On Thursday 06 October 2005 23:40, Carlos Rosero wrote:> iptables: No chain/target/match by that name > but if I use iptables -m ipp2p -help I get the help page: > So I don''t know what is wrong.The help page is provided by the iptables module, but the functionality is in the kernel, so I guess the error message means the kernel module is not loaded. I can''t check right now, but I think it was called ipt_ipp2p. HTH Andreas
Hello every body:
I have RedHat fedora core 2 machine, using iptables and squid. I am having a
lot of problems with peer2peer traffic. (bittorrent, kazaa, etc.) so I have
installed ipp2p from rpm.
Every thing was ok until I use iptables rules. I get this error.
[root@router iptables]# iptables -A INPUT -p tcp -m ipp2p --ipp2p -j DROP
iptables: No chain/target/match by that name
sames as:
iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
iptables -A FORWARD -m ipp2p --udp --kazaa --bit -j DROP
iptables -A FORWARD -m ipp2p --tcp --edk --soul -j DROP
same error.
but if I use iptables -m ipp2p -help I get the help page:
[root@router iptables]# iptables -m ipp2p --help
iptables v1.2.9
Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
.
IPP2P v0.7.1 options:
--ipp2p Grab all known p2p packets
--ipp2p-data Identify all known p2p download commands (obsolete)
--edk [TCP&UDP] All known eDonkey/eMule/Overnet packets
--dc [TCP] All known Direct Connect packets
.
So I don''t know what is wrong.
My system:
[root@router iptables]# cat /proc/version
Linux version 2.6.10-1.771_FC2smp (bhcompile@porky.build.redhat.com) (gcc
version 3.3.3 20040412 (Red Hat Linux 3.3.3-7)) #1 SMP Mon Mar 28 01:10:51
EST 2005
Iptables version
iptables-1.2.9-2.3.1
Thanks.
Carlos
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Hello there, may be you should you:
iptables -t nat -A PREROUTING -p tcp -i $DEV_IN -m ipp2p --ipp2p -j DROP
iptables -t nat -A POSTROUTING -p tcp -o $DEV_OUT -m ipp2p --ipp2p -j DROP
i had some issues trying ipp2p, but when i''ve just put -t nat or -t
mangle
or even -t filter (default for iptables, i guess) it worked very nice
regards
guillermo from argentina
P.D: Sorry Andrea, i sweared i was sending an email to the mailing list instead
of you.-
----- Original Message -----
From: Carlos Rosero
To: lartc@mailman.ds9a.nl
Sent: Thursday, October 06, 2005 6:40 PM
Subject: [LARTC] Problems with ipp2p
Hello every body:
I have RedHat fedora core 2 machine, using iptables and squid. I am having a
lot of problems with peer2peer traffic. (bittorrent, kazaa, etc.) so I have
installed ipp2p from rpm.
Every thing was ok until I use iptables rules. I get this error.
[root@router iptables]# iptables -A INPUT -p tcp -m ipp2p --ipp2p -j DROP
iptables: No chain/target/match by that name
sames as:
iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01
iptables -A FORWARD -m ipp2p --udp --kazaa --bit -j DROP
iptables -A FORWARD -m ipp2p --tcp --edk --soul -j DROP
same error.
but if I use iptables -m ipp2p -help I get the help page:
[root@router iptables]# iptables -m ipp2p --help
iptables v1.2.9
Usage: iptables -[AD] chain rule-specification [options]
iptables -[RI] chain rulenum rule-specification [options]
iptables -D chain rulenum [options]
.
IPP2P v0.7.1 options:
--ipp2p Grab all known p2p packets
--ipp2p-data Identify all known p2p download commands (obsolete)
--edk [TCP&UDP] All known eDonkey/eMule/Overnet packets
--dc [TCP] All known Direct Connect packets
.
So I don''t know what is wrong.
My system:
[root@router iptables]# cat /proc/version
Linux version 2.6.10-1.771_FC2smp (bhcompile@porky.build.redhat.com) (gcc
version 3.3.3 20040412 (Red Hat Linux 3.3.3-7)) #1 SMP Mon Mar 28 01:10:51 EST
2005
Iptables version
iptables-1.2.9-2.3.1
Thanks.
Carlos
------------------------------------------------------------------------------
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Thanks for the advice, how do in know if kernel module is loaded?, and how I do I load the module?. Thanks. On Thursday 06 October 2005 23:40, Carlos Rosero wrote:> iptables: No chain/target/match by that name > but if I use iptables -m ipp2p -help I get the help page: > So I don''t know what is wrong.The help page is provided by the iptables module, but the functionality is in the kernel, so I guess the error message means the kernel module is not loaded. I can''t check right now, but I think it was called ipt_ipp2p.
On Friday 2005-October-07 08:29, Carlos Rosero wrote:> Thanks for the advice, how do in know if kernel module is loaded?,lsmod(8)> and how I do I load the module?.modprobe(8) I *strongly* urge you to take some time to acquaint yourself with the OS. You''re trying to secure your network against abuse from within; this is normally a problem best handled on the political/social level. If you want to try to address it as a technical issue, you absolutely must know more about it than your users do. Start with Fedora documentation and branch out into applications and generic documentation as needed. -- mail to this address is discarded unless "/dev/rob0" or "not-spam" is in Subject: header