Setup aMule's Webserver on CentOS

Although there is a RPM of aMule for RHEL5 and CentOS, it has only aMule main program. If you would like to remote control your aMule server, you must have aMuleWeb installed. For CentOS users, you have to compile the sourcecode of aMule by yourself because aMuleWeb is compiled at the same time you compile aMule by using the --enable-amuleweb flag when you run configure.

1. Download sourcecode from http://www.amule.org/files/files.php?cat=34 and extract it
2. Install below packages for compiling environment
zlib-devel, wxGTK-devel, gettext-devel, gcc-c++
3. Check http://www.amule.org/wiki/index.php/Configure for all available parameters
./configure --prefix=/usr --enable-webserver --enable-amulecmd --enable-amule-daemon --enable-cas --enable-wxcas --enable-alc --enable-alcc
4.

make # It takes much long time
make install

5. Run aMule from desktop or shell
6. Go to "Preferences"
Enable "Accept External Connections"
Enter a password for External Connections. This is for external programs like amulecmd and amulegui
Enable "Run amuleweb on startup"
Type a password into "Full right" field. This is the password that you want to type when you login
7. Restart aMule in order to make the changes to take effect.
8. Remember to open 4711 port of the firewall so that you can open aMuleWeb in a browser by entering the URL, http://ip:4711

To handle RAR files on CentOS


yum install rar unrar

After installing the two packages, your default archive manager will support RAR format

Set an alarm at a specified time on CentOS


at 23:00 2005-09-15
at> /usr/local/bin/alarm
at> ..
at> # multiple commands can be executed at same time
at> ..
at> <EOT> # pressing CTRL + D means save and exit


atq #lists the user's pending jobs


ERROR 400: Bad Request while MoBlock try to wget level1.gz list

This is caused by the server for that list not working with wget's time-stamping option ( parameter -n )
A workaround is to update the list manually without time-stamping:

cd /var/spool/moblock/cache/dl/
wget http://www.bluetack.co.uk/config/level1.gz

then run the guardian.p2p rebuild process

Rebuild the blocklist of MoBlock on CentOS


# stop service first
/sbin/service moblock stop
#after updating /etc/moblock/lists or whitelist
/etc/cron.daily/moblock reload
#start MoBlock
/sbin/service moblock start


Add an ip or a range to the whitelist of MoBlock on CentOS

1. if there's an IP address you need to whitelist, find the entry in /etc/moblock/guarding.p2p, for example:

FooBar, inc:192.0.34.164-192.0.34.168

2. you need to make a basic regular expression for grep from this line and put it in /etc/moblock/whitelist. To match the exact line, you need to put a backslash (\) before every metacharacter (\, ., ^, $, [) and put a caret ^ at the beginning and a dollar sign $ at the end. In this example, a valid expression is:

^FooBar, inc:192\.0\.34\.164-192\.0\.34\.168$

see the manpages for grep for more information.

Install PeerGuardian Linux on CentOS

1. yum install libnfnetlink-devel
2. download latest libnetfilter_queue from http://www.netfilter.org/projects/libnetfilter_queue/downloads.html
3. tar -jxvf libnetfilter_queue-0.0.13.tar.bz2
4. change to the directory where you extracted the file then execute

./configure
make
make install

5. mv /usr/local/lib/libnetfilter_queue* /usr/lib
6. download MoBlock from http://moblock.berlios.de/
7. tar -jxvf MoBlock-0.8-i586.tar.bz2
8. in the directory where you extracted the files, build MoBlock with:

make
make install

9. mkdir /etc/moblock
10. vi /etc/moblock/lists

# find various blocklist from
# http://www.bluetack.co.uk/forums/index.php?act=dscriptca&CODE=viewcat&cat_id=4
http://www.bluetack.co.uk/config/level1.gz

11. touch /etc/moblock/whitelist
12. vi /etc/init.d/moblock ( edit the WHITE_... variables to whitelist certain ports. )

#!/bin/sh
#
# moblock This shellscript takes care of starting and stopping moblock.
#
# chkconfig: 345 30 70
# description: MoBlock is a application that enables you to block internet \
# traffic based on large lists of ip address ranges in order to \
# protect your privacy.
# processname: moblock
#

ACTIVATE_CHAINS=1
MODE="nfq"
WHITE_TCP_IN=""
WHITE_UDP_IN=""
WHITE_TCP_OUT="21 22 80 110 443"
WHITE_UDP_OUT="123"
WHITE_TCP_FORWARD=""
WHITE_UDP_FORWARD=""

PIDF="/var/run/moblock.pid"
LIST="/etc/moblock/guarding.p2p"
PRG="moblock"
LOG="/var/log/$PRG"
BIN="/usr/bin/$PRG"
CMD="$BIN -p $LIST $LOG >/dev/null &"


# Source function library.
. /etc/rc.d/init.d/functions


fail () {
failure "$2"
echo
[ -n "$1" ] && echo "$1"
}

iptables_init () {
if [ $MODE == "ipq" ]; then
modprobe ip_queue
TARGET="QUEUE"
elif [ $MODE == "nfq" ]; then
modprobe ipt_NFQUEUE
TARGET="NFQUEUE"
fi;
modprobe ipt_state
iptables -N MOBLOCK_IN
iptables -N MOBLOCK_OUT
iptables -N MOBLOCK_FW
if [ $ACTIVATE_CHAINS -eq 1 ]; then
iptables -I INPUT -p all -m state --state NEW -j MOBLOCK_IN
iptables -I OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
iptables -I FORWARD -p all -m state --state NEW -j MOBLOCK_FW
fi;
iptables -I MOBLOCK_IN -p all -j $TARGET
iptables -I MOBLOCK_OUT -p all -j $TARGET
iptables -I MOBLOCK_FW -p all -j $TARGET

for PORT in $WHITE_TCP_OUT; do
iptables -I MOBLOCK_OUT -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_OUT; do
iptables -I MOBLOCK_OUT -p udp --dport $PORT -j ACCEPT
done

for PORT in $WHITE_TCP_IN; do
iptables -I MOBLOCK_IN -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_IN; do
iptables -I MOBLOCK_IN -p udp --dport $PORT -j ACCEPT
done

for PORT in $WHITE_TCP_FORWARD; do
iptables -I MOBLOCK_FW -p tcp --dport $PORT -j ACCEPT
done
for PORT in $WHITE_UDP_FORWARD; do
iptables -I MOBLOCK_FW -p udp --dport $PORT -j ACCEPT
done

# Loopback traffic fix
iptables -I INPUT -p all -i lo -j ACCEPT
iptables -I OUTPUT -p all -o lo -j ACCEPT
}

iptables_reset () {
if [ $ACTIVATE_CHAINS -eq 1 ]; then
iptables -D INPUT -p all -m state --state NEW -j MOBLOCK_IN
iptables -D OUTPUT -p all -m state --state NEW -j MOBLOCK_OUT
iptables -D FORWARD -p all -m state --state NEW -j MOBLOCK_FW
fi;
iptables -D INPUT -p all -i lo -j ACCEPT
iptables -D OUTPUT -p all -o lo -j ACCEPT
iptables -F MOBLOCK_IN
iptables -X MOBLOCK_IN
iptables -F MOBLOCK_OUT
iptables -X MOBLOCK_OUT
iptables -F MOBLOCK_FW
iptables -X MOBLOCK_FW
}

start () {
echo -n $"Starting MoBlock: "
if ! [ -x $BIN ]; then
fail "Can't execute $BIN" "$PRG startup"
return 1
fi;
if ! [ -f $LIST ]; then
fail "Can't find $LIST" "$PRG startup"
return 1
fi;
if [ -f $PIDF ]; then
PID=`cat $PIDF`
if ps -p $PID >/dev/null; then
fail "$PIDF exists and $PRG is running." "$PRG startup"
return 1
fi;
fi;
iptables_init
daemon "$CMD"
RETVAL=$?
echo
return $RETVAL
}

stop () {
echo -n $"Stopping MoBlock: "
killproc -p "$PIDF" "$PRG"
RETVAL=$?
echo
if ! pidof "$PRG"; then
iptables_reset 2>/dev/null 1>&2
fi;
return $RETVAL
}

case "$1" in
start)
start
;;
stop)
stop
;;
reload)
if [ -f $PIDF ]; then
kill -HUP `cat $PIDF`
RETVAL=$?
fi
;;
restart)
stop
start
RETVAL=$?
;;
condrestart)
# restart only if already running
if [ -f $PIDF ]; then
stop
start
RETVAL=$?
fi
;;
status)
status $PRG
RETVAL=$?
;;
top)
if [ -f $PIDF ]; then
a=""
for i in `pidof $PRG`; do
a="$a -p $i"
done
top $a
fi
;;
*)
echo $"Usage: $0 {start|stop|reload|restart|condrestart|status|top}"
exit 1
esac

exit $RETVAL

13. chmod +x /etc/init.d/moblock
14. vi /etc/cron.daily/moblock

#!/bin/bash

LURLS="/etc/moblock/lists"
WLIST="/etc/moblock/whitelist"
LIST="/etc/moblock/guarding.p2p"

CACHE="/var/spool/moblock/cache"
FMD5=".md5sum"
DLDIR="dl"

RELOADCMD="/sbin/service moblock reload"

acat () {
while read -r -d $'\0' fn; do
if [ "$(head -c 2 "$fn")" = $'\x1f\x8b' ]; then
gunzip -c "$fn"
elif [ "$(head -c 4 "$fn")" = $'\x50\x4b\x03\x04' ]; then
unzip -p "$fn"
else
cat "$fn"
fi
done
}

download () {
MD5SUM=`md5sum "$LURLS" | cut -c -32`
if [ -f "./$FMD5" ]; then
if [ `cat "$FMD5"` != $MD5SUM ]; then
# The list source file has changed.
# Clean the dl directory.
rm "./$DLDIR"/*
fi;
elif [ `ls -A . | wc -l` -gt 0 ]; then
# There's no md5 file, but the directory is not empty.
# Something's wrong, bail out.
echo "$(pwd) is not empty." >/dev/stderr
exit 1
fi;
echo $MD5SUM >"./$FMD5"
wget -nv -N -t 3 -w 1 -T 120 -P "./$DLDIR" -i "$LURLS"
}

reload () {
find "./$DLDIR" -type f -print0 | acat | dos2unix | nice uniq | \
(nice grep -a -v -f "$WLIST" 2>/dev/null || cat) >"$LIST"
$RELOADCMD
}

if ! [ -f "$LURLS" ]; then
echo "Can't find $LURLS" >/dev/stderr
exit 1
fi;
mkdir -p "$CACHE"
pushd "$CACHE" >/dev/null || exit 1
case "$1" in
reload | nodownload)
reload
;;
'' | download)
download
reload
;;
*)
echo $"Usage: $0 [reload]"
exit 1
esac
popd >/dev/null

15. chmod +x /etc/cron.daily/moblock
16. before you can start the MoBlock service, you need to download the lists first

/etc/cron.daily/moblock

17. make MoBlock to start on boot

/sbin/chkconfig --add moblock

18. to control the MoBlock service, use service moblock command, where command is one of the following:
* start – start MoBlock.
* stop – stop MoBlock.
* reload – reload the blocklist, reset the stats and reopen the log file.
* restart – restart MoBlock. Note that this will start MoBlock even if it was not already running.
* condrestart – restart MoBlock if it is already running.
* status – show whether MoBlock is running or not.
* top – show MoBlock's CPU usage, memory usage, etc.