Menu
▾
▴
Re: [Imspector-users] Troubles with imspector
|
From: turgut k. <tu...@ka...> - 2010-03-26 09:48:55
|
Hi there.. actually it is very strange -- it was working yesterday, until I rebooted.. and now it does not. pidgin does not connect, the real MSN only connects via HTTP (squid picks it up).. Same rules, same everything pretty much.. -turgut # iptables -L -n |more Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 192.168.0.0/16 0.0.0.0/0 tcp dpt:139 ACCEPT tcp -- 192.168.0.0/16 0.0.0.0/0 tcp dpt:139 ACCEPT udp -- 192.168.0.0/16 0.0.0.0/0 udp dpt:138 ACCEPT udp -- 192.168.0.0/16 0.0.0.0/0 udp dpt:138 ACCEPT udp -- 192.168.0.0/16 0.0.0.0/0 udp dpt:137 ACCEPT udp -- 192.168.0.0/16 0.0.0.0/0 udp dpt:137 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:139 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ACCEPT tcp -- 192.168.0.0/16 0.0.0.0/0 tcp dpt:3389 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3389 Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination # iptables -L -n -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 3300 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 redir ports 16667 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 redir ports 16667 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5223 redir ports 16667 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5190 redir ports 16667 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050 redir ports 16667 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 redir ports 16667 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8074 redir ports 16667 REDIRECT tcp -- !192.168.0.0/16 0.0.0.0/0 tcp dpt:80 redir ports 82 Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1863 OWNER UID match 23 redir ports 16667 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5222 OWNER UID match 23 redir ports 16667 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5223 OWNER UID match 23 redir ports 16667 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5190 OWNER UID match 23 redir ports 16667 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5050 OWNER UID match 23 redir ports 16667 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 OWNER UID match 23 redir ports 16667 REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8074 OWNER UID match 23 redir ports 16667 On 03/26/2010 10:41 AM, ozan ucar wrote: > Hello, > Log file directory is /var/log/imspector > There any records in this directory /var/log/imspector > > And can you running imspector debug mode, example ; > > *# /usr/local/sbin/imspector -c > /usr/local/etc/imspector/imspector.conf.yedek -d* > imspector: Protocol Plugin name: Gadu-Gadu IMSpector protocol plugin > imspector: Protocol Plugin name: HTTPS IMSpector protocol plugin > imspector: Protocol Plugin name: IRC IMSpector protocol plugin > imspector: Protocol Plugin name: Jabber IMSpector protocol plugin > imspector: Protocol Plugin name: MSN IMSpector protocol plugin > imspector: Protocol Plugin name: Yahoo IMSpector protocol plugin > imspector: ACL: List /usr/local/etc/imspector/acl.txt size: 7 > imspector: ACL: Action: Allow > imspector: ACL: Local: ma...@oz... > imspector: ACL: Action: Allow > imspector: ACL: Local: xx...@ho... > imspector: ACL: Action: Allow > imspector: ACL: Local: yy...@ya... > imspector: ACL: Action: Allow > imspector: ACL: Local: zz...@ho... > imspector: ACL: Action: Allow > imspector: ACL: Local: aa...@gm... > imspector: ACL: Action: Allow > imspector: ACL: Local: sem...@ho... > imspector: ACL: Action: Allow > imspector: ACL: Local: all > imspector: Filter Plugin name: ACL IMSpector filter plugin > imspector: Bad-words: Loaded 90 bad-words, replacing with 'b' and > blocking at 0 > imspector: Filter Plugin name: Bad-words IMSpector filter plugin > imspector: Misc: Blocking all file transfers > imspector: Filter Plugin name: Misc IMSpector filter plugin > imspector: Non-HTTP port listening on 0.0.0.0:16667 > imspector: Logging Plugin name: Debug IMSpector logging plugin > imspector: Logging Plugin name: File IMSpector logging plugin > imspector: HTTP port listening on 0.0.0.0:18080 > > > turgut kalfaog(lu yazm?s,: >> Hello there.. I have a linux gateway (fedora) server with two eth >> ports, eth0 is local, eth1 points to the net. >> The same machine also runs transparent proxy via squid. My aim is to >> simply log the messages, for compliance with the local law. >> >> I installed imspector, and put these rules, but they do not seem to >> work.. (imspector is running, but no logging takes place, nothing >> unusual in /var/log/messages - apart from imspector loading its >> plugins).. I tried altering the iptables but it did not help. >> >> # I first tried them like this, it did not work: >> #iptables -t nat -A PREROUTING -i eth0 -p tcp -s 192.168.0.177 >> --destination-port 5050 -j DNAT --to-destination 127.0.0.1:16667 >> >> # I currently have it like this: >> iptables -t nat -A PREROUTING -p tcp --destination-port 1863 -j >> REDIRECT --to-ports 16667 >> iptables -t nat -A PREROUTING -p tcp --destination-port 5222 -j >> REDIRECT --to-ports 16667 >> iptables -t nat -A PREROUTING -p tcp --destination-port 5223 -j >> REDIRECT --to-ports 16667 >> iptables -t nat -A PREROUTING -p tcp --destination-port 5190 -j >> REDIRECT --to-ports 16667 >> iptables -t nat -A PREROUTING -p tcp --destination-port 5050 -j >> REDIRECT --to-ports 16667 >> iptables -t nat -A PREROUTING -p tcp --destination-port 6667 -j >> REDIRECT --to-ports 16667 >> iptables -t nat -A PREROUTING -p tcp --destination-port 8074 -j >> REDIRECT --to-ports 16667 >> iptables -t nat -A OUTPUT -p tcp --destination-port 1863 -m owner >> --uid-owner 23 -j REDIRECT --to-ports 16667 >> iptables -t nat -A OUTPUT -p tcp --destination-port 5222 -m owner >> --uid-owner 23 -j REDIRECT --to-ports 16667 >> iptables -t nat -A OUTPUT -p tcp --destination-port 5223 -m owner >> --uid-owner 23 -j REDIRECT --to-ports 16667 >> iptables -t nat -A OUTPUT -p tcp --destination-port 5190 -m owner >> --uid-owner 23 -j REDIRECT --to-ports 16667 >> iptables -t nat -A OUTPUT -p tcp --destination-port 5050 -m owner >> --uid-owner 23 -j REDIRECT --to-ports 16667 >> iptables -t nat -A OUTPUT -p tcp --destination-port 6667 -m owner >> --uid-owner 23 -j REDIRECT --to-ports 16667 >> iptables -t nat -A OUTPUT -p tcp --destination-port 8074 -m owner >> --uid-owner 23 -j REDIRECT --to-ports 16667 >> (...) >> iptables --table nat --append POSTROUTING --out-interface eth1 -j >> MASQUERADE >> iptables -A FORWARD --in-interface eth0 -j ACCEPT >> >> PS: Owner 23 is squid. >> >> Here is the imspector conf file: >> # The listening port for redirected connections >> port=16667 >> # The HTTP CONNECT proxy port >> #http_port=18080 >> >> # This is the default location of protocol and logging plugins. >> plugin_dir=/usr/lib/imspector >> >> # For dropping privs - you probably want to do this. >> #user=imspector >> #group=imspector >> >> # SSL support? >> ssl=on >> ssl_key=/usr/etc/imspector/serverkey.pem >> >> # Fixed cert? >> #ssl_cert=/usr/etc/imspector/servercert.pem >> >> # Or certs created on-the-fly and signed against a CA >> ssl_ca_key=/usr/etc/imspector/cakey.pem >> ssl_ca_cert=/usr/etc/imspector/cacert.pem >> # And finally a directory to store the created certs >> ssl_cert_dir=/var/lib/imspector >> >> # Directory of CA certs for IM server cert validation >> #ssl_verify_dir=/usr/lib/ssl/certs >> # Drop connection when the IM server has a bad cert >> #ssl_verify=block >> >> # Prefix and postfix to all responses using all responder plugins >> #response_prefix=Message from IMSpector: -= >> #response_postfix==- >> >> # SQLite DB filename for automated responses >> #responder_filename=/path/to/file >> # Inform parties that chats are monitored every N days (default is >> never) >> #notice_days=7 >> # Customised notice text >> #notice_response=Your activities are being logged >> # Inform of a blocked event, but upto a max of every N mins (default >> is never) >> #filtered_mins=15 >> # Customised filtered text (message text or filename follows in >> response) >> #filtered_response=The message or action was blocked >> >> # Will load enabled plugins in plugin_dir >> icq_protocol=on >> irc_protocol=on >> msn_protocol=on >> yahoo_protocol=on >> gg_protocol=on >> jabber_protocol=on >> >> # MSN via HTTP proxy needs https >> https_protocol=on >> >> # Log typing events? >> log_typing_events=on >> >> # Location where the file logging plugin will start from. >> file_logging_dir=/var/log/imspector >> >> # MySQL logging plugin stuff >> #mysql_server=localhost >> #mysql_database=imspector >> #mysql_username=imspector >> #mysql_password=password >> >> # For SQLite >> # Bad words filtering >> #badwords_filename=/usr/etc/imspector/badwords.txt >> #badwords_replace_character=* >> #badwords_block_count=1 >> >> # ACL >> #acl_filename=/usr/etc/imspector/acl.txt >> >> # SQLite-backed filter >> #db_filter_filename=/path/to/file >> >> # Block all filetransfers? >> #block_files=on >> >> # Block webcams? >> #block_webcams=on >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Download Intel® Parallel Studio Eval >> Try the new software tools for yourself. Speed compiling, find bugs >> proactively, and fine-tune applications for parallel performance. >> See why Intel Parallel Studio got high marks during beta. >> http://p.sf.net/sfu/intel-sw-dev >> _______________________________________________ >> Imspector-users mailing list >> Ims...@li... >> https://lists.sourceforge.net/lists/listinfo/imspector-users >> > > |