similar to: limit number of TCP connections.

Hi all. On Sep 26th I decided to try and get ipp2p working on my machine that acts as a gateway for my Internet connection. This machine is running Debian. I performed the install by doing the following steps: - I installed the Debian package called linux-source-2.6.22 for my Linux kernel source and unpacked the resulting tar.bz2 file. - From the netfilter.org site I downloaded the following

Hi, I''m having problems with this configuration: iptables 1.3.7 (vanilla or repackaged for fc5) kernel 2.6.19 (vanilla) ROUTE 1.11 (last pom-ng) layer7-filter 2.6 (last in sf.net) connlimit (last pom-ng) When I try to use -j ROUTE in any chain in mangle table I have this error: [root@myhost ~]# iptables -v -t mangle -A POSTROUTING -p tcp --dport msnp -j ROUTE --gw

Hello, I guess a few of you know about the iptables-p2p project at the http://sourceforge.net/projects/iptables-p2p site. This suite has an excellent filter of which I use today and its running very smoothly. The main reason why I use this is because I desperately need to block torrents. IPP2P does not do this at this time (it seems to me in the doc at least). Is it maybe some way we could merge

hi, i try use iptables connlimit, # iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j DROP iptables: Unknown error 4294967295 where is problem ? thanks # rpm -qa | grep iptables iptables-1.3.5-4.el5 # uname -a Linux test 2.6.18-92.1.1.el5 #1 SMP Sat Jun 21 19:04:27 EDT 2008 i686 i686 i386 GNU/Linux

Hello ! I am using shorewall , it is okey. Just i like to forbid edonkey as i did for kazaa using ftwall. Thanks. Wahid.

Greetings, I''ve searched, found ftwall, and some other commercial solutions, but am wondering if anyone on this list has any solutions using a linux firewall to block p2p traffic, more specifically Kazaa. Walter Wickersham _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Does anyone know how to make a link redundancy? I have two ADSL lines, and i want the linux machine to be able to switch between the two lines everytime the first ADSL line goes down. Thanks a lot. Cristiano

Hello I''ve setuped a bridge with l7-filter and ipp2p. We have every day + or - between 10Mbits and 30 Mbits P2P traffic from + or - 450 customers. When traffic increase. I''ve got this kind of error message : Feb 23 14:26:19 gestor1 kernel: printk: 38 messages suppressed. Feb 23 14:26:19 gestor1 kernel: ip_conntrack: table full, dropping packet. The server is celeron

Hi all. Im having a problem that is driving me crazy. I cant get link fail-over to work in my RedHat9 Linux. I have two ADSL lines exactly the same speed, and im doing NAT with the linux box. Whenever the first line (eth2 in my case) goes down, i run a bash script that i made to change the default route to the backup line (eth0). eth1 is my internal network. I want to be able to make the linux box

After varying degrees of success with p2p detection modules, I would like to write the following rules using iptables to reliably identify p2p traffic: 1. If a host on the network has 5 or more simutaneous tcp connections to ports above 1024, mark all connections to ports 1024 and above as 60. 2. If a host has received (or sent) UDP packets from 5 different hosts'' ports above 1024 in a

Hi, I''ve been wondering if anyone has thought of a way to differentiate between an established http download and interactive http traffic? I would like to give interactive http traffic priority over someone downloading large files. Has anyone any ideas how to detect packets that are part of a download like this? Thanks. _______________________________________________

does anyone know a way to shape outgoing/upload traffic per ip? I have a network and i want to limit the upload with 100kbit per user. Ex: 192.168.1.20 ----> 1024kbit-DOWN / 100kbit-UP 192.168.1.21 ----> 1024kbit-DOWN / 100kbit-UP and so on....... Ive tried CBQ and HTB, but couldnt get is right. the only thing that I did in upload bases was: "tc qdisc add dev ppp0 root tbf rate

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there interest in ipp2p support in Shorewall? While the ipp2p code is not part of the standard kernel.org distributions, my experience is that it is very easy to install and I would be willing to provide support for it if there is interest. See http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html for information about ipp2p. - -Tom - -- Tom

i am using ipp2p module (v 0.6) from http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html I have tried it on kazaa and e-donkey connections. Unfortunately, I am interesting in limiting kazaa traffic, which this modules seems not to work right with it. (Kazza traffic is not identified most of the cases....). Has anyone tried this kazza bandwidth control???

Hello, Is there a way to route p2p traffic on a separate ISP connection, just as you would choose a separate connection for http traffic? I tried all sorts of setups based on: http://www.braindump.dk/en/wiki/?wikipage=PolicyRouting but with no luck. Please help :) (ipp2p is up and running) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl

Hi all, i need advice how can i limit ip_conntrack per IP. clients of network that i support often uses torrent , DC++ , eMule clients and i have lost packages because they open too many ports. i have traffic control limits but this obviously isn''t enough Any advance how to prevent server from this kind problems will be welcome. Best regards Emil

I'm still looking for a P2P network (i.e. Gnutella, KaZaA, etc.) and client that actively supports the OGG format. People have told me that since Gnutella is so flexible that it is also possible to trade .ogg files. In reality, I haven't seen a single client using the Gnutella network that could search and truly FIND an .ogg file. Does anyone know of a network or specifically, a client

Hey, one more question for ipp2p iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j MARK --set-mark 7 iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark iptables -t mangle -A DSL-IN -p udp -m ipp2p --ipp2p -j MARK

Hi all. Im using the following CQB shaper to shape IP addresses: DEV=eth1 (internal eth) tc qdisc del dev $DEV root tc qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth 100mbit tc class add dev $DEV parent 1: classid 1:1 cbq rate 256kbit allot 1500 prio 5 bounded isolated tc class add dev $DEV parent 1: classid 1:2 cbq rate 512kbit allot 1500 prio 5 bounded isolated tc filter add dev

Hi all I''m new in this list and i hope to lear and to help if possible. But firt i need help :-( I have this messege in my syslog when my classes and qdiscs goes down. Can any one know what does it mean? Thnx in advance. Yannick Arrimadas Bot Oct 14 16:09:27 pototogorri kernel: HTB init, kernel part version 3.17 Oct 14 16:09:27 pototogorri kernel: Unable to handle kernel paging