similar to: Shorewall, ipp2p and ipt_CONNTRACK

Displaying 20 results from an estimated 8000 matches similar to: "Shorewall, ipp2p and ipt_CONNTRACK"

2004 Oct 17
8
Shorewall and IPP2P
Hi! I''m wondering whether anyone has successfully set up a bandwidth control system using ipp2p and shorewall. I have been able to drop connecions altogether, but I don''t seem to be able to get CONNMARK working with ipp2p. Any pointers would be greatly appreciated :) ______________________________ Mario R. Pizzolanti
2005 Apr 03
4
Shorewall 2.2.2 and kernel-2.6.11
Hi! I''m trying to get shorewall to work with kernel 2.6.11, but to no avail :( There seems to be some problem with nat, whereupon iptables cannot set it up. Kernel compiled on base of mandrake kernel-source, patched with ipp2p and the ipsec patches from Tom''s contrib. Here''s the error: /sbin/iptables -t nat -A eth2_masq -s 192.168.0.0/23 -d 0.0.0.0/0 -j MASQUERADE
2004 Oct 30
4
modules ipt_conntrack ipt_pkttype not found
Hello, I run Shorewall 2.0.3a backport on a debian woody box (with 2.4.18 homemade kernel). When I start shorewall I got the following errors. Oct 30 11:13:12 fwr modprobe: modprobe: Can''t locate module ipt_conntrack Oct 30 11:13:17 fwr modprobe: modprobe: Can''t locate module ipt_pkttype Oct 30 11:13:18 fwr modprobe: modprobe: Can''t locate module ipt_pkttype Oct 30
2005 Jan 25
3
IPP2P broken?
Hi, I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just to be sure it''s not pebkac). The IPP2P support is broken, line like: DROP loc net ipp2p generates: iptables -A loc2net -j DROP that''s _wrong_ :) i have tried playing with debug to no avail, and I''m not that good at bashing... just to be complete, the suggested status.txt from one of the
2004 Sep 17
6
IPP2P
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there interest in ipp2p support in Shorewall? While the ipp2p code is not part of the standard kernel.org distributions, my experience is that it is very easy to install and I would be willing to provide support for it if there is interest. See http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html for information about ipp2p. - -Tom - -- Tom
2005 Feb 23
13
Snort and Shorewall
Hello I am looking for a way to have snort to dynamically update my shorewall config. I have seen software out there but I would like to see if anyone had tried this first. Aslo I would like to know if there is a way clear the Netfilter tables when I do a shorewall restart. The reason being is that when I make a change to my firewall setting I want all connections to have to re-establish
2007 Jun 29
1
ipp2p traffic not rejected
Hi, I''m using following rule in /etc/shorewall/rules REJECT:ULOG:P2P loc net ipp2p:all ipp2p iptables -L : Chain loc2net (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ULOG all -- anywhere anywhere ipp2p v0.8.2--ipp2p ULOG
2006 Jan 13
3
IPP2P & Marking Connections
I have two (interconnected) questions: First of all, I''m trying to use IPP2P to classify my P2P traffic and give it a lower network priority. I''ve already successfully built IPP2P into iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but it''s confusing me. Using the documentation for normal tcrules in 3.0
2005 Jan 27
1
ipp2p doc error
I think I''ve found a mistake in the http://www.shorewall.net/ipp2p.html documentation. I''ve been trying to get traffic shaping working on the p2p traffic (Using ipp2p and wonder shaper) and lossing clumps of hair in the process. I followed the web page documentation but the "tcpost" rule that clasifies the packet and actually starts the "castration"
2007 Apr 18
1
Can''t change ipt_conntrack hashsize under debian sarge ???
Hello, I''ve tried to change ipt_conntrack hashsize and con under my debian charge but doesn''t work ! Ive got 2876Mb available for conntrack so I''ve done (according to some previous mail and this http://www.wallfire.org/misc/netfilter_conntrack_perf.txt) CONNTRACK_MAX = 2876 * 64 = 184064 HASHSIZE = 2876 * 8 = 23002 But the near power of 2 is 2^16 = 131072
2002 May 13
3
RE: [Shorewall-users] SMTP outbound problem (fwd)
I think we should add an FAQ entry for tcp_ecn. I remember Tom giving a good description in one of his many responses and there is mention of it in the pptp page, but I could not find the response from Tom about different tcp stacks. Thanks, -- Steve Herber herber@thing.com work: 206-261-0307 Systems Engineer, AMCIS, UoW home: 425-454-2399 ---------- Forwarded message ---------- Date: Sat,
2007 Apr 03
3
ipp2p: error loading kernel module
Hi, I get this error when trying to insmod the ipp2p kernel module: "insmod: error inserting ''ipt_ipp2p.ko'': -1 Invalid module format" in the kernel log: "ipt_ipp2p: disagrees about version of symbol struct_module" Kernel version 2.6.20.4 iptables version: 1.3.5 ipp2p version: 0.8.2 (latest) Anyone tried ipp2p with kernel 2.6.20? Best Regards Niclas
2007 Mar 14
6
ipp2p problems
Hello list, I''m newbie in this list. Well, i''m going crazy with ipp2p. Googling i find a mini-howto but i''ve got problems. 1) Download: * iptables-dev (apt-get) * kernel-headers-2.x.x (your kernel, "uname -r") * src of your iptables (iptables -V and apt-get source) * ipp2p-0.8.0.tar.gz (stable) 2) untar ipp2p and cd ipp2p 3) Edit Makefile, if it''s
2005 May 30
23
ipp2p problems
Hi all, I have found problems in p2p traffic detection. The ipp2p module works fine but in shorewall the rules written for this protocols never match because the initials p2p connection (login) match in ''-m state --state RELATED,ESTABLISHED -j ACCEPT'' rule before ''-m ipp2p --ipp2p -j DROP'' rule, so netfilter never filter p2p traffic. I have had to run
2007 Oct 06
7
ipp2p segmentation fault
Hi all. On Sep 26th I decided to try and get ipp2p working on my machine that acts as a gateway for my Internet connection. This machine is running Debian. I performed the install by doing the following steps: - I installed the Debian package called linux-source-2.6.22 for my Linux kernel source and unpacked the resulting tar.bz2 file. - From the netfilter.org site I downloaded the following
2003 Mar 08
1
Shorewall suggestions
Just a note to mention that I have been using the RC1 release at work for a simple one interface firewall. No problems that I have seen. We use Solaris, AIX, Tru64, and Linux in my group at the U of W. I know some IP filter package is available on Solaris and Tru64. On the Tru64 system you can configure an interface with a list of cidr notation subnets to accept or deny access. I reformatted
2003 Mar 23
5
Shorewall 1.4.1a
Rather than have lots of folks downloading a version with a broken ''check'' command, I''ve released 1.4.1a that corrects the problem. Sorry for the back-to-back releases today... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
2003 Feb 21
2
Shorewall 1.4 will require the iproute package
Subject says it all... -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ teastep@shorewall.net
2006 Aug 14
2
enable p2p to some host (ipp2p)
Hi I using ipp2p to block p2p traffic. How to enable to use p2p to me host in my net ? I using this setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -j DROP This setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -d ! mynet -j DROP iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -s ! mynet -j DROP not
2006 May 01
1
Traffic Shaping with Shorewall
Does anyone here implement traffic shaping with shorewall? I need to shape BitTorrent traffic on my network so that upload/downloads do not overwhelm normal function or, even more importantly, my imminent conversion to VOIP for all telephone service. I followed the shorewall documentation guide but am not sure if what I have done is the Right Way Of Doing Things. Nor am I satsified with the