similar to: a bug ?

Hi.... I''m trying to setup a LAN router with P2P filter but the problem is that can''t "catch" Ares. There is a way to DROP "ares" p2p packets ? I''ve tried with last "ipp2p" snapshot without sucess... I''ve Kernel 2.4.28 iptables 1.3.0 Various Patches from patch-o-matic-ng-20040621 iproute2-ss020116 IMQ Patch Esfq Patch

Hey, one more question for ipp2p iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j MARK --set-mark 7 iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark iptables -t mangle -A DSL-IN -p udp -m ipp2p --ipp2p -j MARK

I am trying to get IPP2P working on my router. Thus far I can see connections being marked (see below), but they don''t seem to get saved or something. When looking at /proc/net/ip_conntrack, nothing has anything other than 0 for mark. The iptables commands for this are: iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j

Hi, I want to classify with ipp2p packets that I''ve captured with tcpdump. I send the packets with tcpreply. I had to create a bridge interface in order to enable the listening interface in promiscous mode and to classify the traffic mirrored to that. In this mode the traffic pass through the prerouting chain of the mangle table (on bridge). I want to used connmark for recognized flows,

Hi All, It''s an old problem and still isn''t fixed :( I need the connection marking support to enable the triplet of ISP''s we use. However, I downloaded the latest 2.6.22.1 kernel, made an RPM and installed it. I see the following kernel modules (which looks promising): /lib/modules/2.6.22.1/kernel/net/netfilter xt_connmark.ko xt_CONNMARK.ko Which yields the

Ok, earlier I post a message explaining my problem with HTB and layer7 (or ipp2p), about not being able to shape the traffic. Well, actually this is what''s happening, I''m marking the packets (right now, I''m using ipp2p as Klaus adviced me to) with iptables, and my queue rules are made using tcng, I''m using the HTB qdisc, and traffic is going to the HTB class

I am trying to apply the new :T flag in tcrules. the man page for this file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT. this doesn''t seem to work on my setup. I have in tcrules : ------------------------------------------------------------------------ RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE:T 0.0.0.0/0 0.0.0.0/0

Hello, I am trying to shape p2p trafik to 256kbps on my dsl line. I wrote this set of commands: DEV=eth2 ip link set imq0 up tc qdisc add dev imq0 root handle 1:0 htb default 21 r2q 2 tc class add dev imq0 parent 1:0 classid 1:1 htb rate 530kbit tc class add dev imq0 parent 1:1 classid 1:20 htb rate 530kbit ceil 530kbit prio 0 tc class add dev imq0 parent 1:1 classid 1:21 htb rate 64kbit

Hello...I have a Slackware based machine doing routing & QoS for my internal LAN users... It has two interfaces: eth1(100mbps) that connects to the aDSL modem(USR 9105) and eth0(100mbps) that connects to my local LAN... I''am using shorewall as a firewall...i think it''s configured well as it''s working as i want and i pass all the online firewall tests... :D All lan

Hello all, I am having some difficults to make a routing rule work. I want that every P2P packages go to one interface (eth2 - cheaper link) nad the rest of the traffic go to another interface (eth0 - frame relay very expensive). I am using this script to make the mark and balance: ------- #!/bin/bash IPT="/usr/local/sbin/iptables" IP="/sbin/ip" #---- # Declara redes #----

When I start my script: * - Creating classes on br1 for upload control ... * - tc class add dev br1 parent 2:0 classid 2:46 hfsc ls m1 576.0Kbit d 2000ms m2 192.0Kbit ul m2 384Kbit ... [ ok ] * - tc class add dev br1 parent 2:46 classid 2:47 hfsc sc umax 1500b dmax 30ms rate 80Kbit . [ ok ] * - tc class add dev br1 parent 2:46 classid 2:48 hfsc ls m2 152.0Kbit ul m2 152.0Kbit

Hi all, I''m tring to isolate P2P traffic, specifically BitTorrent, for my QoS scripts. I can''t seem to completely isolate ALL BitTorrent traffic. I identify & mark packets and then use tc filters to put them into appropriate classes. My firewall rules (below) do the markings. My VoIP boxes'' and ICMP traffic get highest priority (mark 1). Then comes DNS, SSH,

Sorry for making this a cross-post, but the pressure is on for getting this bandwidth shaper working. I have an interesting dilemma with bi-directional packet classification while doing ACK prioritization. This is an overly simplified summary of my setup: Internet | Eth0 | Router | Eth1 | Intranet A client on the Intranet establishes a flow to a server on the Internet. Packets get

Hello, some days ago, I was asking for help here about not able to do anything when I had bittorrent running, I will post the problem here: I''m using ipp2p to mark p2p packets, and then send them with -j CLASSIFY to the correct HTB class, I see traffic in the class when I start azurerus, and traffic does get shaped, but then I''m still not able to surf the web nor chat nor

I have two (interconnected) questions: First of all, I''m trying to use IPP2P to classify my P2P traffic and give it a lower network priority. I''ve already successfully built IPP2P into iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but it''s confusing me. Using the documentation for normal tcrules in 3.0

Hello, I''m blocking/limiting succesfully all P2P activity on our corporate network using linux/ipp2p/connmark. That is, until now. For my colleagues have found a new p2p client to wreck havoc on our DSL line: ARES/WAREZ It seems to be a gnuttela clone, but different enouph for ipp2p not to identify it. I played around a bit with tcpflow with no success of finding

Hello, its me again, I won''t stop sending emails to this list, until I solve this problem, I''ve tried several apps to create the right htb rules (even made them my self), but I always get the same results, traffic gets shaped, but I can''t use my bandwidth, and this is weird, because I should be able to, also I keep seeing download being limited too, and that

Hi! I''m wondering whether anyone has successfully set up a bandwidth control system using ipp2p and shorewall. I have been able to drop connecions altogether, but I don''t seem to be able to get CONNMARK working with ipp2p. Any pointers would be greatly appreciated :) ______________________________ Mario R. Pizzolanti

Hello all, I am trying to configure a linux box to make some QoS into my netowork and, at the same box, control my clients bandwidth. I have this classes created: ---------------------------------------------------------------- UP="eth0" # wan infocontabil DL01="eth2" # lan clientes $TC qdisc del dev $DL01 root 2> /dev/null >

Hello everyone, I want an opinion from people who tryed different matching modules to match diferent types of traffic, especially p2p ones. I would like to hear which scales better as CPU usage and latency : ipp2p, iptables-p2p or l7-filter with the p2p patterns. I want to use one of them to block most of p2p (except maybe dc++ and emule which i want to shape). I would use the matching rules in