Hi all !!! I have a firewall bridge (not router) with two nics that filter p2p with ipp2p. All works fine but now I need to add a third nic to route all p2p traffic through this nic. It is that possible with a bridge ? Later (with other server) connect to this nic I do loading balancing with two adsl lines to route all p2p traffic. Any hint ? Any howto ? Thanks in advance. roberto -- Ing. Roberto Pereyra ContenidosOnline Looking for Linux Virtual Private Servers ? Click here: http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56
This is not possible because ipp2p does not match every p2p packet but only some essential signaling packets. By filtering these packets, the p2p client cannot estabilish connections to transfer data, and that''s how it filters it. Sometimes, ipp2p ''discovers'' that this is a p2p related connection after the connection has been established, and then drops the signaling packets. And since you are not an AS and you have one different address per connection, you cannot route packets with a different source address than the one the connection has been established. I have a different approach on this, it is not a perfect soulution, but it work quite well on some enviroments: I route all the traffic through one NIC (the garbage p2p connection) and then (with iptables or u32) direct the important traffic by port (HTTP, FTP, IRC, MSN, DNS, SMTP, POP, etc) through the other NIC (the non-p2p connection). Then I filter (with ipp2p) the p2p traffic on the non-p2p NIC because some p2p clients try to mask the connections as it were these services. This works quite well, but you need to know every service your clients use. I use this on a router, I never tested this with a bridge, but it may work too. -- Marco On 1/17/07, Roberto Pereyra <pereyra.roberto@gmail.com> wrote:> > Hi all !!! > > I have a firewall bridge (not router) with two nics that filter p2p with > ipp2p. > > All works fine but now I need to add a third nic to route all p2p traffic > through this nic. > > It is that possible with a bridge ? > > Later (with other server) connect to this nic I do loading balancing > with two adsl lines to route all p2p traffic. > > Any hint ? > > Any howto ? > > Thanks in advance. > > roberto > > > -- > Ing. Roberto Pereyra > ContenidosOnline > Looking for Linux Virtual Private Servers ? Click here: > http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56 > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc >-- Marco _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Thanks Marco. Very useful your reply. Roberto 2007/1/18, Marco Aurelio <marco.casaroli@gmail.com>:> This is not possible because ipp2p does not match every p2p packet but only > some essential signaling packets. By filtering these packets, the p2p client > cannot estabilish connections to transfer data, and that''s how it filters > it. > > Sometimes, ipp2p ''discovers'' that this is a p2p related connection after > the connection has been established, and then drops the signaling packets. > > And since you are not an AS and you have one different address per > connection, you cannot route packets with a different source address than > the one the connection has been established. > > I have a different approach on this, it is not a perfect soulution, but it > work quite well on some enviroments: > > I route all the traffic through one NIC (the garbage p2p connection) and > then (with iptables or u32) direct the important traffic by port (HTTP, FTP, > IRC, MSN, DNS, SMTP, POP, etc) through the other NIC (the non-p2p > connection). Then I filter (with ipp2p) the p2p traffic on the non-p2p NIC > because some p2p clients try to mask the connections as it were these > services. This works quite well, but you need to know every service your > clients use. > > I use this on a router, I never tested this with a bridge, but it may work > too. > > -- Marco > > > On 1/17/07, Roberto Pereyra <pereyra.roberto@gmail.com> wrote: > > > > Hi all !!! > > > > I have a firewall bridge (not router) with two nics that filter p2p with > ipp2p. > > > > All works fine but now I need to add a third nic to route all p2p traffic > > through this nic. > > > > It is that possible with a bridge ? > > > > Later (with other server) connect to this nic I do loading balancing > > with two adsl lines to route all p2p traffic. > > > > Any hint ? > > > > Any howto ? > > > > Thanks in advance. > > > > roberto > > > > > > -- > > Ing. Roberto Pereyra > > ContenidosOnline > > Looking for Linux Virtual Private Servers ? Click here: > > > http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56 > > _______________________________________________ > > LARTC mailing list > > LARTC@mailman.ds9a.nl > > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > > > > > > -- > Marco-- Ing. Roberto Pereyra ContenidosOnline Looking for Linux Virtual Private Servers ? Click here: http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56