Amule: Difference between revisions

From miki
Jump to navigation Jump to search
(→‎privacy: MoBlock, iplist, netfilter)
 
 
(20 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Stability ==
* Version '''2.2.3-0.pm.4 (i586)''' + limit '''30kB up/200kB down''' is stable

== Firewall ==
* !!! there is 3 ports to open: '''TCP 4911''', '''UDP 4672''', '''UDP 4914''' (=standard TCP+3)
** With default TCP 4662 (and UDP 4665), ''eD2k'' works well, but can't connect to ''Kad'' and/or aMule always says ''Firewalled''.
** → Changed to TCP 4911 / UDP 4914 (TCP+3).
** Configured ADSL box to forward all ports 4500-4999 (TCP+UDP) to my machine.
* Some reference pages:
** [http://www.amule.org/wiki/index.php/FAQ_eD2k-Kademlia FAQ eD2k-Kademlia]
** [http://forum.amule.org/index.php?topic=14338.0 No Kad. (UDP socket dies)]

== Privacy ==
== Privacy ==
There are several solutions for blocking access to "bad" peers (bogus peers, malware distribution, snooping peers from governmental and copyright organizations):
* iplist<br/>Last release from [http://iplist.sourceforge.net/ 2010].
* peerguardian
** peerguardian has been replaced by [http://www.peerblock.com/ peerblock], but this version is only available on windows
** The [http://phoenixlabs.org/ homepage] seems outdated (many dead links), but the [http://forums.phoenixlabs.org/index.php forum] is still active.
** Project page on [http://sourceforge.net/projects/peerguardian/ Sourceforge], seems up-to-date. Contains the source.
** last linux release [http://forums.phoenixlabs.org/thread-643.html here (2011)]. The binary package is called "moblock-deb"

* [http://www.peerblock.com/ peerblock], the new version of peerguardian on windows...

* [http://moblock-deb.sourceforge.net/ moblock-deb]
** The latest version of peerguardian 2 for [http://forums.phoenixlabs.org/thread-643.html linux] (same maintainer as peerguardian, called [http://forums.phoenixlabs.org/thread-643.html jre])

* MoBlock
** The peerguardian version 1 for linux. The last release dates back in [http://developer.berlios.de/projects/moblock/ 2006].
** See [https://help.ubuntu.com/community/MoBlock MoBlock on Ubuntu].

* Moblocker
** Gui for moblock, but according to this post, it is [http://forums.phoenixlabs.org/thread-4378-page-9.html dead]. New project is at [http://peerguardian.git.sourceforge.net/git/gitweb.cgi?p=peerguardian/peerguardian;a=summary].


On the effectiveness of blocking lists:
* http://torrentfreak.com/do-p2p-blocklists-keep-you-safe/

=== MoBlock ===
=== MoBlock ===
* Homepage: http://moblock.berlios.de/
* Homepage: http://moblock.berlios.de/
* To make on ''openSUSE'': http://forums.phoenixlabs.org/showthread.php?t=16461
* To make on ''openSUSE'': http://forums.phoenixlabs.org/showthread.php?t=16461
** Need package: libnetfilter_queue-0.0.15.tar.bz2, libnfnetlink-0.0.33.tar.bz2.
** Need package: libnetfilter_queue-0.0.15.tar.bz2, libnfnetlink-0.0.33.tar.bz2.

=== moblock-deb ===
* Homepage: http://moblock-deb.sourceforge.net/
* Ubuntu repositories (pick the right version):
<source lang="text">
# lucid
deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu lucid main
deb-src http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu lucid main
# maverick
deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu maverick main
deb-src http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu maverick main
</source>
* Add the key to the key ring:
<source lang="bash">
gpg --keyserver keyserver.ubuntu.com --recv 9C0042C8
gpg --export --armor 9C0042C8 | sudo apt-key add -
</source>


=== iplist ===
=== iplist ===
Line 10: Line 63:
* Post on openSUSE: http://forums.opensuse.org/applications/388841-iplist-peerguardian-linux-must-have-p2p.html
* Post on openSUSE: http://forums.opensuse.org/applications/388841-iplist-peerguardian-linux-must-have-p2p.html
==== Installation ====
==== Installation ====
<ul>
* Download required netfilter packages from [http://www.netfilter.org/index.html Netfilter page]
<li>On Ubuntu:</li>
** '''[http://www.netfilter.org/projects/libnfnetlink/downloads.html libnfnetlink]'''
<ul>
** '''[http://www.netfilter.org/projects/libnetfilter_queue/downloads.html libnetfilter_queue]'''
<li>There is an apt repository. Add a file '''iplist.list''' in directory '''/etc/apt/sources.list.d'''):</li>
* Download iplist from [http://iplist.sourceforge.net/start.html IPList page]. There is openSUSE prebuilt RPMs.
<source lang="text">
** '''[http://downloads.sourceforge.net/iplist/iplist-0.22-0.suse11.i586.rpm?modtime=1222985219&big_mirror=0 iplist-0.22-0.suse11.i586.rpm]'''
deb http://ppa.launchpad.net/ssakar/ppa/ubuntu karmic main
** [http://sourceforge.net/project/showfiles.php?group_id=198679 Other versions]
deb-src http://ppa.launchpad.net/ssakar/ppa/ubuntu karmic main
* First build ''libnfnetlink'':
</source>
<li>Import the package key and install the package:</li>
<source lang="bash">
sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C6E3D905C8BCD56BB02E6E0B39456311108B243F
sudo apt-get install iplist
</source>
</ul>
<li>On other distributions:</li>
<ul>
<li>Download required netfilter packages from [http://www.netfilter.org/index.html Netfilter page]</li>
* '''[http://www.netfilter.org/projects/libnfnetlink/downloads.html libnfnetlink]'''
* '''[http://www.netfilter.org/projects/libnetfilter_queue/downloads.html libnetfilter_queue]'''
<li>Download iplist from [http://iplist.sourceforge.net/start.html IPList page].</li>
* openSUSE prebuilt RPMs ([http://downloads.sourceforge.net/iplist/iplist-0.22-0.suse11.i586.rpm?modtime=1222985219&big_mirror=0 iplist-0.22-0.suse11.i586.rpm])
* [http://sourceforge.net/project/showfiles.php?group_id=198679 Other versions]
<li> First build ''libnfnetlink'':</li>
<source lang="bash">
<source lang="bash">
tar -xvfj libnfnetlink-0.0.39.tar.bz2
tar -xvfj libnfnetlink-0.0.39.tar.bz2
Line 24: Line 93:
sudo make install
sudo make install
</source>
</source>
* Then build ''libnetfilter_queue'':
<li>Then build ''libnetfilter_queue'':</li>
<source lang="bash">
<source lang="bash">
tar -xvfj libnetfilter_queue-0.0.16.tar.bz2
tar -xvfj libnetfilter_queue-0.0.16.tar.bz2
Line 32: Line 101:
sudo make install
sudo make install
</source>
</source>
* Finally, install ''iplist'', but ignore dependencies:
<li> Finally, install ''iplist'', but ignore dependencies:</li>
<source lang="bash">
<source lang="bash">
sudo rpm -ivh --nodeps iplist-0.22-0.suse11.i586.rpm
sudo rpm -ivh --nodeps iplist-0.22-0.suse11.i586.rpm
</source>
</source>
</ul>

==== Configuration ====
Following the recommendation on [http://twigstechtips.blogspot.com/2011/06/linux-installing-ipblockiplist-and.html this post]:
* Copy the default configuration files:
<source lang="bash">
cp /usr/share/doc/iplist/examples/ipblock.lists /etc
cp /usr/share/doc/iplist/examples/ipblock.conf /etc
</source>
* Edit the list file, and replace the bluetack.co.uk entries with those from [http://www.iblocklist.com/lists.php iblocklist], which are updated more often.
<source lang="bash">
vim /etc/ipblock.lists
</source>

==== Usage ====
==== Usage ====
* Type <tt>sudo ipblock -g</tt> to start the GUI. At first boot, it will creates the '''rc.d''' entry.
* Type <tt>sudo DISPLAY=:0.0 /usr/sbin/ipblock -g</tt> to start the GUI. At first boot, it will creates the '''rc.d''' entry.
* Type <tt>sudo /usr/sbin/ipblock -s&</tt> to start blocking.
* Configuration file is at '''/etc/ipblock.conf'''. All lists URL is at '''ipblock.list'''.
* Configuration file is at '''<tt>/etc/ipblock.conf</tt>'''. All lists URL is at '''<tt>/etc/ipblock.list</tt>'''.

==== Troubleshoot ====
* If like me, your dhcp server gives you an address in the range <tt>172.19.xxx.yyy</tt>, all internet connections will be blocked by ''iplist''. To prevent this, an easy (but heavy) workaround is simply to remove list ''bogon.gz''.


=== Netfilter ===
=== Netfilter ===

Latest revision as of 22:04, 29 June 2011

Stability

  • Version 2.2.3-0.pm.4 (i586) + limit 30kB up/200kB down is stable

Firewall

  • !!! there is 3 ports to open: TCP 4911, UDP 4672, UDP 4914 (=standard TCP+3)
    • With default TCP 4662 (and UDP 4665), eD2k works well, but can't connect to Kad and/or aMule always says Firewalled.
    • → Changed to TCP 4911 / UDP 4914 (TCP+3).
    • Configured ADSL box to forward all ports 4500-4999 (TCP+UDP) to my machine.
  • Some reference pages:

Privacy

There are several solutions for blocking access to "bad" peers (bogus peers, malware distribution, snooping peers from governmental and copyright organizations):

  • iplist
    Last release from 2010.
  • peerguardian
    • peerguardian has been replaced by peerblock, but this version is only available on windows
    • The homepage seems outdated (many dead links), but the forum is still active.
    • Project page on Sourceforge, seems up-to-date. Contains the source.
    • last linux release here (2011). The binary package is called "moblock-deb"
  • peerblock, the new version of peerguardian on windows...
  • moblock-deb
    • The latest version of peerguardian 2 for linux (same maintainer as peerguardian, called jre)
  • MoBlock
  • Moblocker
    • Gui for moblock, but according to this post, it is dead. New project is at [1].


On the effectiveness of blocking lists:

MoBlock

moblock-deb

# lucid
deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu lucid main
deb-src http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu lucid main
# maverick
deb http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu maverick main
deb-src http://ppa.launchpad.net/jre-phoenix/ppa/ubuntu maverick main
  • Add the key to the key ring:
gpg --keyserver keyserver.ubuntu.com --recv 9C0042C8
gpg --export --armor 9C0042C8 | sudo apt-key add -

iplist

Installation

  • On Ubuntu:
    • There is an apt repository. Add a file iplist.list in directory /etc/apt/sources.list.d):
    • deb http://ppa.launchpad.net/ssakar/ppa/ubuntu karmic main
      deb-src http://ppa.launchpad.net/ssakar/ppa/ubuntu karmic main
      
    • Import the package key and install the package:
    • sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com C6E3D905C8BCD56BB02E6E0B39456311108B243F
      sudo apt-get install iplist
      
  • On other distributions:
    • Download required netfilter packages from Netfilter page
    • Download iplist from IPList page.
    • First build libnfnetlink:
    • tar -xvfj libnfnetlink-0.0.39.tar.bz2
      cd libnfnetlink-0.0.39
      ./configure --prefix=/usr              # install libs in /usr/lib instead of /usr/local/lib
      make
      sudo make install
      
    • Then build libnetfilter_queue:
    • tar -xvfj libnetfilter_queue-0.0.16.tar.bz2
      cd libnetfilter_queue-0.0.16
      ./configure --prefix=/usr              # install libs in /usr/lib instead of /usr/local/lib
      make
      sudo make install
      
    • Finally, install iplist, but ignore dependencies:
    • sudo rpm -ivh --nodeps iplist-0.22-0.suse11.i586.rpm
      

    Configuration

    Following the recommendation on this post:

    • Copy the default configuration files:
    cp /usr/share/doc/iplist/examples/ipblock.lists /etc
    cp /usr/share/doc/iplist/examples/ipblock.conf /etc
    
    • Edit the list file, and replace the bluetack.co.uk entries with those from iblocklist, which are updated more often.
    vim /etc/ipblock.lists
    

    Usage

    • Type sudo DISPLAY=:0.0 /usr/sbin/ipblock -g to start the GUI. At first boot, it will creates the rc.d entry.
    • Type sudo /usr/sbin/ipblock -s& to start blocking.
    • Configuration file is at /etc/ipblock.conf. All lists URL is at /etc/ipblock.list.

    Troubleshoot

    • If like me, your dhcp server gives you an address in the range 172.19.xxx.yyy, all internet connections will be blocked by iplist. To prevent this, an easy (but heavy) workaround is simply to remove list bogon.gz.

    Netfilter