nProbe
nProbe copied to clipboard
ntop
nProbe Cento in Bridge mode : banned hosts are not blocked
Our nProbe Cento version is: banned_allowed.zip
sudo cento-bridge --version
v.1.18.230113
Built OS: Ubuntu 18.04.6 LTS
System Id: L12030D0200000792--U12030D0288924EBB--OL
GIT rev: 1.18-stable:fd21960eff2b6e8a982905afff5d4cc93adba35b:20230113
License: A6ooFU9tOYlxJucJ1kWEXMyplTIwW9TPhqGphubx+hqEtv7Y/fuuIK8eydrpS/Di
0oP8CIEfMElXlKLpSOueLzjX5+o9NQ4lbexJU17o+e9PSFRNyL8l/rTHMQSF22Rc
AZied00KOTvzAr7GlR16HxoKKdKtRWn1QfYWUQPAamZvH7LnmQgavMz9SqJE7pnO
za4ATg3H0eAGv0Joww4xCJfTIk0DmTdeMWm6fuO6qLEnYhgabgVTVHC8fmeWzzV3
MRrS8pVShgAH1ojhDCekUEIQ9OoLDt0nnOmzyTn554n4cBTBPchVxbBphLGAommY
RHSVEA5iMNmj0gGf6JolUA==
License Hash: 80F15EBC2E2F46036A77877E04B05FCE1674571903FBB1CF23 [valid license]
License Type: Time-limited License
Lic. Duration: Until Tue Jan 24 15:51:43 2023 [6 days left]
Right now we have the following issue with nProbe Cento: cento is standing as a bridge between two different physical interfaces (eth0 and eth1). It forwards client's traffic to the internet with filtering capabilities. In order to filter blocklisted website (website id is defined as HTTP Host or TLS SNI) we've configured the following:
# cat bridge.conf
[bridge]
default = forward
banned-hosts = discard
# cat banned.example
[example.org](http://example.org/)
[google.com](http://google.com/)
[www.google.com](http://www.google.com/)
# cento execution:
sudo cento-bridge -i eth0,eth1 --bridge-conf bridge.conf --banned-hosts banned.example --dpi-level 2
However we're out of success: specified banned hosts are not blocked what we can check this out by executing the cmd on the client side (that's a separate virtual machine):
curl -L [example.org](http://example.org/)
curl -L [google.com](http://google.com/)
curl -L [www.google.com](http://www.google.com/)
We expect that HTTP(S) requests to the hosts specified in banned.example should be discarded (dropped) but this does not happened.
The pcap file is attached.
