LARTC - Oct 2005 - Problems with ipp2p

On Thursday 06 October 2005 23:40, Carlos Rosero wrote:
> iptables: No chain/target/match by that name
> but if I use iptables -m ipp2p -help I get the help page:
> So I don''t know what is wrong.
The help page is provided by the iptables module, but the functionality is 
in the kernel, so I guess the error message means the kernel module is not 
loaded. I can''t check right now, but I think it was called ipt_ipp2p.

HTH
Andreas

Hello every body:

 

I have RedHat fedora core 2 machine, using iptables and squid. I am having a
lot of problems with peer2peer traffic. (bittorrent, kazaa, etc.) so I have
installed ipp2p from rpm.

Every thing was ok until I use iptables rules.  I get this error.

 

[root@router iptables]# iptables -A INPUT -p tcp -m ipp2p --ipp2p -j DROP

iptables: No chain/target/match by that name

sames as:

iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01

 iptables -A FORWARD -m ipp2p --udp --kazaa --bit -j DROP

 iptables -A FORWARD -m ipp2p --tcp --edk --soul -j DROP

same error.

 

but if I use iptables -m ipp2p -help I get the help page:

[root@router iptables]# iptables -m ipp2p --help

iptables v1.2.9

 

Usage: iptables -[AD] chain rule-specification [options]

       iptables -[RI] chain rulenum rule-specification [options]

       iptables -D chain rulenum [options]

.

IPP2P v0.7.1 options:

 --ipp2p        Grab all known p2p packets

 --ipp2p-data   Identify all known p2p download commands (obsolete)

 

 --edk          [TCP&UDP]       All known eDonkey/eMule/Overnet packets

 --dc           [TCP]           All known Direct Connect packets

.

So I don''t know what is wrong. 

 

My system:

 

[root@router iptables]# cat /proc/version 

Linux version 2.6.10-1.771_FC2smp (bhcompile@porky.build.redhat.com) (gcc
version 3.3.3 20040412 (Red Hat Linux 3.3.3-7)) #1 SMP Mon Mar 28 01:10:51
EST 2005

 

Iptables version

iptables-1.2.9-2.3.1

 

Thanks.

 

Carlos



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Hello there, may be you should you:

iptables -t nat -A PREROUTING -p tcp -i $DEV_IN -m ipp2p --ipp2p -j DROP
iptables -t nat -A POSTROUTING -p tcp -o $DEV_OUT -m ipp2p --ipp2p -j DROP

i had some issues trying ipp2p, but when i''ve just put -t nat or -t
mangle
or even -t filter (default for iptables, i guess) it worked very nice


regards

guillermo from argentina

P.D: Sorry Andrea, i sweared i was sending an email to the mailing list instead
of you.-

  ----- Original Message ----- 
  From: Carlos Rosero 
  To: lartc@mailman.ds9a.nl 
  Sent: Thursday, October 06, 2005 6:40 PM
  Subject: [LARTC] Problems with ipp2p


  Hello every body:

   

  I have RedHat fedora core 2 machine, using iptables and squid. I am having a
lot of problems with peer2peer traffic. (bittorrent, kazaa, etc.) so I have
installed ipp2p from rpm.

  Every thing was ok until I use iptables rules.  I get this error.

   

  [root@router iptables]# iptables -A INPUT -p tcp -m ipp2p --ipp2p -j DROP

  iptables: No chain/target/match by that name

  sames as:

  iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01

   iptables -A FORWARD -m ipp2p --udp --kazaa --bit -j DROP

   iptables -A FORWARD -m ipp2p --tcp --edk --soul -j DROP

  same error.

   

  but if I use iptables -m ipp2p -help I get the help page:

  [root@router iptables]# iptables -m ipp2p --help

  iptables v1.2.9

   

  Usage: iptables -[AD] chain rule-specification [options]

         iptables -[RI] chain rulenum rule-specification [options]

         iptables -D chain rulenum [options]

  .

  IPP2P v0.7.1 options:

   --ipp2p        Grab all known p2p packets

   --ipp2p-data   Identify all known p2p download commands (obsolete)

   

   --edk          [TCP&UDP]       All known eDonkey/eMule/Overnet packets

   --dc           [TCP]           All known Direct Connect packets

  .

  So I don''t know what is wrong. 

   

  My system:

   

  [root@router iptables]# cat /proc/version 

  Linux version 2.6.10-1.771_FC2smp (bhcompile@porky.build.redhat.com) (gcc
version 3.3.3 20040412 (Red Hat Linux 3.3.3-7)) #1 SMP Mon Mar 28 01:10:51 EST
2005

   

  Iptables version

  iptables-1.2.9-2.3.1

   

  Thanks.

   

  Carlos



------------------------------------------------------------------------------


  _______________________________________________
  LARTC mailing list
  LARTC@mailman.ds9a.nl
  http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc


_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

Thanks for the advice, how do in know if kernel module is loaded?, and how I
do I load the module?.  
Thanks.


On Thursday 06 October 2005 23:40, Carlos Rosero wrote:
> iptables: No chain/target/match by that name
> but if I use iptables -m ipp2p -help I get the help page:
> So I don''t know what is wrong.
The help page is provided by the iptables module, but the functionality is 
in the kernel, so I guess the error message means the kernel module is not 
loaded. I can''t check right now, but I think it was called ipt_ipp2p.

On Friday 2005-October-07 08:29, Carlos Rosero wrote:
> Thanks for the advice, how do in know if kernel module is loaded?,
lsmod(8)
> and how I do I load the module?.
modprobe(8)

I *strongly* urge you to take some time to acquaint yourself with the 
OS. You''re trying to secure your network against abuse from within; 
this is normally a problem best handled on the political/social level. 
If you want to try to address it as a technical issue, you absolutely 
must know more about it than your users do.

Start with Fedora documentation and branch out into applications and 
generic documentation as needed.
-- 
    mail to this address is discarded unless "/dev/rob0"
    or "not-spam" is in Subject: header