similar to: Traffic Shaping with Shorewall

My home network uses Samba 2.2.7 as a PDC for a windows network running a mix of Win98 and Win2K machines. The domain name is JNCHOME. My office laptop, named MERCURY, is on the PRINCIPIA domain. I successfully configured PRINCIPIA as a trusted network for JNCHOME so that when I connect MERCURY to the JNCHOME network I get full access to all JNCHOME services. This has been working for many

Hi, I''ve a linux as router nat + firewall (POLICY DROP for INPUT OUTPUT and FORWARD) but, I''ve put next rules for p2p software on FORWARD chain [... snip ... ] iptables -F FORWARD iptables -P FORWARD DROP iptables -A FORWARD -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -p tcp --dport 25 -j ACCEPT [... snip ... ] iptables -A FORWARD -m ipp2p --ipp2p -j ACCEPT iptables -A

Hi, I have a setup like this: class 1:1 rate 7600kbit (on a imq device) | |\class 1:10 rate 100kbit ceil 5600kbit prio 7 (here goes p2p traffic) \class 1:12 rate 7500kbit ceil 7600kbit | |\class 1:121 rate 3100 ceil 7500kbit prio 0 |\class 1:122 rate 2200 ceil 7500kbit prio 2 \class 1:123 rate 2200 ceil 7500kbit prio

Hi, I get this error when trying to insmod the ipp2p kernel module: "insmod: error inserting ''ipt_ipp2p.ko'': -1 Invalid module format" in the kernel log: "ipt_ipp2p: disagrees about version of symbol struct_module" Kernel version 2.6.20.4 iptables version: 1.3.5 ipp2p version: 0.8.2 (latest) Anyone tried ipp2p with kernel 2.6.20? Best Regards Niclas

Hello, I''ve been trying to shape the bittorrent traffic (on my external interface, upload), but without luck, for this I''m using layer7 filter right now, but I''ve also tried ipp2p, with the same results, I might say that this is not a problem with this packet classifiers, the problem is with HTB, here''s why. When I open azureus (the bittorrent client I

Hi all, I''m tring to isolate P2P traffic, specifically BitTorrent, for my QoS scripts. I can''t seem to completely isolate ALL BitTorrent traffic. I identify & mark packets and then use tc filters to put them into appropriate classes. My firewall rules (below) do the markings. My VoIP boxes'' and ICMP traffic get highest priority (mark 1). Then comes DNS, SSH,

Greetings, I''ve searched, found ftwall, and some other commercial solutions, but am wondering if anyone on this list has any solutions using a linux firewall to block p2p traffic, more specifically Kazaa. Walter Wickersham _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Ok, earlier I post a message explaining my problem with HTB and layer7 (or ipp2p), about not being able to shape the traffic. Well, actually this is what''s happening, I''m marking the packets (right now, I''m using ipp2p as Klaus adviced me to) with iptables, and my queue rules are made using tcng, I''m using the HTB qdisc, and traffic is going to the HTB class

Hey, one more question for ipp2p iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j MARK --set-mark 7 iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark iptables -t mangle -A DSL-IN -p udp -m ipp2p --ipp2p -j MARK

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there interest in ipp2p support in Shorewall? While the ipp2p code is not part of the standard kernel.org distributions, my experience is that it is very easy to install and I would be willing to provide support for it if there is interest. See http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html for information about ipp2p. - -Tom - -- Tom

Hey list I have almost gotten my shaping setup up and running as planned. The last barrier seems to be tcp overshooting availible bandwidth when its starting a transfer, and thereby bursting the line, so ping rises for a moment. At least this is my best guess at the problem :) There is a possibility that its just plain old traffic being bursty for some reason.. I am using bittorrent to test this,

Hi, I have a typical configuration for my firewall/gateway box: single network card, with a pppoe connection to the DSL modem. I''m already successfully shaping the uplink (how come that the wondershaper.htb doesn''t use the ceil parameter? It should implement bandwidth borrowing!) but i found the ingress policy a little bit rough. I''d like to keep the traffic categories

Hello every body: I have RedHat fedora core 2 machine, using iptables and squid. I am having a lot of problems with peer2peer traffic. (bittorrent, kazaa, etc.) so I have installed ipp2p from rpm. Every thing was ok until I use iptables rules. I get this error. [root@router iptables]# iptables -A INPUT -p tcp -m ipp2p --ipp2p -j DROP iptables: No chain/target/match by that name sames

Hello, it''s me again, finally p2p traffic is getting shaped, but now I still have one problem: download seems to be affected when shaping the traffic, ack packets are in the interactive queue too, as someone adviced me, what fixed the problem was to change the rates, to match (the sum of all subclasses) the root class rate, and to give the p2p class a very low rate (1k actually) and

Hi I believe that whole question is in topic. Is there any way to recognize ( and then shape ) p2p traffic which is encrypted? Modern p2p clients have this ability moreover some of them have this enabled by default. Now I''m using ipp2p for iptables but as I know this doesn''t recognize encrypted traffic. Thanks in advance. Pozdrawiam Szymon Turkiewicz

Hello, I guess a few of you know about the iptables-p2p project at the http://sourceforge.net/projects/iptables-p2p site. This suite has an excellent filter of which I use today and its running very smoothly. The main reason why I use this is because I desperately need to block torrents. IPP2P does not do this at this time (it seems to me in the doc at least). Is it maybe some way we could merge

Hi, A, B and C are three machines. A and C directly access to theInternet while B access to the Internet through A. +-------------------------------------------------------------+ | +-------------+ +-------------+ | | | A | | B | | | | | --- eth0 ---> <--- eth0 --- | | | | | 192.168.0.1

Hi all. On Sep 26th I decided to try and get ipp2p working on my machine that acts as a gateway for my Internet connection. This machine is running Debian. I performed the install by doing the following steps: - I installed the Debian package called linux-source-2.6.22 for my Linux kernel source and unpacked the resulting tar.bz2 file. - From the netfilter.org site I downloaded the following

Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish

I had been using L7-Filter[1] successfully for edonkey/eMule traffic until recently. I upgraded to the latest release of mldonkey, 2.5.28a, which implements eMule compatibility, and with support for Kademlia[2] enabled, network latency increases greatly. [1] http://l7-filter.sourceforge.net/ [2] http://www.infoanarchy.org/wiki/wiki.pl?Kademlia Has anyone created a new pattern match for