similar to: management of virus and p2p-traffic

I''ve been lurking for a while, trying to figure out this traffic control stuff. We have 3 ADSL modems upstream, with 2, 2, and 1 megabit total bandwidth, 1/4 of it up, 3/4 down. We also have about 200 workstations downstream, connected through wifi. We are presently using tc to create about 200 buckets with HTB and SFQ. It seems like this is too many buckets, since usually only about

Im getting into tc. How can I control P2P (peer to peer) traffic??? which filters??? any ideas??? Hugonik

Did anyone see the article? It''s the first time I really noticed that these little Linksys routers are such a fully fledged linux machine with a decent processor and a replacable firmware. I am now itching to get one to replace the multipurpose firewall desktop machine. Has anyone experimented with the current state of the firmware and how advanced you can get with tc rules? For

Greetings, I''ve searched, found ftwall, and some other commercial solutions, but am wondering if anyone on this list has any solutions using a linux firewall to block p2p traffic, more specifically Kazaa. Walter Wickersham _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Sir, Thanks for the wondershaper utility! It has improved the response time for my ssh connections to my home server whenever i need to access it from the Internet. However, is there a way to setup a bandwidth, say 10kbits/sec (i only have 128kbits/sec DSL), and assign it to a particular traffic type like kazaa and other P2P file-sharing? This way it will guarantee that my home users of

re I would like to do some firewalling and p2p shaping/limiting on one of the vlans in my network and I was thinking of using linux box as transparent bridged firewall/limiter. For this I''m planning to use AMD64 2.2Ghz box with 2 1gbit NIC (Broadcom 5721), that will be bridged. The box must be totally transparent and unseen in the network, as well as it should have much influence on

Hi.... I''m trying to setup a LAN router with P2P filter but the problem is that can''t "catch" Ares. There is a way to DROP "ares" p2p packets ? I''ve tried with last "ipp2p" snapshot without sucess... I''ve Kernel 2.4.28 iptables 1.3.0 Various Patches from patch-o-matic-ng-20040621 iproute2-ss020116 IMQ Patch Esfq Patch

Hello there, I''m having lots of problems with my setup here. Let me explain: I am network administrator for my university dorm. We are about 300 users, and we have 2 ADSL connections doing load balancing with 300kbits upstream and 2Mbit downstream. The load balancing is working great, we are doing connection tracking so I can mark and hence prioritize interactive traffic and ACKS

Hi, I''m new at traffic control and was reading up on HTB and using it to put an upper limit on traffic. I have a 256k DSL with 64k upload (which translates to about 5/6KB uploads). The machine running the P2P applications keeps filling up the 64K so my browsing from other machines in the network ends up being very slow. Since there are several P2P applications, I wanted to set the

Hi I share my bandwith (adsl 512/128) between 12 users. I set up simple qos script for incoming (IMQ) and outgoing traffic using htb in root, 4 classess and esfq qdisc at leafs. Interactive traffic goeas to class1 , http,mail etc. to class2, p2p, ftp to class3, and rest to class4. Classess divide link in proportion 20% (prio 1), 40% (prio 2), 20% (prio 3) ,20% (prio 4) This works

Hi I have the following problem: I''ve created qos script which shapes traffic on outgoing interface eth1. More - less it looks like this : ------------------------CUT------------------------------------------------------ #root qdisc and class for eth1 $tc qdisc add dev eth1 root handle 1:0 htb default 19 $tc class add dev eth1 parent 1:0 classid 1:1 htp ratel ${CEIL_UP}kbit ceil

Hi all, I am running Slackware 10.1 with Kernel 2.6.14.3 includes iptables 1.3.4 with layer 7 My network diagram below: - INTERNET --- LINUX_ROUTER_FW --- PCs Below is my simple iptables script: - echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -t mangle -A POSTROUTING -m layer7 --l7proto applejuice -j MARK --set-mark 1 iptables -t

Hi, I''ve a linux as router nat + firewall (POLICY DROP for INPUT OUTPUT and FORWARD) but, I''ve put next rules for p2p software on FORWARD chain [... snip ... ] iptables -F FORWARD iptables -P FORWARD DROP iptables -A FORWARD -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -p tcp --dport 25 -j ACCEPT [... snip ... ] iptables -A FORWARD -m ipp2p --ipp2p -j ACCEPT iptables -A

Probably, I''m not the first one who needs solve problem with p2p. Because, large part of my traffic is eaten by p2p software like KazAA, e-mule, Direct Connect etc, I''m looking for the way of detection of such traffic and marking it. However simple way with for instance 1214 port for KazAA doesn''t work because this software uses floating port technology. This traffic can

Hello, Is there a way to route p2p traffic on a separate ISP connection, just as you would choose a separate connection for http traffic? I tried all sorts of setups based on: http://www.braindump.dk/en/wiki/?wikipage=PolicyRouting but with no luck. Please help :) (ipp2p is up and running) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl

Hi I believe that whole question is in topic. Is there any way to recognize ( and then shape ) p2p traffic which is encrypted? Modern p2p clients have this ability moreover some of them have this enabled by default. Now I''m using ipp2p for iptables but as I know this doesn''t recognize encrypted traffic. Thanks in advance. Pozdrawiam Szymon Turkiewicz

Hello, I''m wondering which of these filters is the best method for filtering ACK packages to achieve lowest delay possible on a dsl-link. This one ist from the wondershaper from the lartc-site: /sbin/tc filter add dev $EXTIF parent 1:0 protocol ip prio 0 u32 \   match ip protocol 6 0xff \   match u8 0x05 0x0f at 0 \   match u16 0x0000 0xffc0 at 2 \   flowid 1:10 Thats a suggestion

OK, here it is. Near perfect bandwidth calculation for ADSL users. Patch iproute2 with the HTB stuff and then this: It''s still a hack (as far as I can tell) because we are patching the rates tables, and hence I think it is only loosly coupled with the actual calculation of bytes in each bucket. However, it works very nicely for me! I have only been lightly testing with

Interesante !! lo probaste con 2.4 ? o 2.6 ? -> -----Mensaje original----- -> De: Esteban Ribicic [mailto:esteban@dejawu.com.ar] -> Enviado el: Lunes, 02 de Febrero de 2004 08:11 p.m. -> Para: ''ThE PhP_KiD'' -> Asunto: RE: [LARTC] limiting p2p -> -> -> Probaste layering 7 matching? -> -> -> -----Mensaje original----- -> De:

Hey, one more question for ipp2p iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j MARK --set-mark 7 iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark iptables -t mangle -A DSL-IN -p udp -m ipp2p --ipp2p -j MARK