similar to: Prioritizing forwarded traffic over locally generated traffic

I had been using L7-Filter[1] successfully for edonkey/eMule traffic until recently. I upgraded to the latest release of mldonkey, 2.5.28a, which implements eMule compatibility, and with support for Kademlia[2] enabled, network latency increases greatly. [1] http://l7-filter.sourceforge.net/ [2] http://www.infoanarchy.org/wiki/wiki.pl?Kademlia Has anyone created a new pattern match for

re I would like to do some firewalling and p2p shaping/limiting on one of the vlans in my network and I was thinking of using linux box as transparent bridged firewall/limiter. For this I''m planning to use AMD64 2.2Ghz box with 2 1gbit NIC (Broadcom 5721), that will be bridged. The box must be totally transparent and unseen in the network, as well as it should have much influence on

Hi, A, B and C are three machines. A and C directly access to theInternet while B access to the Internet through A. +-------------------------------------------------------------+ | +-------------+ +-------------+ | | | A | | B | | | | | --- eth0 ---> <--- eth0 --- | | | | | 192.168.0.1

After varying degrees of success with p2p detection modules, I would like to write the following rules using iptables to reliably identify p2p traffic: 1. If a host on the network has 5 or more simutaneous tcp connections to ports above 1024, mark all connections to ports 1024 and above as 60. 2. If a host has received (or sent) UDP packets from 5 different hosts'' ports above 1024 in a

Hi all I''m new in this list and i hope to lear and to help if possible. But firt i need help :-( I have this messege in my syslog when my classes and qdiscs goes down. Can any one know what does it mean? Thnx in advance. Yannick Arrimadas Bot Oct 14 16:09:27 pototogorri kernel: HTB init, kernel part version 3.17 Oct 14 16:09:27 pototogorri kernel: Unable to handle kernel paging

Hello, I''ve been trying to shape the bittorrent traffic (on my external interface, upload), but without luck, for this I''m using layer7 filter right now, but I''ve also tried ipp2p, with the same results, I might say that this is not a problem with this packet classifiers, the problem is with HTB, here''s why. When I open azureus (the bittorrent client I

Greetings, I''ve searched, found ftwall, and some other commercial solutions, but am wondering if anyone on this list has any solutions using a linux firewall to block p2p traffic, more specifically Kazaa. Walter Wickersham _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Hello, I'm running centos5. I'm wanting this machine only, none of my other ones, to participate in p2p file sharing, bittorrent, edonkey, maybe other networks. Does anyone have a howto or step by step guide for this? I've installed bittorrent and mldonkey clients, but neither is working, i'm assuming gateway firewall issue, but i've enabled the correct ports, 6881

Hi, I''m running mldonkey on same box as shorewall. I follow this http://mldonkey.sourceforge.net/ShorewallConfiguration to open ports for edonkey protocol I add in /etc/shorewall/rules: # eDonkey 2000 ACCEPT net $FW tcp 4662 ACCEPT net $FW udp 4666 but I could not connect to any edonkey server. I check logs and notice that udp traffic on port 4666 is still dropped. Jul 8 22:35:57

Hi All , My first message and I have a little problem with my FC6 box trying to block emule traffic using layer7 . Here my network : Internet --------- ADSL Router ------------------- FC6 Box -------------------- Emule Box external ADSL : Dynamic Internal ADSL : 192.168.254.1 external FC6 : 192.168.254.3 internal FC6 : 192.168.253.1 Emule Box : 192.168.253.3 I guess that everything

I''m moving to a new place and my new flatmate wants a router because he likes the cleaness of it all in a non geeky way which I can understand. This means it''s going to be hard for me to pursude him to let me run a computer as a router to act as bandwidth cop. But I don''t fancy trying to use ssh, VNC and games while he''s using WindowsUpdate or p2p. So I need

Hello there, I''m having lots of problems with my setup here. Let me explain: I am network administrator for my university dorm. We are about 300 users, and we have 2 ADSL connections doing load balancing with 300kbits upstream and 2Mbit downstream. The load balancing is working great, we are doing connection tracking so I can mark and hence prioritize interactive traffic and ACKS

Hi I believe that whole question is in topic. Is there any way to recognize ( and then shape ) p2p traffic which is encrypted? Modern p2p clients have this ability moreover some of them have this enabled by default. Now I''m using ipp2p for iptables but as I know this doesn''t recognize encrypted traffic. Thanks in advance. Pozdrawiam Szymon Turkiewicz

Hi, I''m really new to traffic shaping and try to implement the wshaper.htb script. I have a linux box that serves as vdr, mldonkey, samba, apache and mailserver (imap), connected to my LAN with 100mbit. I''m connected to the inet via adsl with a hardware router/firewall, got 384k downlink 64k uplink. When I have mldonkey running, imap (via Outlook) gets *very* slow (mails with

Hello, I guess a few of you know about the iptables-p2p project at the http://sourceforge.net/projects/iptables-p2p site. This suite has an excellent filter of which I use today and its running very smoothly. The main reason why I use this is because I desperately need to block torrents. IPP2P does not do this at this time (it seems to me in the doc at least). Is it maybe some way we could merge

Hi, I have a typical configuration for my firewall/gateway box: single network card, with a pppoe connection to the DSL modem. I''m already successfully shaping the uplink (how come that the wondershaper.htb doesn''t use the ceil parameter? It should implement bandwidth borrowing!) but i found the ingress policy a little bit rough. I''d like to keep the traffic categories

Hi, I found that I had some thinking error with the wshaper script. I assigned the bandwith of my DSL connection to it, but the machine where it runs is normally connected to the LAN with 100Mbit behind a separate Hardware-Router.Obviously, the complete connection of the machine was slowed down to 384k because I told it so.I guess, since wshaper takes only one card as argument, I can''t

Hello everyone, I want an opinion from people who tryed different matching modules to match diferent types of traffic, especially p2p ones. I would like to hear which scales better as CPU usage and latency : ipp2p, iptables-p2p or l7-filter with the p2p patterns. I want to use one of them to block most of p2p (except maybe dc++ and emule which i want to shape). I would use the matching rules in

Im getting into tc. How can I control P2P (peer to peer) traffic??? which filters??? any ideas??? Hugonik

Hi, can anybody comment on the cost of matching with IPP2P vs. Layer7. Also, does a iptables rule with more complicated matching mechanism also slow down processing if all the packets are matched before they reach the rule. I.e. is the mere existence of a potentially costly rule already slowing down processing or only if packets are actually processed by it? Thanks very much in advance.