How to deploy WFilter with tomato router?

Leave a reply

The “–tee” option of iptables can mirror network packets to a target ip address. With this feature, you can deploy monitoring easily when you have an embed Linux router.

In this tutorial, we will guide you to deploy WFilter using a Tomato router(firmware version: v1.28).

1. Enable SSH login in Tomato

Enable “SSH Daemon” in “Administration” – “Admin Access”.

2. Login into your Tomato router.

Login into your Tomato router using any ssh client.

3. Enable the ipt_ROUTE module.

For “–tee” option to work, you need to enable the “ipt_ROUTE” module, which is not enabled by default.

4. Add the iptables rule for packet forwarding.

In this example, we forward packets to “192.168.1.100″.

5. List and verify iptables rules.

You can list your iptables rules to check whether this rule is successfully added.

6. Add startup script.

If you want this rule to exist after router rebooting, you need to add these two commands into the startup scripts in “Administration – Scripts”.

modprobe ipt_ROUTE

iptables -A PREROUTING -t mangle -j ROUTE –gw 192.168.1.100 –tee


7. Check your WFilter settings.

Please notice, “iptables” will not forward original mac addresses of packets. Therefore, you can not use “by mac address” monitoring mode of WFilter, use “by ip address” instead.

Done.

WFilter deployment with a network tap.

Leave a reply

1. What is network tap?

Network tap is also a good way to monitor network traffic. Comparing to “port mirroring” switch, it has several advantages:

  1. Handy and flexible, requires no power supply.
  2. Once a network tap is in place, the network can be monitored without interfering with the network itself.
  3. Low cost, you even can dry it by yourself.

Guide to make a network tap can be found at below links:

  1. Throwing Star LAN Tap
  2. Building an Ethernet Tap
  3. Throwing Star LAN Tap
  4. Create a passive network tap for your home network

The disadvantages of network tap:

  1. Can not monitor gigabit networks. Requires “filterable tap”.
  2. The monitoring port does not allow outgoing traffic. Therefore you need three network cards in the monitoring computer, two for monitoring, another for communication.

This blog will guide you to deploy WFilter with “Throwing Star LAN Tap”.

2. Deploy the LAN Tap.

First, you need to attach three network cards in the monitoring computer.

In this example, this lan tap is connected between the router and first switch(J1 and J2). Monitoring ports J3 and J4 are connected to two adapters of the monitoring computer.

Actually it does not require ip address for the monitoring adapters. In this example, we assign “192.168.1.181″, “192.168.1.182″ to the two monitoring adapters(Assigning an ip address makes it easier for us to identify the adapter in WFilter). The third adapter is assigned with “192.168.2.189″.

3. Setup WFilter

Check the two monitoring adapters in “System Settings”->”Monitoring Settings”. The blocking adapter shall be choosed as the third adapter for sending blocking packets.

Now we’re able to monitor client computers. You will notice that one monitoring adapter only get incoming packets, while another adapter only get outgoing packets. This is how network tap is designed.


Client computers also can be blocked.

WFilter deployment with openwrt router.

Leave a reply

1. Openwrt Introduction

OpenWrt is a highly extensible GNU/Linux distribution for embedded devices. As a third party firmware, openwrt can extend your wireless router into a powerful Linux system. With openwrt, even if your router hardware does not support “port mirroring” function, you can also enable traffic mirroring by software mirroring.

This blog will guide you to install “port-mirroring” program in your openwrt router and deploy WFilter for internet monitoring and filtering. We assume you already has an openwrt router, if not, please check openwrt homepage to get the latest firmware.

2. Port-mirroring program

Port-mirroring is an open source project sponsored by IMFirewall Software, it is designed to mirror network traffic on linux systems.

2.1. Installation

For detailed installation guide, please check Port-mirroring open source packet mirroring. In this guide, let’s take linksys wrt54g router as an example (with openwrt backfire firmware). Steps:

a). Update openwrt package list.

b). Install the port-mirroring program

opkg install http://port-mirroring.googlecode.com/files/port-mirroring_1.2-1_backfire_brcm47xx.ipk.

2.2. Configuration

You need to edit /etc/config/port-mirroring to set the mirroring target and mirrored source interfaces.

In this example, we choose “wlan0″ wireless adapter as the mirrored source interface.

2.3. Start Port-mirroring

/etc/init.d/port-mirroring start

3. Check monitoring in WFilter

Now WFilter shall be able to monitor client computers.

How to block udp ports 1024-65534 in dd-wrt router?

Leave a reply

This blog will guide you to block internet udp ports 1024-65534 in your dd-wrt router. This is required for WFilter p2p blocking in pass-by filtering mode.

Click “Add/Edit Service” in “Access Restrictions”



Add a port service with udp ports range 1024-65534

Enable blocking of this new service.

In “Blocked Services”, enable blocking of this new defined service.

Done. Now certain udp ports are blocked.

How to block udp ports 1024-65534 in openwrt router?

Leave a reply

This blog will guide you to block internet udp ports 1024-65534 in your openwrt router. This is required for WFilter p2p blocking in pass-by filtering mode.

Click “Add Entry” in “Network”->Firewall”->”Traffic Control”

Define the blocking rule

The destination port shall be “1024-65534″.

Done, now you can check the blocking policy in iptables list.

How to block pps streaming movies in iphone and android?

Leave a reply

WFilter can block online streaming traffic in your network, even for mobile devices. In this tutorial we will guide you to block pps streaming in iphone and android with WFilter 4.0.

Create a “block PPS” policy

Apply this policy to certain devices

Check blocking

PPS in android is now unavailable.

PPS in iphone becomes infinite loading.

Blocking events in WFilter.

How to deploy WFilter free with mikrotik routerOS(ROS)?

Leave a reply

The “packet streaming” feature in RouterOS can send network packets to a network parser for analysis. In case when you don’t have a manageable switch, you can enable this feature for WFilter to monitor and filter network computers.

In this blog, I will demonstrate you to set up WFilter free for web filtering with RouterOS.

Enable Packet Streaming

In “Tools”->”Packet Sniffer”, choose the lan interface as the sniffer interface.

Set the WFilter server ip as the streaming server

Done, now you shall be able to monitor all network computers in WFilter Free or WFilter Enterprise.

Let’s add a blocking policy to check.

First, add a blocking level.

Block web surfing

Second, apply this blocking policy to target ip range.

Check blocking

Management of multiple deparments in WFilter

Leave a reply

You may use WFilter to setup internet access policies for network computers. However, it could be a very complicated mission for IT department to set the policies when you have a lot of departments and users.

In this case, the solution is to setup multiple WFilter operators for departments. Each operator only can set policies for users in certain departments. For example, department manager has the privilege to set internet policies for department staffs.

In this topic, I will guide you to manage multiple operators in WFiler Enteprise 4.0.

1. Add departments

You can add departments in Policy Settings->Department Settings

2. Add operators

Add operators in System Settings->Manage Operators.

The “Supervising Dept.” defines the users whom this operator can see and configure. You also can define the WFilter menu for each operator.

3. Policy Settings

You can define departments’ ip ranges in “Default Ip Policy”. So ip addresses will be added to certain deparment automatically.

4. Operator Features

In “User-computer table”, operator can only see users in its “Supervising Dept.”.

You can schedule standard reports to be sent to the department managers.

Block video websites with WFilter 4.0 version.

Leave a reply

Online audio/video streaming can consume most of your bandwidth. To save your bandwidth, you might want to block online steaming traffic on your network.

Online streaming can run on different protocols:

  1. Video websites like youtube. You can watch video directly on the webpages.
  2. Standard Real Time Streaming Protocol(RTSP).
  3. P2P based streaming products, like pplive, ppstream.
  4. Video downloading websites.

Therefore, for complete blocking of online streaming, you need to setup several policies.

1. Block streaming webpages

You can block video webpages by check “Block Online HTTP Video and Downloading of Video Files” in WFilter.

Step1: Enable this blocking option in blocking level settings.

Step2: Apply this policy to computers.

Step3: Check blocked video webpages

Now video webpages are blocked.

2. Block “Streaming Media” website category

WFilter has an url database with most common websites. You can block streaming websites category.

Streaming websites will be blocked.

For more details about WFilter, please check: WFilter Features