similar to: HTB

Hi, A, B and C are three machines. A and C directly access to theInternet while B access to the Internet through A. +-------------------------------------------------------------+ | +-------------+ +-------------+ | | | A | | B | | | | | --- eth0 ---> <--- eth0 --- | | | | | 192.168.0.1

Hello, I''ve been trying to shape the bittorrent traffic (on my external interface, upload), but without luck, for this I''m using layer7 filter right now, but I''ve also tried ipp2p, with the same results, I might say that this is not a problem with this packet classifiers, the problem is with HTB, here''s why. When I open azureus (the bittorrent client I

Hi all, I am running Slackware 10.1 with Kernel 2.6.14.3 includes iptables 1.3.4 with layer 7 My network diagram below: - INTERNET --- LINUX_ROUTER_FW --- PCs Below is my simple iptables script: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t mangle -A POSTROUTING -m layer7 --l7proto applejuice -j MARK --set-mark 1 iptables -t

Hi, I''m a complete newbie at this traffic shaping / QoS stuff so please excuse me if this is a silly question. I''ve searched and searched on Google and I just end up confusing myself even more, so I thought I''d post my question to this list and see whether someone can help me! Basically, I am running a Linux box as a NAT router on my home network (machine name marvin).

Hi all: I am getting this error message in my syslog after a few hours of running my QoS. First i suposed it was a memory sims problem, but i have changed them and i have the same problem. Here is the error message: Oct 20 16:52:23 pototogorri /usr/bin/sudo: apache : TTY=unknown ; PWD=/var/www/html ; USER=root ; COMMAND=/sbin/iptables -t nat -D PREROUTI Oct 20 16:52:23 pototogorri

Hello there, I''m having lots of problems with my setup here. Let me explain: I am network administrator for my university dorm. We are about 300 users, and we have 2 ADSL connections doing load balancing with 300kbits upstream and 2Mbit downstream. The load balancing is working great, we are doing connection tracking so I can mark and hence prioritize interactive traffic and ACKS

Hey, one more question for ipp2p iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j MARK --set-mark 7 iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark iptables -t mangle -A DSL-IN -p udp -m ipp2p --ipp2p -j MARK

re I would like to do some firewalling and p2p shaping/limiting on one of the vlans in my network and I was thinking of using linux box as transparent bridged firewall/limiter. For this I''m planning to use AMD64 2.2Ghz box with 2 1gbit NIC (Broadcom 5721), that will be bridged. The box must be totally transparent and unseen in the network, as well as it should have much influence on

Hello, Is there a way to route p2p traffic on a separate ISP connection, just as you would choose a separate connection for http traffic? I tried all sorts of setups based on: http://www.braindump.dk/en/wiki/?wikipage=PolicyRouting but with no luck. Please help :) (ipp2p is up and running) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl

Hi All , My first message and I have a little problem with my FC6 box trying to block emule traffic using layer7 . Here my network : Internet --------- ADSL Router ------------------- FC6 Box -------------------- Emule Box external ADSL : Dynamic Internal ADSL : 192.168.254.1 external FC6 : 192.168.254.3 internal FC6 : 192.168.253.1 Emule Box : 192.168.253.3 I guess that everything

Hello, I guess a few of you know about the iptables-p2p project at the http://sourceforge.net/projects/iptables-p2p site. This suite has an excellent filter of which I use today and its running very smoothly. The main reason why I use this is because I desperately need to block torrents. IPP2P does not do this at this time (it seems to me in the doc at least). Is it maybe some way we could merge

Hi, I''m really new to traffic shaping and try to implement the wshaper.htb script. I have a linux box that serves as vdr, mldonkey, samba, apache and mailserver (imap), connected to my LAN with 100mbit. I''m connected to the inet via adsl with a hardware router/firewall, got 384k downlink 64k uplink. When I have mldonkey running, imap (via Outlook) gets *very* slow (mails with

Hi, I found that I had some thinking error with the wshaper script. I assigned the bandwith of my DSL connection to it, but the machine where it runs is normally connected to the LAN with 100Mbit behind a separate Hardware-Router.Obviously, the complete connection of the machine was slowed down to 384k because I told it so.I guess, since wshaper takes only one card as argument, I can''t

I had been using L7-Filter[1] successfully for edonkey/eMule traffic until recently. I upgraded to the latest release of mldonkey, 2.5.28a, which implements eMule compatibility, and with support for Kademlia[2] enabled, network latency increases greatly. [1] http://l7-filter.sourceforge.net/ [2] http://www.infoanarchy.org/wiki/wiki.pl?Kademlia Has anyone created a new pattern match for

Hi, I have a typical configuration for my firewall/gateway box: single network card, with a pppoe connection to the DSL modem. I''m already successfully shaping the uplink (how come that the wondershaper.htb doesn''t use the ceil parameter? It should implement bandwidth borrowing!) but i found the ingress policy a little bit rough. I''d like to keep the traffic categories

Greetings, I''ve searched, found ftwall, and some other commercial solutions, but am wondering if anyone on this list has any solutions using a linux firewall to block p2p traffic, more specifically Kazaa. Walter Wickersham _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

I''m moving to a new place and my new flatmate wants a router because he likes the cleaness of it all in a non geeky way which I can understand. This means it''s going to be hard for me to pursude him to let me run a computer as a router to act as bandwidth cop. But I don''t fancy trying to use ssh, VNC and games while he''s using WindowsUpdate or p2p. So I need

i am trying to do some traffic classification using the PRIO qdisc and i am having a few problems. I have a root htb class: tc qdisc add dev imq0 root handle 1: htb default 255 r2q 1 tc class add dev imq0 parent 1: classid 1:1 htb rate 768kbit and a child PRIO tc class add dev imq0 parent 1:1 classid 1:99 htb rate 96kbit ceil 600kbit prio 0 tc qdisc add dev imq0 parent 1:99 prio tc filter

After varying degrees of success with p2p detection modules, I would like to write the following rules using iptables to reliably identify p2p traffic: 1. If a host on the network has 5 or more simutaneous tcp connections to ports above 1024, mark all connections to ports 1024 and above as 60. 2. If a host has received (or sent) UDP packets from 5 different hosts'' ports above 1024 in a

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there interest in ipp2p support in Shorewall? While the ipp2p code is not part of the standard kernel.org distributions, my experience is that it is very easy to install and I would be willing to provide support for it if there is interest. See http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html for information about ipp2p. - -Tom - -- Tom