similar to: Shorewall and IPP2P

Hi! Taking into consideration the great speed with which the use of P2P filesharing systems is expanding, is there any plan of including ipp2p and ipt_CONNTRACK support into shorewall? I''m sure that many admins managing gateways would be very happy about it... Thanx, -- Mario R. Pizzolanti <mario@zavood.ee> Zavood O?

Hi.... I''m trying to setup a LAN router with P2P filter but the problem is that can''t "catch" Ares. There is a way to DROP "ares" p2p packets ? I''ve tried with last "ipp2p" snapshot without sucess... I''ve Kernel 2.4.28 iptables 1.3.0 Various Patches from patch-o-matic-ng-20040621 iproute2-ss020116 IMQ Patch Esfq Patch

Hey, one more question for ipp2p iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j MARK --set-mark 7 iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark iptables -t mangle -A DSL-IN -p udp -m ipp2p --ipp2p -j MARK

Hi! I''m trying to get shorewall to work with kernel 2.6.11, but to no avail :( There seems to be some problem with nat, whereupon iptables cannot set it up. Kernel compiled on base of mandrake kernel-source, patched with ipp2p and the ipsec patches from Tom''s contrib. Here''s the error: /sbin/iptables -t nat -A eth2_masq -s 192.168.0.0/23 -d 0.0.0.0/0 -j MASQUERADE

Hi, I tried shorewall 2.2.0-rc4 and 2.2.0-rc5 on 3 different machines (just to be sure it''s not pebkac). The IPP2P support is broken, line like: DROP loc net ipp2p generates: iptables -A loc2net -j DROP that''s _wrong_ :) i have tried playing with debug to no avail, and I''m not that good at bashing... just to be complete, the suggested status.txt from one of the

I am trying to get IPP2P working on my router. Thus far I can see connections being marked (see below), but they don''t seem to get saved or something. When looking at /proc/net/ip_conntrack, nothing has anything other than 0 for mark. The iptables commands for this are: iptables -t mangle -A PREROUTING -j CONNMARK --restore-mark iptables -t mangle -A PREROUTING -m mark ! --mark 0 -j

Hi, I''ve a linux as router nat + firewall (POLICY DROP for INPUT OUTPUT and FORWARD) but, I''ve put next rules for p2p software on FORWARD chain [... snip ... ] iptables -F FORWARD iptables -P FORWARD DROP iptables -A FORWARD -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -p tcp --dport 25 -j ACCEPT [... snip ... ] iptables -A FORWARD -m ipp2p --ipp2p -j ACCEPT iptables -A

Hello, I am trying to shape p2p trafik to 256kbps on my dsl line. I wrote this set of commands: DEV=eth2 ip link set imq0 up tc qdisc add dev imq0 root handle 1:0 htb default 21 r2q 2 tc class add dev imq0 parent 1:0 classid 1:1 htb rate 530kbit tc class add dev imq0 parent 1:1 classid 1:20 htb rate 530kbit ceil 530kbit prio 0 tc class add dev imq0 parent 1:1 classid 1:21 htb rate 64kbit

Hello, I''ve been trying to shape the bittorrent traffic (on my external interface, upload), but without luck, for this I''m using layer7 filter right now, but I''ve also tried ipp2p, with the same results, I might say that this is not a problem with this packet classifiers, the problem is with HTB, here''s why. When I open azureus (the bittorrent client I

Greetings, I''ve searched, found ftwall, and some other commercial solutions, but am wondering if anyone on this list has any solutions using a linux firewall to block p2p traffic, more specifically Kazaa. Walter Wickersham _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

I have two (interconnected) questions: First of all, I''m trying to use IPP2P to classify my P2P traffic and give it a lower network priority. I''ve already successfully built IPP2P into iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but it''s confusing me. Using the documentation for normal tcrules in 3.0

Does anyone here implement traffic shaping with shorewall? I need to shape BitTorrent traffic on my network so that upload/downloads do not overwhelm normal function or, even more importantly, my imminent conversion to VOIP for all telephone service. I followed the shorewall documentation guide but am not sure if what I have done is the Right Way Of Doing Things. Nor am I satsified with the

Hi All , My first message and I have a little problem with my FC6 box trying to block emule traffic using layer7 . Here my network : Internet --------- ADSL Router ------------------- FC6 Box -------------------- Emule Box external ADSL : Dynamic Internal ADSL : 192.168.254.1 external FC6 : 192.168.254.3 internal FC6 : 192.168.253.1 Emule Box : 192.168.253.3 I guess that everything

I`m trying to shape both upload (eth0) and download(eth1). I made this script to acomplishthis but the filters are not working even though the classes and qdiscs are created. What am I doing wrong? #!/bin/bash tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1 htb default 10 r2q 5 tc qdisc del dev eth1 root tc qdisc add dev eth1 root handle 1 htb default 10 r2q 5 tc class add dev

Hello there, I''m having lots of problems with my setup here. Let me explain: I am network administrator for my university dorm. We are about 300 users, and we have 2 ADSL connections doing load balancing with 300kbits upstream and 2Mbit downstream. The load balancing is working great, we are doing connection tracking so I can mark and hence prioritize interactive traffic and ACKS

Hello, its me again, I won''t stop sending emails to this list, until I solve this problem, I''ve tried several apps to create the right htb rules (even made them my self), but I always get the same results, traffic gets shaped, but I can''t use my bandwidth, and this is weird, because I should be able to, also I keep seeing download being limited too, and that

Hello everyone, I want an opinion from people who tryed different matching modules to match diferent types of traffic, especially p2p ones. I would like to hear which scales better as CPU usage and latency : ipp2p, iptables-p2p or l7-filter with the p2p patterns. I want to use one of them to block most of p2p (except maybe dc++ and emule which i want to shape). I would use the matching rules in

Hi, I found that I had some thinking error with the wshaper script. I assigned the bandwith of my DSL connection to it, but the machine where it runs is normally connected to the LAN with 100Mbit behind a separate Hardware-Router.Obviously, the complete connection of the machine was slowed down to 384k because I told it so.I guess, since wshaper takes only one card as argument, I can''t

Hi all, I''m tring to isolate P2P traffic, specifically BitTorrent, for my QoS scripts. I can''t seem to completely isolate ALL BitTorrent traffic. I identify & mark packets and then use tc filters to put them into appropriate classes. My firewall rules (below) do the markings. My VoIP boxes'' and ICMP traffic get highest priority (mark 1). Then comes DNS, SSH,

Im getting into tc. How can I control P2P (peer to peer) traffic??? which filters??? any ideas??? Hugonik