Cancelado

Iptables rule(s) to log incoming connections on a port-range

We run an OpenVPN proxy server on Ubuntu 8. All our users get the same public IP of the server and then browse the web.

The problem:

some of our users use peer-to-peer programs like bittorrent to share copyrighted materials, and we then get complaints from the movie-industry threatening to sue us if we don't turn off this user's account.

The solution:

We need logs on our server of all *incoming* connections (meaning coming from the public Internet to one of our users) on a certain port-range so that we can identify which user was responsible for the traffic that caused the complaint. (sharing content, which we assume means the traffic started with a connection from the outside TO our users)

Specifically, the complaint will include:

* datetime

* port

* IP of our server

Using that information, we now want to use logs to identify which of the private IPs assigned to our users caused that traffic.

Your deliverables:

1) iptables firewall rules to log this kind of traffic

2) configured on our test server, and confirmed to be working by you logging onto our VPN, using a bittorrent client, and your *sharing* traffic being identified in the logs.

3) a brief doc with the exact steps we need to perform to deploy your solution ourselves to another server

4) be on stand-by until we've deployed this to a live server and confirmed it's working. (we can deploy immediately, then we may need to wait a few days for the next movie-complaint to come in and confirm we can identify the user)

In the detailed description for this project we've included the iptables rules we've already configured, what we've already tried and what hasn't worked so far.

In your bid, please confirm:

1) your level of confidence in being able to achieve this... have you done anything similar before? how familiar are you with p2p protocols and OpenVPN?

2) estimated completion date

## Deliverables

**Here's the existing firewall configuration on our server:

**

sudo iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o eth0 -j MASQUERADE

This is used for the VPN to work as a proxy.

sudo iptables -A FORWARD -o eth0 -p tcp --dport 25 -j DROP (drop port 25)

To drop port 25 traffic and prevent email spam

**What we've tried so far to identify peer-to-peer content sharing, but this has failed to log any of the traffic we want:**

#vars

IPT=/sbin/iptables

#the portrange that is logged

#suspect ports

SUSPECTPORTS=6881:6883,51413

WATCHPORTS=6884:59999

#script

# the nat port is logged

$IPT -A OUTPUT -t nat -d 10.10.0.0/24 -p tcp -m multiport --dports $WATCHPORTS -j LOG --log-prefix 'POSIBLE_NAT_TORRENT:' --log-level 4

#certain torrent traffic is logged as CERTAIN bittorent traffic

/sbin/iptables -A INPUT -j LOG --log-prefix 'CERTAIN_TORRENT:' --log-level 4 -p tcp -m multiport --dports $SUSPECTPORTS -m string --algo bm --string info_hash

#/sbin/iptables -A INPUT -j DROP -p tcp -m multiport --dports $SUSPECTPORTS -m string --algo bm --string info_hash

/sbin/iptables -A INPUT -j LOG --log-prefix 'CERTAIN_TORRENT:' --log-level 4 -p tcp -m multiport --dports $SUSPECTPORTS -m string --algo bm --string [url removed, login to view]

#/sbin/iptables -A INPUT -j DROP -p tcp -m multiport --dports $SUSPECTPORTS -m string --algo bm --string [url removed, login to view]

#suspect torrent traffic is logged only as posible bittorrent

/sbin/iptables -A INPUT -j LOG --log-prefix 'POSIBLE_TORRENT:' --log-level 4 -p tcp -m multiport --dports $WATCHPORTS -m string --algo bm --string info_hash

/sbin/iptables -A INPUT -j LOG --log-prefix 'POSIBLE_TORRENT:' --log-level 4 -p tcp -m multiport --dports $WATCHPORTS -m string --algo bm --string [url removed, login to view]

Habilidades: Engenharia, Linux, MySQL, PHP, Arquitetura de software, Teste de Software

Ver mais: string prefix, string j, script php proxy web, prefix problem, prefix string, m string, iptables p2p, has algo, email tcp, deploy script, iptables openvpn, sue, sharing content, port forward, peer to, openvpn linux, nat ports, linux openvpn, linux firewall, iptables, complaint project, how complaint, firewall configuration , bm

Acerca do Empregador:
( 52 comentários ) Newark, United States

ID do Projeto: #3005698

4 freelancers estão ofertando em média $62 para este trabalho

medicvw

See private message.

$34 USD in 5 dias
(357 Comentários)
6.5
r0nysl

See private message.

$42.5 USD in 5 dias
(30 Comentários)
5.5
blueflare

See private message.

$85 USD in 5 dias
(11 Comentários)
4.2
TarasV

See private message.

$85 USD in 5 dias
(0 Comentários)
0.0