I've installed moblock blockcontrol and mobloquer, it is setup to start on system starup which is fine. My problem is that it doesn't block anything, if I ping an address it always comes as unrechable as shown bellow:

ping www.google.co.uk
PING www.l.google.com (209.85.229.103) 56(84) bytes of data.
From 192.168.* icmp_seq=1 Destination Port Unreachable
From 192.168.* icmp_seq=2 Destination Port Unreachable
From 192.168.* icmp_seq=3 Destination Port Unreachable

this happens for all sites being pinged, yet if I open my browser (epiphany-gecko) I go surf to those sites without a problem even sites that should be blocked.

/var/blockcontrol.log states:
Starting moblock ....
Starting blockcontrol.wd ....
2009-09-18 12:08:56 BST End: blockcontrol restart
2009-09-18 12:23:37 BST Begin: blockcontrol restart
Stopping blockcontrol.wd.
Deleting iptables ...
iptables v1.3.8: Couldn't load target `blockcontrol_in':/lib/iptables/libipt_blockcontrol_in.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.8: Couldn't load target `blockcontrol_out':/lib/iptables/libipt_blockcontrol_out.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.3.8: Couldn't load target `blockcontrol_fw':/lib/iptables/libipt_blockcontrol_fw.so: cannot open shared object file: No such file or directory

Try `iptables -h' or 'iptables --help' for more information.
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
failed!
Don't worry! There occured some errors during the deletion of the iptables ... (warning).
rules. The most common reason for this is that they did not exist, because ... (warning).
moblock was not running. ... (warning).
But if moblock was running there is some problem. Most probably you have ... (warning).
installed another firewall application that did delete the iptables rules. ... (warning).
A "blockcontrol restart" will then fix the situation. ... (warning).
Stopping moblock ....
Inserting iptables ...

will someone help me get moblock working as it should I havent got the folder /etc/Moblock/ as i've read in a few places and I havent been able to locate the iptables scrips that come with moblock.

First off, please post your logs in CODE tags.

This is ok, because per default port 80 (http) is whitelisted (not checked). This means the ping to a certain IP gets checked by moblock (ping uses protocol ICMP), but when you want to access the same IP with your webbrowser (so it´s a connection on port 80 using protocol TCP) it doesn´t get checked. You can change this by editing in /etc/blockcontrol/blockcontrol.conf the entry (or do this with mobloquer).

The directory /etc/moblock/ is no more used since I renamed some stuff to "blockcontrol". Further note that your filesystem is case-sensitive (so Moblock is not the same as moblock). The default stuff is coded in /usr/lib/blockcontrol/blockcontrol.lib and configured in /etc/blockcotnrol/blockcontrol.conf. Advanced custom changes may de done in /etc/blockcontrol/iptables-custom-insert.sh and iptables-custom-remove.sh. But I doubt that any of these things should be changed by you.



Now having said all this, your blockcontrol.log looks strange. It seems as if the watchdog detected a problem and restarted blockcontrol. The problem seems to be missing iptables rules.
Do you use other firewall application that use iptables, too? E.g. firestarter or ufw? If they are started or reconfigured they purge all iptables rules, so they break blockcontrol´s iptables setup. Therefore I recommend to restart blockcontrol after every change of these applications. Otherwise the watchdog will do this every 5 minutes for you - but that´s still up to 5 minutes with a broken setup ...
If you don´t use other firewall application we probably have a serious problem. In that case please post your "blockcontrol status" and "blockcontrol show_config" (and probably more ....).


Summary: You are just fine, but should issue a "sudo blockcontrol restart" whenever you change anything in your other firewall applications.

__________________
Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages.
Author of blockcontrol, previously moblock-control.

Thanks for the reply, I thought it was somethign like that for the browser, however I have done what you stated and I can still surf any site that I want even those that should be blocked, I thought it would pick up sites from the browser.

Logs

Is there a way to stop moblock from displaying (Skipping useless range: *) I had to remove the file before I could copy and paste it

I use ufw as my firewall however i've read I can control the iptables through moblcok I hoope to use that in the future once i am accustomed to iptable syntax. At this point in time I am guessing there is no way to actually make ufw and moblock not flush the iptables.

Oh before I forget I would like moblock to be filtering http and https connections making sure only legitimate connections are being made

When you removed the http (or 80) entry from WHITE_TCP_OUT, then you have to "blockcontrol restart", so that your changes take effect. But indeed your status shows that you´re still whitelisting this port (together with many others):
No easy one, but we´re working on a complete new version.

I guess you can´t tell ufw to let other iptables rules exist. That´s quite understandable, because it´s impossible for an application to find out whether other iptables rules don´t break the own iptables rules.
For blockcontrol other iptables rules are ok, as long as
- blockcontrol´s are the first ones in the chains (you get this with a "restart").
- only blockcontrol is using the MARKing feature (that´s true in most cases)

Directly adding your iptables rules with blockcontrol, instead of using the combination of both applications, would be indeed the best solution. (Zero time without protection)

Second best would be to add "blockcontrol restart" as a hook script to ufw, so that this is done automatically whenever ufw changes the iptables. But I don´t know if this is possible. (Just a few seconds during the restart without protection)

Otherwise you have to manually restart (a few more seconds without protection), or rely on the watchdog (per default up to 5 minutes without protection)

__________________
Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages.
Author of blockcontrol, previously moblock-control.

thanks fort he fast reply I can feel at ease that at least it is working and doing its jobs, yes I will be removing http and http access from WHITE_TCP_OUT, would prefer to have sites getting blocked by default and being forced to unblock them. Well if it becomes difficult to keep track of blocked ips I will just use moblocker

My idea for using mobloc is to help block unnecessary connection from the webserver, its just my way of having an extra layer of protection and a good job is being doe on the peer lists.

Well thats from me, until I get a new problem or dive into ip table syntax take care, thanks again for the speedy reponses

PS: cant wait to see the new version

Just tried sending my server online for that I would need port 80 however what I did was open it through ufw. I want want to know would moblock still filter that port or will it just just allow any connection through that port?

When ufw is started or changes its configuration it purges all iptables rules. So you have to do an "blockcontrol restart" every time this happens. Otherwise the watchdog will check if the blockcontrol setup is fine every 5 minutes, and will do the restart automatically for you if necessary.
Between the ufw iptables purge and the "blockcontrol restart" moblock is not working!

Now, when you have taken care of this correct iptables setup, first moblock/blockcontrol will do all their filtering, and only traffic that passes this stage will be checked by ufw. So for you (filter all traffic on all ports with moblock, except certain IPs) it is indeed the correct setting to allow port 80 in ufw (note that for a webserver running on your machine this is necessary for INCOMING traffic, while for websurfing it is for OUTGOING traffic).

__________________
Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages.
Author of blockcontrol, previously moblock-control.

How do I configure ubuntu Linux to log into the server at work? At my job our computers are configured to log into the server here to connect to the internet. I installed ubuntu using wubi and when I log into ubuntu I can't connect to the internet. I tried setting the ip manually that my windows uses but still not connecting. So obviously I need to log into the server but how? Please help. thanks. Ah and another thing I went to networks and it wont even see the server or anything. Help. thanks.
___________________
yahoo keyword tool ~ overture ~ traffic estimator ~ adwords traffic estimator

1.) Start a new thread for a new topic. Don´t hijack another thread with an unrelated topic.
2.) Do you have an IPBlocker installed (MoBlock, IPList or NFBlock)?

If you have an IPBlocker installed check its logifles to see whether the server IP was blocked. If this is the case and you need further help please start a new thread here.

For any non-IPBlocker related support I strongly suggest to ask e.g. at ubuntuforums.org - there are more people who might be able to help you.

__________________
Maintainer of http://moblock-deb.sourceforge.net: MoBlock, mobloquer, blockcontrol and NFBlock Debian packages.
Author of blockcontrol, previously moblock-control.