Displaying 20 results from an estimated 8000 matches similar to: "Shorewall, ipp2p and ipt_CONNTRACK"
2004 Oct 17
8
Shorewall and IPP2P
Hi!
I''m wondering whether anyone has successfully set up a bandwidth control
system using ipp2p and shorewall. I have been able to drop connecions
altogether, but I don''t seem to be able to get CONNMARK working with ipp2p.
Any pointers would be greatly appreciated :)
______________________________
Mario R. Pizzolanti
2005 Apr 03
4
Shorewall 2.2.2 and kernel-2.6.11
Hi!
I''m trying to get shorewall to work with kernel 2.6.11, but to no avail :(
There seems to be some problem with nat, whereupon iptables cannot set
it up. Kernel compiled on base of mandrake kernel-source, patched with
ipp2p and the ipsec patches from Tom''s contrib.
Here''s the error:
/sbin/iptables -t nat -A eth2_masq -s 192.168.0.0/23 -d 0.0.0.0/0 -j
MASQUERADE
2004 Oct 30
4
modules ipt_conntrack ipt_pkttype not found
Hello,
I run Shorewall 2.0.3a backport on a debian woody box (with 2.4.18
homemade kernel).
When I start shorewall I got the following errors.
Oct 30 11:13:12 fwr modprobe: modprobe: Can''t locate module ipt_conntrack
Oct 30 11:13:17 fwr modprobe: modprobe: Can''t locate module ipt_pkttype
Oct 30 11:13:18 fwr modprobe: modprobe: Can''t locate module ipt_pkttype
Oct 30
2005 Jan 25
3
IPP2P broken?
Hi,
I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just to be sure it''s not pebkac). The IPP2P support is broken, line like:
DROP loc net ipp2p
generates:
iptables -A loc2net -j DROP
that''s _wrong_ :)
i have tried playing with debug to no avail, and I''m not that good at bashing...
just to be complete, the suggested status.txt from one of the
2004 Sep 17
6
IPP2P
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Is there interest in ipp2p support in Shorewall? While the ipp2p code is
not part of the standard kernel.org distributions, my experience is that
it is very easy to install and I would be willing to provide support for
it if there is interest.
See http://rnvs.informatik.uni-leipzig.de/ipp2p/index_en.html for
information about ipp2p.
- -Tom
- --
Tom
2005 Feb 23
13
Snort and Shorewall
Hello
I am looking for a way to have snort to dynamically update my shorewall config.
I have seen software out there but I would like to see if anyone had tried this
first.
Aslo I would like to know if there is a way clear the Netfilter tables when I do
a shorewall restart. The reason being is that when I make a change to my
firewall setting I want all connections to have to re-establish
2007 Jun 29
1
ipp2p traffic not rejected
Hi,
I''m using following rule in /etc/shorewall/rules
REJECT:ULOG:P2P loc net ipp2p:all ipp2p
iptables -L :
Chain loc2net (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ULOG all -- anywhere anywhere ipp2p
v0.8.2--ipp2p ULOG
2006 Jan 13
3
IPP2P & Marking Connections
I have two (interconnected) questions:
First of all, I''m trying to use IPP2P to classify my P2P traffic and give it
a lower network priority. I''ve already successfully built IPP2P into
iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but
it''s confusing me. Using the documentation for normal tcrules in 3.0
2005 Jan 27
1
ipp2p doc error
I think I''ve found a mistake in the http://www.shorewall.net/ipp2p.html
documentation.
I''ve been trying to get traffic shaping working on the p2p traffic
(Using ipp2p and wonder shaper) and lossing clumps of hair in the process.
I followed the web page documentation but the "tcpost" rule that
clasifies the packet and actually starts the "castration"
2007 Apr 18
1
Can''t change ipt_conntrack hashsize under debian sarge ???
Hello,
I''ve tried to change ipt_conntrack hashsize and con under my debian
charge but doesn''t work !
Ive got 2876Mb available for conntrack so I''ve done (according to some
previous mail and this
http://www.wallfire.org/misc/netfilter_conntrack_perf.txt)
CONNTRACK_MAX = 2876 * 64 = 184064
HASHSIZE = 2876 * 8 = 23002
But the near power of 2 is 2^16 = 131072
2002 May 13
3
RE: [Shorewall-users] SMTP outbound problem (fwd)
I think we should add an FAQ entry for tcp_ecn.
I remember Tom giving a good description in one of his many responses
and there is mention of it in the pptp page, but I could not find the
response from Tom about different tcp stacks.
Thanks,
--
Steve Herber herber@thing.com work: 206-261-0307
Systems Engineer, AMCIS, UoW home: 425-454-2399
---------- Forwarded message ----------
Date: Sat,
2007 Apr 03
3
ipp2p: error loading kernel module
Hi,
I get this error when trying to insmod the ipp2p kernel module:
"insmod: error inserting ''ipt_ipp2p.ko'': -1 Invalid module format"
in the kernel log: "ipt_ipp2p: disagrees about version of symbol
struct_module"
Kernel version 2.6.20.4
iptables version: 1.3.5
ipp2p version: 0.8.2 (latest)
Anyone tried ipp2p with kernel 2.6.20?
Best Regards Niclas
2007 Mar 14
6
ipp2p problems
Hello list,
I''m newbie in this list. Well, i''m going crazy with ipp2p.
Googling i find a mini-howto but i''ve got problems.
1) Download:
* iptables-dev (apt-get)
* kernel-headers-2.x.x (your kernel, "uname -r")
* src of your iptables (iptables -V and apt-get source)
* ipp2p-0.8.0.tar.gz (stable)
2) untar ipp2p and cd ipp2p
3) Edit Makefile, if it''s
2005 May 30
23
ipp2p problems
Hi all,
I have found problems in p2p traffic detection. The ipp2p module works
fine but in shorewall the rules written for this protocols never match
because the initials p2p connection (login) match in ''-m state --state
RELATED,ESTABLISHED -j ACCEPT'' rule before ''-m ipp2p --ipp2p -j DROP''
rule, so netfilter never filter p2p traffic. I have had to run
2007 Oct 06
7
ipp2p segmentation fault
Hi all.
On Sep 26th I decided to try and get ipp2p working on my machine that acts as a gateway for my Internet connection.
This machine is running Debian.
I performed the install by doing the following steps:
- I installed the Debian package called linux-source-2.6.22 for my Linux kernel source and unpacked the resulting tar.bz2 file.
- From the netfilter.org site I downloaded the following
2003 Mar 08
1
Shorewall suggestions
Just a note to mention that I have been using the RC1 release at work
for a simple one interface firewall. No problems that I have seen.
We use Solaris, AIX, Tru64, and Linux in my group at the U of W.
I know some IP filter package is available on Solaris and Tru64. On the
Tru64 system you can configure an interface with a list of cidr notation
subnets to accept or deny access. I reformatted
2003 Mar 23
5
Shorewall 1.4.1a
Rather than have lots of folks downloading a version with a broken ''check''
command, I''ve released 1.4.1a that corrects the problem.
Sorry for the back-to-back releases today...
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://shorewall.sf.net
Washington USA \ teastep@shorewall.net
2003 Feb 21
2
Shorewall 1.4 will require the iproute package
Subject says it all...
-Tom
--
Tom Eastep \ Shorewall - iptables made easy
Shoreline, \ http://www.shorewall.net
Washington USA \ teastep@shorewall.net
2006 Aug 14
2
enable p2p to some host (ipp2p)
Hi
I using ipp2p to block p2p traffic.
How to enable to use p2p to me host in my net ?
I using this setup:
iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -j DROP
This setup:
iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul
--ares -d ! mynet -j DROP
iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul
--ares -s ! mynet -j DROP
not
2006 May 01
1
Traffic Shaping with Shorewall
Does anyone here implement traffic shaping with shorewall? I need to shape
BitTorrent traffic on my network so that upload/downloads do not overwhelm
normal function or, even more importantly, my imminent conversion to VOIP for
all telephone service. I followed the shorewall documentation guide but am
not sure if what I have done is the Right Way Of Doing Things. Nor am I
satsified with the