topic Re: blocking ports in Operating System - Linux

blocking ports

Muhammad Imran Hussain — Sat, 31 May 2003 11:37:31 GMT

hi all

how can i block kaaza ports. i'm using squid+masq~ing.

guide me through the rest

Re: blocking ports

David Timms — Sun, 01 Jun 2003 06:52:01 GMT

First, have a look at:
Masquerading Made Simple HOWTO.

are U using iptables ?
what is the kazaa port number ?
inbound, outbound kazaa or both ?
if it is iptables, post results of:
iptables -L
and
iptables -t nat -L

Security-wise you are probably better of blocking everything inbound (from the internet), and allowing only specific services through...

Re: blocking ports

Muhammad Imran Hussain — Mon, 02 Jun 2003 04:10:43 GMT

thanks for reply

i use iptables for that purpose
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A Postrouting -s 150.100.16.0/255.255.240.0 -d ! 150.100.16.0/255.255.240.0 -o ppp0 -j MASQUERADE

Now what do u say? how can i block Kaaza.

Re: blocking ports

Muhammad Imran Hussain — Mon, 02 Jun 2003 06:26:03 GMT

hello

kaaza uses port 1214

Re: blocking ports

Claudio Cilloni — Tue, 03 Jun 2003 05:45:32 GMT

I think that you could add two new rules to iptables:

# iptables -A FORWARD --source-port 1214 -j DROP
# iptables -A FORWARD --destination-port 1214 -j DROP

you can also read the iptables' man page (# man iptables) and
some linux HOWTOs like

Firewall-HOWTO
IP-Masquerade-HOWTO

that you can find at http://www.tldp.org

hope this helps,
Claudio

Re: blocking ports

Muhammad Imran Hussain — Tue, 03 Jun 2003 13:59:57 GMT

hi

i'm still unable to solve that issue. i added the rules but i think i couldn't get the correct port of Kazaa.

Do anyone have, plz tell me how to do that

thanx

Re: blocking ports

Jerome Henry — Tue, 03 Jun 2003 14:14:01 GMT

Yes, Kazaa seems to be negociating changing ports. Try this :
iptables -A FORWARD -m recent --name kazaa --rcheck --seconds 60 -j DROP
iptables -A FORWARD -i ppp0 -p tcp -m string --string 'X-Kazaa' -m recent --name kazaa --set -j DROP

BTW, why not assigning points to previous people who tried to help ? :-))
hth
J

Re: blocking ports

Muhammad Imran Hussain — Wed, 04 Jun 2003 06:10:31 GMT

hi friends
thank u for co-operation

but the bad thing is that we r unable to block kazaa, i offer points to the great sodiers of LINUX who helps me to block kazaa.
plz help me

Re: blocking ports

Claudio Cilloni — Wed, 04 Jun 2003 06:35:07 GMT

A work-around could be (maybe) to provide NAT only for ports/services you need, or even don't use it at all if it isn't necessary. Does you users need full NAT? If they need only web access, squid proxy is enough (or better) than NAT.

... I don't know how kazaa protocol works... sorry :-)

Re: blocking ports

Jerome Henry — Wed, 04 Jun 2003 07:24:48 GMT

Muhammad,
What doesn't work with the script I suggested ? It works on my network.
The idea is not to block the 1214 or any other specific port, as new Kazaa opens changing ports. So what we do is to check the string in the packets, that are related to kazaa, both X-kazza incoming packets and kazaa local replies.
Could you post your iptables here so we can check together what is missing ?
Otherwise, as Claudio suggested, best is to block everything as a default policy, and only accept what you know that is needed (port 21, 25, 80 and so on).
the only problem is that you will have customers complaining all the time not to be able to ICQ and so on...
Yours
Jerome