1748023 Members
4516 Online
108757 Solutions
New Discussion юеВ

blocking ports

 

blocking ports

hi all

how can i block kaaza ports. i'm using squid+masq~ing.

guide me through the rest
1 GOD 1 LIFE
9 REPLIES 9
David Timms
Frequent Advisor

Re: blocking ports

First, have a look at:
Masquerading Made Simple HOWTO.

are U using iptables ?
what is the kazaa port number ?
inbound, outbound kazaa or both ?
if it is iptables, post results of:
iptables -L
and
iptables -t nat -L

Security-wise you are probably better of blocking everything inbound (from the internet), and allowing only specific services through...

Re: blocking ports

thanks for reply

i use iptables for that purpose
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A Postrouting -s 150.100.16.0/255.255.240.0 -d ! 150.100.16.0/255.255.240.0 -o ppp0 -j MASQUERADE

Now what do u say? how can i block Kaaza.

1 GOD 1 LIFE

Re: blocking ports

hello

kaaza uses port 1214

1 GOD 1 LIFE
Claudio Cilloni
Honored Contributor

Re: blocking ports

I think that you could add two new rules to iptables:

# iptables -A FORWARD --source-port 1214 -j DROP
# iptables -A FORWARD --destination-port 1214 -j DROP

you can also read the iptables' man page (# man iptables) and
some linux HOWTOs like

Firewall-HOWTO
IP-Masquerade-HOWTO

that you can find at http://www.tldp.org

hope this helps,
Claudio

Re: blocking ports

hi

i'm still unable to solve that issue. i added the rules but i think i couldn't get the correct port of Kazaa.

Do anyone have, plz tell me how to do that

thanx
1 GOD 1 LIFE
Jerome Henry
Honored Contributor

Re: blocking ports

Yes, Kazaa seems to be negociating changing ports. Try this :
iptables -A FORWARD -m recent --name kazaa --rcheck --seconds 60 -j DROP
iptables -A FORWARD -i ppp0 -p tcp -m string --string 'X-Kazaa' -m recent --name kazaa --set -j DROP

BTW, why not assigning points to previous people who tried to help ? :-))
hth
J
You can lean only on what resists you...

Re: blocking ports

hi friends
thank u for co-operation

but the bad thing is that we r unable to block kazaa, i offer points to the great sodiers of LINUX who helps me to block kazaa.
plz help me
1 GOD 1 LIFE
Claudio Cilloni
Honored Contributor

Re: blocking ports

A work-around could be (maybe) to provide NAT only for ports/services you need, or even don't use it at all if it isn't necessary. Does you users need full NAT? If they need only web access, squid proxy is enough (or better) than NAT.

... I don't know how kazaa protocol works... sorry :-)

Jerome Henry
Honored Contributor

Re: blocking ports

Muhammad,
What doesn't work with the script I suggested ? It works on my network.
The idea is not to block the 1214 or any other specific port, as new Kazaa opens changing ports. So what we do is to check the string in the packets, that are related to kazaa, both X-kazza incoming packets and kazaa local replies.
Could you post your iptables here so we can check together what is missing ?
Otherwise, as Claudio suggested, best is to block everything as a default policy, and only accept what you know that is needed (port 21, 25, 80 and so on).
the only problem is that you will have customers complaining all the time not to be able to ICQ and so on...
Yours
Jerome
You can lean only on what resists you...