New user's registration have been closed due to high spamming and low trafic on this forum. Please contact forum admins directly if you need an account. Thanks !

moblock on Bubba

How are you using your Bubba? Got ideas for a cool modification? Share!
Locked
efolch
Posts: 4
Joined: 11 Oct 2008, 12:01

moblock on Bubba

Post by efolch »

Hi,

As those forums have been of great help for setting up my bubba two, I felt I was in debt, so my first post is a give back: how to set up moblock on Bubba Two.

Moblock is a "Peerguardian for linux". See http://moblock.berlios.de/ or http://phoenixlabs.org/pg2/ . If you don't know about moblock or peerguardian you may not need them.

In my B2 it's quite lightweitgh (except when loading blocklists on start) and I can hardly see it in "top".

So, straight to the point, to install moblock (you may disregard some steps if you know what you're doing):
1) get root privileges, and move to a temp/work dir
2) apt-get install bzip2 gcc g++ build-essential libnetfilter-queue-dev libnetfilter-queue
3) wget http://download.berlios.de/moblock/MoBl ... 86.tar.bz2
4) tar xvjf MoBlock-0.8-i586.tar.bz2
5) cd MoBlock-0.8
6) edit Makefile to remove references to x86 arch (line 10, "-march=i586 -mtune=i686" - just delete them)
7) make
8) make install

At this point you have done the easiest, safest part of the job and you should have a working /usr/bin/moblock, but you'll need a working blocklist file (ie: guarding.p2p or similar) to have moblock do something useful.

(to be continued)
efolch
Posts: 4
Joined: 11 Oct 2008, 12:01

moblock on Bubba

Post by efolch »

Enhanced options (1):

If you, as me, want moblock run at startup, as any other daemon, you may need to customize MoBlock-nfq.sh (it's in the directory where you compiled moblock) or create a new script from scratch.

I customized MoBlock-nfq.sh and placed at /etc/init.d/moblock. It should accept at least "start" and "stop" as arguments. Something like "restart" is usually helpful. Also "status" can be of some help sometimes. Try yourself if you're confortable with scripting. I can post my /etc/init.d/moblock if there are requests (221 lines). Once it's in /etc/init.d, just add the links as needed to the diferent runlevels:

---cut
ln -s /etc/init.d/moblock /etc/rc0.d/K20moblock
ln -s /etc/init.d/moblock /etc/rc1.d/K20moblock
ln -s /etc/init.d/moblock /etc/rc2.d/S20moblock
ln -s /etc/init.d/moblock /etc/rc3.d/S20moblock
ln -s /etc/init.d/moblock /etc/rc4.d/S20moblock
ln -s /etc/init.d/moblock /etc/rc5.d/S20moblock
ln -s /etc/init.d/moblock /etc/rc6.d/K20moblock
---cut

Note: BE CAREFUL. As you know your access to bubba is through the network, if you configure moblock to block your access you may find yourself without ANY access to bubba. My recomendation, do not set anything to autostart until you're pretty sure you're doing it well.

For those of you fearful of losing access to Bubba, just crontab something that stops moblock or disables upon reboot. That way in case you miss your config you can just wait crontab to regrant you access to your bubba, or reboot get rid of it. As before, ask for my "moblock-safestop" script if you don't know how to create it (I'm one of those cowards!).

(to be continued)
efolch
Posts: 4
Joined: 11 Oct 2008, 12:01

moblock on Bubba

Post by efolch »

Yet more enhanced options:

3)
If you hace a Debian/ubuntu box (not Bubba), you can install moblock from packages. You will find there some scripts/tools/tips to make moblock easier to update and use. You can get ideas from there and do something similar in you bubba. Also, you can use the guarding.p2p from your big box and just move it to bubba.

ie: I've added and "allow.p2p" option to my startup script to whitelist IP ranges (home network).

2)
Remember to add you moblock log file to logrotate.

3)
My B2 configuration (it's behind a firewall, not directly connected to the internet) is ideal to run moblock instead of the default iptables rules (in bubba, /etc/init.dfirewall). I've not done intense testing in this sense, but I bet it will override your firewall configuration. moblock will DROP or ACCEPT packets and will not continue to check other rules you may have in your firewall configuration. However, is pretty straightforward to have moblock behave almost as your firewall using a script similar to MoBlock-nfq.sh (but the firewall configuration tab in the bubba admin web will render useless in this case). Feel free to comment on this if you test this case.

Hope this guide helps.

cheers,
k
jonte
Posts: 65
Joined: 05 Nov 2008, 11:52

Re: moblock on Bubba

Post by jonte »

Found this "old" guide, I'm thinking of setting up Moblock on my B2, has anybody else tried this. Any response?

//Jonte
jonte
Posts: 65
Joined: 05 Nov 2008, 11:52

Re: moblock on Bubba

Post by jonte »

jonte wrote:Found this "old" guide, I'm thinking of setting up Moblock on my B2, has anybody else tried this. Any response?

//Jonte
Efolch, thanks for the guide.
I'd be very interested in your moblock-safestop script.
Not all to comfortable in a Linux environment, I'd better be safe than sorry.

I've completed the steps in your first post, haven't configured anything else yet though, nor set up a blocklist file yet.

Thanks.
Locked