Displaying 20 results from an estimated 1200 matches similar to: "layer7-filter with iptables problem"
2004 Jul 09
14
Layer 7 netfilter not working
Hello there!
I am trying to get traffic shaping working on my Linux router (debian
woody 3r02) and for some things I wanted to use the layer 7 packet
classifier, but I can''t get it to work.
Here is what I did:
-downloaded the patches from http://l7-filter.sourceforge.net
-downloaded the kernel 2.6.7 source
-downloaded the iptables 1.2.11 source
-patched kernel (layer7 patch and some
2005 Dec 22
5
control p2p upload bandwidth rate
Hi all,
I am running Slackware 10.1 with Kernel 2.6.14.3 includes iptables 1.3.4
with layer 7
My network diagram below: -
INTERNET --- LINUX_ROUTER_FW --- PCs
Below is my simple iptables script: -
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t mangle -A POSTROUTING -m layer7 --l7proto applejuice -j MARK
--set-mark 1
iptables -t
2005 Jul 06
8
HTB and bittorrent, won''t work
Hello,
I''ve been trying to shape the bittorrent traffic (on my external interface,
upload), but without luck, for this I''m using layer7 filter right now, but
I''ve also tried ipp2p, with the same results, I might say that this is not a
problem with this packet classifiers, the problem is with HTB, here''s why.
When I open azureus (the bittorrent client I
2006 Nov 12
1
Script for get bandwidth statistic from iptable
i search a lot forum how to get bandwidth statistic such number of packet, total byte in each application protocol by using IPTABLES + netfilter-layer7
but i don''t know which script for getting it in log file and use data after get it for plotting graph later
my IPTABLES command like this
iptables -t mangle -N all
iptables -t mangle -A POSTROUTING -j all
iptables -t mangle -A
2007 Jul 05
4
Load Balancing , MSN and SSL
HI All ,
I am running a FC6 box with two internet links with load balance . Every
thing is working fine expect the MSN connection that failed and reconnect
every time and SSL connections . I would link to know if with the nona
howto I could fix that .
I have been tried with no success to redirect that connection only to one
link but its look like do not work . Here my configuration :
2006 Dec 12
1
Layer7 module doesn''t detect nothing on my bridge with a 2.6.18.3 kernel
Hello
I''ve setuped a QOS bridge under debian 3.1 using 2.6.18.3 kernel +
iptables 1.3.6
I''ve patched the kernel an Iptables with esfq+layer7 without problems.
This simple script doesn''t log nothing ... And I''m sure to have eMule
traffic (I''ve checked with tcpdump )
If I remove " -m layer7 --l7proto edonkey \" line I can see
2006 Jan 12
1
Qos and bandwidth control
hi everybody.
im trying to set up an QoS config, using layer7
(http://l7-filter.sourceforge.net/) for protocol detection.
im suposing 3 clients with this configuration:
3 clients: 1.2.3.1 , 1.2.3.2 , 1.2.3.3
1.2.3.1 has 256kbit bandwidth "guaranteed"
clients 1.2.3.2 and 1.2.3.3 has 256kbit bandwith
so im marking every packet using layer7 iptables module, classifying them in
three
2005 Jan 22
2
Layer 7 packet classifier doesn''t recognize packets sent by the router itself
Hi there,
I have a little problem. I had this some months ago but didn''t solve it
back then. I have patched my kernel with Layer 7 support and patched my
iptables to support it, too.
Now I inserted this line in my firewall script on my router for testing
purpose:
$IPTABLES -t mangle -A POSTROUTING -o $INET_IFACE -p tcp -m layer7
--l7proto http -j DROP
It works, BUT only if the
2006 Apr 18
3
Matching with Layer7 vs. IPP2P
Hi,
can anybody comment on the cost of matching with IPP2P vs. Layer7.
Also, does a iptables rule with more complicated matching mechanism also
slow down processing if all the packets are matched before they reach
the rule. I.e. is the mere existence of a potentially costly rule
already slowing down processing or only if packets are actually
processed by it?
Thanks very much in advance.
2005 Feb 23
13
Snort and Shorewall
Hello
I am looking for a way to have snort to dynamically update my shorewall config.
I have seen software out there but I would like to see if anyone had tried this
first.
Aslo I would like to know if there is a way clear the Netfilter tables when I do
a shorewall restart. The reason being is that when I make a change to my
firewall setting I want all connections to have to re-establish
2007 Sep 19
2
bittorrent traffic...
Hi,
Thanks for the reply.
Mohan Sundaram wrote :
> mark in iptables and use tc to classify using mark.
Mark like this ?
iptables -A INPUT -m layer7 --l7proto bittorrent -j MARK --set-mark 3
and then..
tc filter add dev eth0 protocol ip parent 1:0 1 handle 3 fw flowid 1:10
and lets say we have a flowid 1:3 declared to use at 60kbit ceil 60kbit
Is that proper ?
If so then it
2007 Jun 08
5
CBQ + Layer7 x Emule
Hi All ,
My first message and I have a little problem with my FC6 box trying to block
emule traffic using layer7 .
Here my network :
Internet --------- ADSL Router ------------------- FC6 Box
-------------------- Emule Box
external ADSL : Dynamic
Internal ADSL : 192.168.254.1
external FC6 : 192.168.254.3
internal FC6 : 192.168.253.1
Emule Box : 192.168.253.3
I guess that everything
2005 Jul 08
2
P2P shaping, won''t work
Hello, its me again, I won''t stop sending emails to this list, until I solve
this problem, I''ve tried several apps to create the right htb rules (even
made them my self), but I always get the same results, traffic gets shaped,
but I can''t use my bandwidth, and this is weird, because I should be able to,
also I keep seeing download being limited too, and that
2019 Oct 06
2
Re: Error validating install location: Distro 'rhel8' does not exist in our dictionary
On Sat, Oct 5, 2019 at 7:27 PM Oliver Dzombic <info@layer7.net> wrote:
> Hi,
>
> if you run on a shell the command:
>
> osinfo-query os
>
> you will see that its:
>
> rhl8.0 | Red Hat Linux 8.0
> | 8.0 | http://redhat.com/rhl/8.0
>
>
> so instead of rhel8, i suggest you to try rhl8.0
>
> Good luck !
>
> Greetings
>
2006 Aug 23
3
How to select Skype traffic??
Hi,
I have simple question about Skype. What are the methods of selecting packets
which belongs to Skype??
I know about 7layer but I don''t belive that is only way.
Is 7layer realy good and stable solution for routers which must handle more
than 1000 users ?
Thanks in advance
Pozdrawiam
Szymon Turkiewicz
2005 May 30
23
ipp2p problems
Hi all,
I have found problems in p2p traffic detection. The ipp2p module works
fine but in shorewall the rules written for this protocols never match
because the initials p2p connection (login) match in ''-m state --state
RELATED,ESTABLISHED -j ACCEPT'' rule before ''-m ipp2p --ipp2p -j DROP''
rule, so netfilter never filter p2p traffic. I have had to run
2004 Sep 25
3
New L7-Filter patterns for Kademlia / eMule?
I had been using L7-Filter[1] successfully for edonkey/eMule traffic until
recently. I upgraded to the latest release of mldonkey, 2.5.28a, which
implements eMule compatibility, and with support for Kademlia[2] enabled,
network latency increases greatly.
[1] http://l7-filter.sourceforge.net/
[2] http://www.infoanarchy.org/wiki/wiki.pl?Kademlia
Has anyone created a new pattern match for
2005 Apr 27
5
Shorewall and P2P traffic
Hi all,
I have just upgraded to a new satellite internet provider. I have two network cards - one with a public IP connected to my satellite router, and the second network card with private IP into my switch for the LAN. Shorewall firewall
My old satellite system is not being used.
Would it be possible/feasable to install a third network card into my Fedora Core 2 server, and then direct all
2006 Dec 11
21
iptables 1.3.7, kernel 2.6.19, ROUTE and Layer7 issues
Hi, I''m having problems with this configuration:
iptables 1.3.7 (vanilla or repackaged for fc5)
kernel 2.6.19 (vanilla)
ROUTE 1.11 (last pom-ng)
layer7-filter 2.6 (last in sf.net)
connlimit (last pom-ng)
When I try to use -j ROUTE in any chain in mangle table I have this error:
[root@myhost ~]# iptables -v -t mangle -A POSTROUTING -p tcp --dport msnp
-j ROUTE --gw
2006 Mar 23
11
linux box as vlan p2p limiter and firewall?
re
I would like to do some firewalling and p2p shaping/limiting on one of
the vlans in my network and I was thinking of using linux box as
transparent bridged firewall/limiter. For this I''m planning to use AMD64
2.2Ghz box with 2 1gbit NIC (Broadcom 5721), that will be bridged. The
box must be totally transparent and unseen in the network, as well as it
should have much influence on