moblock on Synology NAS - All kernel modules available, but moblock won't start - Page 3

		Phoenix Labs > Projects > PeerGuardian Linux
moblock on Synology NAS - All kernel modules available, but moblock won't start

FAQ

Page 3 of 3

Thread Tools

Display Modes


11-05-2009, 02:31 AM	#21
dino Member Join Date: Jul 2009 Country: Posts: 15	Re: moblock on Synology NAS - All kernel modules available, but moblock won't start Oh I forgot, the version of the modified Blockcontrol scripts I've send you is 1.6.9.


11-09-2009, 02:02 PM	#22
jre Senior Member Join Date: Sep 2005 Posts: 588	Re: moblock on Synology NAS - All kernel modules available, but moblock won't start I haven´t received your mail (not in Inbox or in any spam folder). And probably you didn´t receive mine, which I sent via the mail interface here. So please try again. __________________ Code: Please post your logfiles and output of commands wrapped in [ CODE ] tags. You find them in the advanced editing mode: # Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages. Author of blockcontrol, previously moblock-control.


11-10-2009, 01:37 AM	#23
dino Member Join Date: Jul 2009 Country: Posts: 15	Re: moblock on Synology NAS - All kernel modules available, but moblock won't start jre, I've resend the message. Let me know if you received it or not. Thanks, Dino

11-12-2009, 04:43 PM

#24

jre

Senior Member

Join Date: Sep 2005

Posts: 588

Re: moblock on Synology NAS - All kernel modules available, but moblock won't start

Quote:

Originally Posted by dino

jre, I've resend the message. Let me know if you received it or not.

Unfortunately not, not even in Google´s spam folders.
You may try to send it directly to this address (of course replace the at)
jre.phoenix at googlemail.com
Please try an eMail without attachment first.

__________________

Code:

Please post your logfiles and output of commands wrapped in
[ CODE ] tags. You find them in the advanced editing mode: #

Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages.
Author of blockcontrol, previously moblock-control.


11-13-2009, 01:50 AM	#25
dino Member Join Date: Jul 2009 Country: Posts: 15	Re: moblock on Synology NAS - All kernel modules available, but moblock won't start I'm keep getting the message bounced back. The reason for the problem: 5.1.0 - Unknown address error 552-'5.7.0 Our system detected an illegal attachment on your message. Please\n5.7.0 visit http://mail.google.com/support/bin/a...py?answer=6590 to\n5.7.0 review our attachment guidelines. 9si3107404bwz.12' Could you please download the files from my providers ftp server? Here are the links: http://users.skynet.be/synology/ppc8...tup-script.zip http://users.skynet.be/synology/comm...trol-1.6.9.zip Thanks, Dino

11-13-2009, 02:49 PM

#26

jre

Senior Member

Join Date: Sep 2005

Posts: 588

Re: moblock on Synology NAS - All kernel modules available, but moblock won't start

Thanks, that worked finally.

So now I know that googlemail doesn´t accept .zip, .tar, .tgz, .taz, .z, .gz attachments (see http://mail.google.com/support/bin/a...py?answer=6590). Thanks google, setting up such security measures for windows users might be ok, but at least I'd like to opt out from this

Anyway, I made a diff (with dpatch) from moblock-blockcontrol-1.6.9.zip to the release (except blockcontrol-1.6.9/debian/po/templates.pot which is an automatically generated file). I tried to apply all changes if possible, see my comments:

Code:

diff -urNad blockcontrol-1.6.9~/blockcontrol blockcontrol-1.6.9/blockcontrol
--- blockcontrol-1.6.9~/blockcontrol	2009-09-14 19:35:24.000000000 +0200
+++ blockcontrol-1.6.9/blockcontrol	2009-11-13 19:32:15.000000000 +0100
@@ -27,7 +27,7 @@
 # This can happen in early boot stages before local file systems are mounted.
 
 # CONTROL_MAIN has to be set correctly in all just mentioned files.
-CONTROL_MAIN="/usr/lib/blockcontrol/blockcontrol.main"
+CONTROL_MAIN="/opt/lib/blockcontrol/blockcontrol.main"
 
 # Configure blockcontrol and load functions.
 if [ -f "$CONTROL_MAIN" ] ; then
diff -urNad blockcontrol-1.6.9~/blockcontrol.conf blockcontrol-1.6.9/blockcontrol.conf
--- blockcontrol-1.6.9~/blockcontrol.conf	2009-09-14 19:35:24.000000000 +0200
+++ blockcontrol-1.6.9/blockcontrol.conf	2009-11-13 19:32:15.000000000 +0100
@@ -10,4 +10,12 @@
 # Do a "blockcontrol restart" (sometimes even "reload" is enough) when you have
 # edited this file.
 
+INIT="1"

unnecessary, that's the default

Code:

+
 WHITE_TCP_OUT="http https"
+WHITE_UDP_OUT=""
+WHITE_TCP_IN="5000 5001 22"

probably useful, to avoid locking you out from your box. But if possible I´d suggest to whitelist your local IPs instead of ports, so that you have more protection.

Code:

+WHITE_UDP_IN=""
+
+WHITE_IP_OUT=""
+WHITE_IP_IN=""
diff -urNad blockcontrol-1.6.9~/blockcontrol.defaults blockcontrol-1.6.9/blockcontrol.defaults
--- blockcontrol-1.6.9~/blockcontrol.defaults	2009-09-14 19:35:24.000000000 +0200
+++ blockcontrol-1.6.9/blockcontrol.defaults	2009-11-13 19:32:15.000000000 +0100
@@ -10,14 +10,14 @@
 ################################ Paths and names ###############################
 
 # PATH has to be set here, nowhere else, for the automatic NAME detection.
-PATH="/usr/bin:/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
+PATH="/opt/bin:/opt/sbin:/usr/bin:/bin:/sbin:/usr/sbin"
 
 # The name of the IP block daemon (moblock or nfblockd), its path and pidfile.
 # This is set automatically later, so you should not need to set them here.
 # If you experience problems, you may set *all 3 of them* in blockcontrol.conf.
 NAME="moblock"
-DAEMON="/usr/bin/moblock"
-PIDFILE="/var/run/moblock.pid"
+DAEMON="/opt/bin/moblock"
+PIDFILE="/opt/var/run/moblock.pid"
 
 # The daemon description.
 DESC="IP block daemon"
@@ -25,10 +25,10 @@
 # MoBlock's daemon log (NFBlock always uses syslog)
 # You can turn off MoBlock's logging by setting DAEMON_LOG=""
 # Please note that "blockcontrol test" will not work then.
-DAEMON_LOG="/var/log/moblock.log"
+DAEMON_LOG="/opt/var/log/moblock.log"
 
 # MoBlock's stat file (NFBlock doesn't have one).
-STATFILE="/var/log/MoBlock.stats"
+STATFILE="/opt/var/log/MoBlock.stats"
 
 # The name of this software
 CONTROL_NAME="blockcontrol"
@@ -38,37 +38,37 @@
 VERSION=1.6.9
 
 # The path of the blockcontrol script
-CONTROL_SCRIPT="/usr/bin/$CONTROL_NAME"
+CONTROL_SCRIPT="/opt/bin/$CONTROL_NAME"
 
 # The path and pidfile of the blockcontrol.wd script
-WD_PATHNAME="/usr/bin/$CONTROL_NAME.wd"
-WD_PID="/var/run/$(basename $WD_PATHNAME).pid"
+WD_PATHNAME="/opt/bin/$CONTROL_NAME.wd"
+WD_PID="/opt/var/run/$(basename $WD_PATHNAME).pid"
 
 # blockcontrol's log file
-CONTROL_LOG="/var/log/$CONTROL_NAME.log"
+CONTROL_LOG="/opt/var/log/$CONTROL_NAME.log"
 
 # The path to the blockcontrol library
-CONTROL_LIB="/usr/lib/$CONTROL_NAME/$CONTROL_NAME.lib"
+CONTROL_LIB="/opt/lib/$CONTROL_NAME/$CONTROL_NAME.lib"
 
 # The path to the user configuration
-CONTROL_CONF="/etc/$CONTROL_NAME/$CONTROL_NAME.conf"
+CONTROL_CONF="/opt/etc/$CONTROL_NAME/$CONTROL_NAME.conf"
 
 # The path of blocklists.list
-BLOCKLISTS_LIST="/etc/$CONTROL_NAME/blocklists.list"
+BLOCKLISTS_LIST="/opt/etc/$CONTROL_NAME/blocklists.list"
 
 # The path of the master blocklist directory
-MASTER_BLOCKLIST_DIR="/var/lib/$CONTROL_NAME"
+MASTER_BLOCKLIST_DIR="/opt/var/lib/$CONTROL_NAME"
 
 # The path of the directory where the blocklists are downloaded and manipulated
-BLOCKLISTS_DIR="/var/spool/$CONTROL_NAME"
+BLOCKLISTS_DIR="/opt/var/spool/$CONTROL_NAME"
 
 # The path to the allow lists
 # Note that per default the same allow list is used for all input and output
 # connections, and is disabled for forward.
 # The path to the allow list for incoming connections
-ALLOW_IN="/etc/$CONTROL_NAME/allow.p2p"
+ALLOW_IN="/opt/etc/$CONTROL_NAME/allow.p2p"
 # The path to the allow list for outgoing connections
-ALLOW_OUT="/etc/$CONTROL_NAME/allow.p2p"
+ALLOW_OUT="/opt/etc/$CONTROL_NAME/allow.p2p"
 # The path to the allow list for forwarded connections.
 # Don't add your own IP / LAN there or MoBlock will not work at all for FORWARD.
 ALLOW_FW=""
@@ -76,7 +76,7 @@
 # The directory of the custom iptables scripts.
 # All files in this directory, that end in insert.sh/remove.sh will be executed
 # on "blockcontrol start/stop", if IPTABLES_SETTINGS is 1 or 2.
-IPTABLES_CUSTOM_DIR="/etc/$CONTROL_NAME"
+IPTABLES_CUSTOM_DIR="/opt/etc/$CONTROL_NAME"
 
 # The path of the file with the md5sum of all blocklist configurations
 MD5SUM_FILE="$BLOCKLISTS_DIR/MD5SUM"
@@ -84,7 +84,8 @@
 # The path of the lsb init functions.
 # If you want to use only blockcontrol´s builtin LSB functions, you have to set
 # this to an empty value.
-LSB="/lib/lsb/init-functions"
+#LSB="/opt/lib/lsb/init-functions"
+LSB=""
 
 # Remember standard IFS (Internal Field Seperator)
 STDIFS=$IFS
@@ -347,7 +348,7 @@
 
 # Specify the mail recipient of the result of the automatic blocklist update.
 # If empty, cron will decide what happens with the output.
-CRON_MAILTO="root"
+CRON_MAILTO="dino"

hmm, probably that would be a good default. Na, just joking ;->

Code:

 # Exit Status Codes
 # TODO: Rework exit status to LSB conformance:
diff -urNad blockcontrol-1.6.9~/blockcontrol.lib blockcontrol-1.6.9/blockcontrol.lib
--- blockcontrol-1.6.9~/blockcontrol.lib	2009-09-14 19:35:24.000000000 +0200
+++ blockcontrol-1.6.9/blockcontrol.lib	2009-11-13 19:32:15.000000000 +0100
@@ -145,7 +145,7 @@
 
     base="$(basename $1)"
     if [ ! "$specified" ]; then
-        pidfile="/var/run/$base.pid"
+        pidfile="/opt/var/run/$base.pid"
     fi
 
     if [ -n "${pidfile:-}" ] && [ -r "$pidfile" ]; then
@@ -158,13 +158,14 @@
                 echo "$pid"
                 return 0 # program is running, but not owned by this user
             else
-                return 1 # program is dead and /var/run pid file exists
+                return 1 # program is dead and /opt/var/run pid file exists
             fi
         fi
     fi
     if test_external pidof && [ ! "$specified" ]; then
         status="0"
-        pidof -o %PPID -x $1 || status="$?"
+        #pidof -o %PPID -x $1 || status="$?"
+		pidof %PPID $1 || status="$?"

This code is from the Debian init scripts, so I haven´t written it. Anyway:
Here we check whether a process $1 is running.
"-o %PPID" means to omit the calling shell script's PID. If you have to, remove this term completely.
"-x" Scripts too - this causes the program to also return process id's of shells running the named scripts.
But I think "pidof $1" is safe for all our purposes, so I've changed the code for that.
DONE.

Code:

         if [ "$status" = 1 ]; then
             return 3 # program is not running
         fi
@@ -212,7 +213,7 @@
 
     base="$(basename $1)"
     if [ ! $pidfile ]; then
-        pidfile="/var/run/$base.pid"
+        pidfile="/opt/var/run/$base.pid"
     fi
 
     # Remove leading - and SIG from the sig. If none is given ($2), sig stays empty. (probably!?)
@@ -1187,7 +1188,7 @@
         # Use start-stop-daemon
 		# Start watchdog in the background with "-b"
 		# Note: use -N for nice level, not -n as per LSB
-		start-stop-daemon -b -N $WD_NICE -p $WD_PID --exec $WD_PATHNAME --start --
+		start-stop-daemon -b -N $WD_NICE -p $WD_PID -x $WD_PATHNAME -S --

That should work, too. Applied.

Code:

 	else
 		# LSB, start blockcontrol.wd in the background with "&".
 		start_daemon -n $WD_NICE -p $WD_PID $WD_PATHNAME &
@@ -1365,7 +1366,7 @@
                     # works with mobloquer.
 					# Start MoBlock in the background with "-b"
 					# Note: use -N for nice level, not -n as per LSB
-					start-stop-daemon -b -N $NICE_LEVEL -p $PIDFILE --exec $DAEMON --start -- $DAEMON_OPTS
+					start-stop-daemon -b -N $NICE_LEVEL -p $PIDFILE -x $DAEMON -S -- $DAEMON_OPTS

pgl is always started with start_daemon, so no need for a change.

Code:

 				else
 					# LSB, start MoBlock in the background with "&"
 					# > /dev/null because of moblock´s stdout sometimes appearing in some logfiles.
diff -urNad blockcontrol-1.6.9~/blockcontrol.main blockcontrol-1.6.9/blockcontrol.main
--- blockcontrol-1.6.9~/blockcontrol.main	2009-09-14 19:35:24.000000000 +0200
+++ blockcontrol-1.6.9/blockcontrol.main	2009-11-13 19:32:15.000000000 +0100
@@ -19,7 +19,7 @@
 # with this program; if not, write to the Free Software Foundation, Inc.,
 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 
-CONTROL_DEFAULTS="/usr/lib/blockcontrol/blockcontrol.defaults"
+CONTROL_DEFAULTS="/opt/lib/blockcontrol/blockcontrol.defaults"
 
 # Set LC_ALL environment variable to the value C, to achieve a consistent grep behaviour.
 export LC_ALL=C
@@ -38,12 +38,12 @@
 	if [ -x "$PATH_I/moblock" ] ; then
 		NAME="moblock"
 		DAEMON="$PATH_I/moblock"
-		PIDFILE="/var/run/moblock.pid"
+		PIDFILE="/opt/var/run/moblock.pid"
 		break
 	elif [ -x "$PATH_I/nfblockd" ] ; then
 		NAME="nfblockd"
 		DAEMON="$PATH_I/nfblockd"
-		PIDFILE="/var/run/nfblockd.pid"
+		PIDFILE="/opt/var/run/nfblockd.pid"
 		break
 	fi
 done
diff -urNad blockcontrol-1.6.9~/blockcontrol.wd blockcontrol-1.6.9/blockcontrol.wd
--- blockcontrol-1.6.9~/blockcontrol.wd	2009-09-14 19:35:24.000000000 +0200
+++ blockcontrol-1.6.9/blockcontrol.wd	2009-11-13 19:32:15.000000000 +0100
@@ -26,7 +26,7 @@
 # This can happen in early boot stages before local file systems are mounted.
 
 # CONTROL_MAIN has to be set correctly in all just mentioned files.
-CONTROL_MAIN="/usr/lib/blockcontrol/blockcontrol.main"
+CONTROL_MAIN="/opt/lib/blockcontrol/blockcontrol.main"
 
 # Configure blockcontrol and load functions.
 if [ -f "$CONTROL_MAIN" ] ; then
diff -urNad blockcontrol-1.6.9~/blocklists.list blockcontrol-1.6.9/blocklists.list
--- blockcontrol-1.6.9~/blocklists.list	2009-09-14 19:35:24.000000000 +0200
+++ blockcontrol-1.6.9/blocklists.list	2009-11-13 19:32:15.000000000 +0100
@@ -34,40 +34,40 @@
 http://list.iblocklist.com/?list=tbnuqfclfkemqivekikv
 
 # TBG Bogon
-http://list.iblocklist.com/?list=ewqglwibdgjttwttrinl
+#http://list.iblocklist.com/?list=ewqglwibdgjttwttrinl
 
 # Bluetack level1 (P2P)
-#http://list.iblocklist.com/?list=bt_level1
+http://list.iblocklist.com/?list=bt_level1
 
 # Bluetack level2
-#http://list.iblocklist.com/?list=bt_level2
+http://list.iblocklist.com/?list=bt_level2
 
 # Bluetack level3
-#http://list.iblocklist.com/?list=bt_level3
+http://list.iblocklist.com/?list=bt_level3
 
 # Bluetack edu
-#http://list.iblocklist.com/?list=bt_edu
+http://list.iblocklist.com/?list=bt_edu
 
 # Bluetack ads
-#http://list.iblocklist.com/?list=bt_ads
+http://list.iblocklist.com/?list=bt_ads
 
 # Bluetack bogon
 #http://list.iblocklist.com/?list=bt_bogon
 
 # Bluetack spyware
-#http://list.iblocklist.com/?list=bt_spyware
+http://list.iblocklist.com/?list=bt_spyware
 
 # Bluetack spider
-#http://list.iblocklist.com/?list=bt_spider
+http://list.iblocklist.com/?list=bt_spider
 
 # Bluetack Microsoft
-#http://list.iblocklist.com/?list=bt_microsoft
+http://list.iblocklist.com/?list=bt_microsoft
 
 # Bluetack proxy
 http://list.iblocklist.com/?list=bt_proxy
 
 # Bluetack hijacked
-#http://list.iblocklist.com/?list=bt_hijacked
+http://list.iblocklist.com/?list=bt_hijacked
 
 # Bluetack badpeers (previously known as templist)
 #http://list.iblocklist.com/?list=bt_templist
@@ -76,6 +76,6 @@
 #http://list.iblocklist.com/?list=bt_rangetest
 
 # Bluetack dshield
-http://list.iblocklist.com/?list=bt_dshield
+#http://list.iblocklist.com/?list=bt_dshield
 
 #locallist /etc/blockcontrol/custom-blocklist.p2p

Someday I want to start a discussion about default blocklists. I've noted down to contact you then.

Code:

diff -urNad blockcontrol-1.6.9~/install.sh blockcontrol-1.6.9/install.sh
--- blockcontrol-1.6.9~/install.sh	1970-01-01 01:00:00.000000000 +0100
+++ blockcontrol-1.6.9/install.sh	2009-11-13 19:32:15.000000000 +0100
@@ -0,0 +1,14 @@
+#!/bin/sh
+install -d /opt/lib/blockcontrol
+install -d /opt/etc/blockcontrol
+install -d /var/lib/blockcontrol
+install -d /var/spool/blockcontrol
+install -D -m 755 blockcontrol /opt/bin/blockcontrol
+install -D -m 755 blockcontrol.main /opt/lib/blockcontrol/blockcontrol.main
+install -D -m 644 blockcontrol.defaults /opt/lib/blockcontrol/blockcontrol.defaults
+install -D -m 644 blockcontrol.lib /opt/lib/blockcontrol/blockcontrol.lib
+install -D -m 755 blockcontrol.wd /opt/bin/blockcontrol.wd
+install -D -m 644 allow.p2p /opt/etc/blockcontrol/allow.p2p
+install -D -m 644 blockcontrol.conf /opt/etc/blockcontrol/blockcontrol.conf
+install -D -m 644 blocklists.list /opt/etc/blockcontrol/blocklists.list
+

Why not change the Makefile? Anyway, as I already told you, I will change the Makefile, so that in the future you can adjust all paths there, and the rest will be done automatically.

Quote:

Originally Posted by dino

The reason that I use a startup script to insert the kernel modules is that I had to compile a lot of modules which are not available out-of-the-box from synology. To "restore" the original config of the diskstation, modules not packed by synology will be removed out of the kernel when the diskstation does a shutdown or when you shutdown moblock by this script. I don't think it's necessary to implement this in blockcontrol since it's related only to a Synology system .

So this script is not strictly needed to insert the modules? If no, please tell me which modules were not loaded automatically. I definitely want to fix this in pglcmd, because I condsider this as a bug.
But still, now that you´ve told me, I think removing modules that were inserted by pglcmd, would be a nice feature. I've put it on the TODO.

__________________

Code:

Please post your logfiles and output of commands wrapped in
[ CODE ] tags. You find them in the advanced editing mode: #

Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages.
Author of blockcontrol, previously moblock-control.

11-15-2009, 01:10 PM

#27

dino

Member

Join Date: Jul 2009

Country:

Posts: 15

Re: moblock on Synology NAS - All kernel modules available, but moblock won't start

jre, thanks a mil mate!

regarding:

Quote:

I'm not sure if the "author" of blockcontrol should implement such a feature since it's system related. People using moblock/nfblock should have enough knowledge of linux to check wether the needed kernel modules are available. Of course you could query the installed modules and let the scripts fail if some of them are not installed. Since those scripts shoud work now on any optware installed software on any NAS devices having the needed kernel modules installed it is ok (for me at least).

I'm affraid that this forum would be pumped with questions regarding cross compiling modules for NAS devices which is not in place here (or am I wrong?)

To get back to the question: Synology has a firewall included in their latest stable firmware (2.0-942) with some kernel modules also inserted on enabling the firewall service, but to run blockcontrol you need at least 6 more modules. I have build some scripts to generate the kernel modules for some of the synology systems which I'll make available to the synology forum users.

cheers,
Dino

Page 3 of 3

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

Forum Jump

All times are GMT -5. The time now is 02:52 AM.