirects
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout
echo 1800 > /proc/sys/net/ipv4/tcp_keepalive_time
echo 0 > /proc/sys/net/ipv4/tcp_window_scaling
echo 0 > /proc/sys/net/ipv4/tcp_sack
######### MIRC#####################
iptables -A FORWARD -p tcp --dport 6660:6669 -j ACCEPT
iptables -A FORWARD -p udp --dport 6660:6669 -j ACCEPT
iptables -A FORWARD -p tcp --dport 7000:7002 -j ACCEPT
iptables -A FORWARD -p udp --dport 7000:7002 -j ACCEPT
##### Paltalk custom ports #################
iptables -A FORWARD -t mangle -p tcp --dport 5001 -j TOS --set-tos Minimize-delay
iptables -A FORWARD -p udp --dport 2090 -j ACCEPT
iptables -A FORWARD -p udp --dport 2091 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2090 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2091 -j ACCEPT
iptables -A FORWARD -p tcp --dport 2095 -j ACCEPT
iptables -A FORWARD -p tcp --dport 5001:50015 -j ACCEPT
iptables -A FORWARD -p tcp --dport 8200:8700 -j ACCEPT
iptables -A FORWARD -p udp --dport 8200:8700 -j ACCEPT
iptables -A FORWARD -p udp --dport 1025:2500 -j ACCEPT
########### Accepted Ports ##############
iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p udp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3128 -j ACCEPT
iptables -A OUTPUT -p udp --dport 3130 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 3130 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 8080 -j ACCEPT
iptables -A OUTPUT -p udp --dport 8080 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 67:68 -j ACCEPT
iptables -A OUTPUT -p udp --dport 67:68 -j ACCEPT
iptables -A OUTPUT -p udp --dport 42 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 42 -j ACCEPT
#### experiment with port 5000 ################
iptables -A OUTPUT -p tcp -s 192.168.10.0/24 --dport 54214 -j DROP
iptables -A OUTPUT -p udp -s 192.168.10.0/24 --dport 54214 -j DROP
iptables -A INPUT -p tcp -s 192.168.10.0/24 --dport 54214 -j DROP
iptables -A INPUT -p udp -s 192.168.10.0/24 --dport 54214 -j DROP
iptables -A OUTPUT -p TCP --dport 1484 -j REJECT
iptables -A INPUT -p TCP --dport 1484 -j REJECT
iptables -A FORWARD -p TCP --dport 1484 -j REJECT
iptables -A OUTPUT -p UDP --dport 1484 -j REJECT
iptables -A INPUT -p UDP --dport 1484 -j REJECT
iptables -A FORWARD -p UDP --dport 1484 -j REJECT
iptables -A OUTPUT -p TCP --dport 54214 -j REJECT
iptables -A INPUT -p TCP --dport 54214 -j REJECT
iptables -A FORWARD -p TCP --dport 54214 -j REJECT
iptables -A OUTPUT -p UDP --dport 54214 -j REJECT
iptables -A INPUT -p UDP --dport 54214 -j REJECT
iptables -A FORWARD -p UDP --dport 54214 -j REJECT
###### webmin ######
iptables -A INPUT -p TCP --dport 10000 -j ACCEPT
iptables -A OUTPUT -p ICMP -j ACCEPT
########## New Firewall #####
#iMesh:
iptables -A FORWARD -s 192.168.1.0/24 -d 216.35.208.0/24 -j REJECT
iptables -A FORWARD -s 10.0.0.0/24 -d 216.35.208.0/24 -j REJECT
#BearShare:
iptables -A FORWARD -p TCP --dport 6346 -j REJECT
#ToadNode:
iptables -A FORWARD -p TCP --dport 6346 -j REJECT
#WinMX:
iptables -A FORWARD -d 209.61.186.0/24 -j REJECT
iptables -A FORWARD -d 64.49.201.0/24 -j REJECT
#Napigator:
iptables -A FORWARD -d 209.25.178.0/24 -j REJECT
#Morpheus:
iptables -A FORWARD -d 206.142.53.0/24 -j REJECT
iptables -A FORWARD -p TCP --dport 1214 -j REJECT
#KaZaA:
#iptables -t filter -A INPUT -i ppp0 -p tcp --dport http -m string --string "kazaa" -j DROP
iptables -A FORWARD -d 213.248.112.0/24 -j REJECT
#iptables -A FORWARD -p TCP --dport 1214 -j REJECT
#iptables -A FORWARD -m string --string "X-Kazaa-Username:" -j DROP
#iptables -A FORWARD -m string --string "X-Kazaa-Network:" -j DROP
#iptables -A FORWARD -m string --string "X-Kazaa-IP:" -j DROP
#iptables -A FORWARD -m string --string "X-Kazaa-SupernodeIP" -j DROP
#iptables -A FORWARD -m string --string "Kazaa" -j DROP
#iptables -A FORWARD -m string --string "msn." -j DROP
#iptables -A FORWARD -m string --string ".mp3" -j DROP
#Limewire:
iptables -A FORWARD -p TCP --dport 6346 -j REJECT
iptables -A INPUT -p TCP --dport 6346 -j REJECT
iptables -A OUTPUT -p TCP --dport 6346 -j REJECT
#Audiogalaxy:
iptables -A FORWARD -d 64.245.58.0/23 -j REJECT
iptables -A FORWARD -m unclean -j DROP
iptables -A INPUT -p tcp --syn -j DROP
# Blocking Blaster\Sasser
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 135 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 135 -j DROP
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 139 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 139 -j DROP
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 445 -j DROP
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 445 -j DROP
#Windows Media Service
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d mediasrv-2.ig.com.br -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d volstag2.uol.com.br -j DROP
#iptables -A FORWARD -s 192.168.1.0/24 -p tcp -d 200.221.5.17 -j DROP
###### Nettelephone Allow##########
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1800 -j REDIRECT --to-ports 1800
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 1719 -j REDIRECT --to-ports 1719
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 1720 -j REDIRECT --to-ports 1720
iptables -t nat -A PREROUTNIG -i eth0 -p tcp --dport 6060 -j REDIRECT --to-ports 6060
iptables -t nat -A PREROUTNIG -i eth0 -p udp --dport 6060 -j REDIRECT --to-ports 6060
################ virus ################
iptables -A FORWARD -p tcp -i eth0 -s 0/0 --dport 135 -j REJECT
iptables -A FORWARD -p udp -i eth0 -s 0/0 --dport 135 -j REJECT
iptables -A FORWARD -p tcp -i eth0 -s 0/0 --dport 139 -j REJECT
iptables -A FORWARD -p udp -i eth0 -s 0/0 --dport 139 -j REJECT
iptables -A FORWARD -p tcp -i eth0 -s 0/0 --dport 445 -j REJECT
iptables -A FORWARD -p udp -i eth0 -s 0/0 --dport 445 -j REJECT
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 135 -j REJECT
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 135 -j REJECT
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 139 -j REJECT
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 139 -j REJECT
iptables -A INPUT -p tcp -i eth0 -s 0/0 --dport 445 -j REJECT
iptables -A INPUT -p udp -i eth0 -s 0/0 --dport 445 -j REJECT
############
ulimit -HSn 32768
/usr/local/squid/sbin/squid -D
#### Mac Based Auth ###
#!/bin/bash
# Flush and Delete Iptables
#/sbin/iptables -F
#/sbin/iptables -X
#/sbin/iptables -t nat -F
#/sbin/iptables -t nat -X
#/sbin/iptables -N MACtest
###### Script Variables
int_if=eth1
ext_if=ppp0
int_ip=10.0.0.0/255.255.255.0
##### Enable Forwarding
##### Enable Forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
##### Authenticate user
for MAC in `cat /etc/user.allow | cut -c1-17`
do
/sbin/iptables -A MACtest -m mac --mac-source $MAC -j RETURN
echo Allow User $MAC
done
/sbin/iptables -A MACtest -j DROP
/sbin/iptables -A FORWARD -i $int_if -m state --state NEW -j MACtest
/sbin/iptables -A INPUT -i $int_if -m state --state NEW -j MACtest
# Masquerade other request
/sbin/iptables -t nat -A POSTROUTING -s $int_ip -o $ext_if -j MASQUERADE
/sbin/iptables -A FORWARD -i $int_if -j ACCEPT
syedali999
Battalion Havaldaar Major
Posts: 252
Joined: Sun May 29, 2005 1:45 am
Location: Karachi
Contact:

Post by syedali999 »

m i permitted to supply you the more generous solution???

first of all for Http, re-compile your squid with --enable-arp-acl option

or go for :

http://www.linuxpakistan.net/forum2x/vi ... php?t=2182
Thanks,
Regards


S. Asad Ali Rizvi
===================
Nomado Telecom
http://www.nomado.eu
alex[NoSpam]@nomado.eu
====================
LPI ID: LPI000102069
My blogs:
http://crea8ivefood.blogspot.com
http://actuarialsciencestudies.blogspot.com
tahiralijafri
Lance Naik
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
Location: Rawalpindi
Contact:

Re

Post by tahiralijafri »

Dear Mr. Ali Rizvi!

Sure you can suggest me . My squid is already compliled with enable-arp-acl . Your suggestion will be appreciated .

Regards

Tahir ALi Jafri
tahiralijafri
Lance Naik
Posts: 25
Joined: Sat Dec 17, 2005 8:40 pm
Location: Rawalpindi
Contact:

Post by tahiralijafri »

Hello Ali!

I have seen this script. My requirment is simple. I just want to allow some macs and deny any other mac on my network. willl this script do it for me if yes then please brief me about it. I will be very thankful to you

Regards

Tahir ALi
mahin
Major
Posts: 605
Joined: Wed Aug 07, 2002 8:00 pm
Location: Karachi
Contact:

Post by mahin »

tahiralijafri wrote: willl this script do it for me if yes then please brief me about it. I will be very thankful to you i
Follow what is in last post by LinuxFreak.

If you feel it need more explanation / hand holding then please do point so it can be improved.

This is supposed to wark as advertized :) but if does not then please post here what is not working.
phparion
Naik
Posts: 51
Joined: Tue Jan 03, 2006 10:36 pm

Post by phparion »

mahin wrote:
tahiralijafri wrote: willl this script do it for me if yes then please brief me about it. I will be very thankful to you i
Follow what is in last post by LinuxFreak.

If you feel it need more explanation / hand holding then please do point so it can be improved.

This is supposed to wark as advertized :) but if does not then please post here what is not working.
Mahin! Interestingly in your post there is no technical and informtive thing so you just put more burden on this thead with meaningless reply :twisted: :twisted: :twisted:
- Winners never quit, Quitters never win!
crazy_frog
Naik
Posts: 72
Joined: Fri Dec 16, 2005 9:44 am
Location: Karachi, Pakistan
Contact:

Post by crazy_frog »

syedali999 wrote:m i permitted to supply you the more generous solution???

first of all for Http, re-compile your squid with --enable-arp-acl option

or go for :

http://www.linuxpakistan.net/forum2x/vi ... php?t=2182
Thanks ...

This link had all the things I needed and even more. :)
Hâve á nice day !!
Post Reply