Hello! I''ve read this list for almost one month, learnt a lot, solved some of my problems, time to ask. I''ve set up traffic control using iptables with CONNMARK extension, IMQ and HTB. Works quite well for now, but doesn''t recognize P2P. I tried to base selecting this traffic on src/dst ports to no effect. Is there any simple way to detect such traffic? I thought of stringmatch extension for iptables, but I don''t know what to look for. Any suggestions? I''d prefer to have those connections marked for future `tc filter ... handle 54 fw classid 1:154`. And off-topic, but I know some of you can help. I have two 3c905 card in my Linux box. How can I tell 3c59x module, that card on IRQ9 should be eth0 ant that on IRQ11 eth1? Now I have it the other way. Greetings -- Jacek Bilski <dino@camelot.homedns.org>
This sounds quite a bit like what I''ve been trying to do regarding IM clients. The solution, if you''re trying to shape P2P traffic anyway, would probably best be solved by the layer7 filter and some appropriate tc rules. http://l7-filter.sourceforge.net But if you''re trying to block them altogether, then you''ve just opted yourself into the ''Find a way to block layer 7 packets with tc'' club. We don''t have many members, and we haven''t even come close to attaining the goal, but the picnics are fun. The card problem is definately a fun one, although in my experience linux assigns iface names in the following fashion: PCI (from top (closest to AGP/CPU) to bottom), then Onboard. so usually I just play around with the order of the cards, although I''m sure theres a better way to do it. The networking HOWTO and appropriate mailing lists located here: https://secure.linuxports.com/ will probably help a bit, too. Hope it helps, Derek On Friday 26 September 2003 04:01 pm, Jacek Bilski wrote:> Hello! > > I''ve read this list for almost one month, learnt a lot, solved some of > my problems, time to ask. > > I''ve set up traffic control using iptables with CONNMARK extension, IMQ > and HTB. Works quite well for now, but doesn''t recognize P2P. I tried to > base selecting this traffic on src/dst ports to no effect. Is there any > simple way to detect such traffic? I thought of stringmatch extension > for iptables, but I don''t know what to look for. Any suggestions? I''d > prefer to have those connections marked for future `tc filter ... handle > 54 fw classid 1:154`. > > And off-topic, but I know some of you can help. I have two 3c905 card in > my Linux box. How can I tell 3c59x module, that card on IRQ9 should be > eth0 ant that on IRQ11 eth1? Now I have it the other way. > > Greetings_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello! On sob, 2003-09-27 at 01:16, Derek wrote:> This sounds quite a bit like what I''ve been trying to do regarding IM > clients. The solution, if you''re trying to shape P2P traffic anyway, would > probably best be solved by the layer7 filter and some appropriate tc rules. > > http://l7-filter.sourceforge.netI found that in one of previous posts, yet it doesn''t recognize eDoneky/Overnet which I need.> But if you''re trying to block them altogether, then you''ve just opted > yourself into the ''Find a way to block layer 7 packets with tc'' club. We > don''t have many members, and we haven''t even come close to attaining the > goal, but the picnics are fun.Unfortunately I''m no programmer, so I''ll be of no use. But if those picnics are found to be succesfull I''ll be very interested.> The card problem is definately a fun one, although in my experience linux > assigns iface names in the following fashion: PCI (from top (closest to > AGP/CPU) to bottom), then Onboard. so usually I just play around with the > order of the cards, although I''m sure theres a better way to do it.Thanks, I didn''t know that. Greetings! -- Jacek Bilski <dino@camelot.homedns.org>
On Friday 26 September 2003 04:31 pm, Jacek Bilski wrote:> Hello!Hi!> > (snip)> I found that in one of previous posts, yet it doesn''t recognize > eDoneky/Overnet which I need.Well, I suppose I could try to find a pattern.. I use Overnet at home and could probably throw a regex together pretty easily (if the protocol is generic enough).> > (snip)> Unfortunately I''m no programmer, so I''ll be of no use. But if those > picnics are found to be succesfull I''ll be very interested. >Heh, It doesn''t matter if you''re a programmer or not, just let the list know if you''ve found some other way of blocking or restricting layer7 stuff. Since this is the LARTC list, preferrably with iproute2. That''s all I ask :)> > (snip) > > Thanks, I didn''t know that. >No Problem :)> Greetings!Cheers, Derek _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Derek wrote: | The card problem is definately a fun one, although in my experience linux | assigns iface names in the following fashion: PCI (from top (closest to | AGP/CPU) to bottom), then Onboard. so usually I just play around with the | order of the cards, although I''m sure theres a better way to do it. The | networking HOWTO and appropriate mailing lists located here: | | https://secure.linuxports.com/ | | will probably help a bit, too. Actually, there is an effective way around this problem. Find the MAC address for each of your network cards. Pick some names that are meaningful for your interfaces, like ''internal'' and ''external'', or ''LAN'' and ''Internet''. Then reassign those names to your interfaces so that the name ''eth0'' literally becomes ''external'' and ''eth1'' literally becomes ''internal''. You would then simply use your ifconfig or ip addr commands to assign IP addresses and info just like you normally would. I.e., ifconfig internal 192.168.0.1 netmask 255.255.255.0 ... ifconfig external <Internet IP address> ... How to do this, you ask? nameif man nameif is your friend. It comes with the net-tools package under Debian. It should be installed by default on most RedHat and other installs as well. nameif takes the name you want to assign and the MAC address of the device. It will then change the name of the device with the specified MAC address to the name you provide. It apparently only works when the device is available (i.e., loaded as a module or detected by the kernel) and down. I.e., it cannot be in an UP state. With a little experimentation, you can insert the nameif command into your startup scripts and all your problems dissappear. Then it doesn''t matter in what order the kernel detects your devices. - -- Jason A. Pattie pattieja@xperienceinc.com Xperience, Inc. (http://www.xperienceinc.com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQE/eZpouYsUrHkpYtARAgHDAJ9kdOFfHaUZ588wvr2EGBjl+XvevwCfbS7T D1U0o+hsyaQLlF1doUPprWM=cJME -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. Mailscanner thanks transtec Computers for their support. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi,> I found that in one of previous posts, yet it doesn''t recognize > eDoneky/Overnet which I need.there is an iptables extension called IPP2P to filter P2P traffic. It recognizes eDonkey/Overnet and other P2P networks as well. For traffic shaping it has to be used together with CONMARK. Go to http://ilabws13.informatik.uni-leipzig.de/~mai97bwf/delay.html there you''ll find a setup currently in use and at the bottom of this page is the download-link for IPP2P. Hope that helps! Mike -- NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse für Mail, Message, More! +++ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Ehlo! On wto, 2003-09-30 at 23:45, miller69@gmx.net wrote:> Hi, > > > I found that in one of previous posts, yet it doesn''t recognize > > eDoneky/Overnet which I need. > > there is an iptables extension called IPP2P to filter P2P traffic. It > recognizes eDonkey/Overnet and other P2P networks as well. For traffic shaping it > has to be used together with CONMARK. Go to > http://ilabws13.informatik.uni-leipzig.de/~mai97bwf/delay.html there you''ll find a setup currently in use and > at the bottom of this page is the download-link for IPP2P.It''s something I''ll probably like. Now I use CONNMARK extension and IPP2P seems to be remedy for my problems. I don''t want to drop P2P, but to limit it to only take bandwidth that was left by other services. Thanks, I''ll look into in. Greetings! -- Jacek Bilski <dino@camelot.homedns.org>
Wow, That is an awesome module. I definately may be able to use that in the future, thanks :) ... I just wish they had an iptables extension for instant messenger clients, and then I''d be all set :) Thanks again, Derek On Tuesday 30 September 2003 02:45 pm, miller69@gmx.net wrote:> Hi, > > > I found that in one of previous posts, yet it doesn''t recognize > > eDoneky/Overnet which I need. > > there is an iptables extension called IPP2P to filter P2P traffic. It > recognizes eDonkey/Overnet and other P2P networks as well. For traffic > shaping it has to be used together with CONMARK. Go to > http://ilabws13.informatik.uni-leipzig.de/~mai97bwf/delay.html there you''ll > find a setup currently in use and at the bottom of this page is the > download-link for IPP2P. > > Hope that helps! > Mike-- ----------------------- Derek Fedel Network Administrator Ext. 238 Traffic-Power.com "Hence the saying: If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." - Sun Tzu _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/