-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Here is my config
iptables -t mangle -i eth2 -A PREROUTING -j CONNMARK --restore-mark
iptables -t mangle -i eth2 -A PREROUTING -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -i eth2 -A PREROUTING -p icmp -j MARK --set-mark 4
iptables -t mangle -i eth2 -A PREROUTING -p tcp -m ipp2p --ipp2p -j MARK --set-mark 2
iptables -t mangle -i eth2 -A PREROUTING -p tcp -m ipp2p --ipp2p-data -j MARK --set-mark 2
iptables -t mangle -i eth2 -A PREROUTING -p tcp --dport 1214 -j MARK --set-mark 2
iptables -t mangle -i eth2 -A PREROUTING -p tcp -m string --string X-Kazaa -j MARK --set-mark 2
iptables -t mangle -i eth2 -A PREROUTING -p tcp --dport 2234 -j MARK --set-mark 2
iptables -t mangle -i eth2 -A PREROUTING -p udp --dport 53 -j MARK --set-mark 1
iptables -t mangle -i eth2 -A PREROUTING -p tcp --dport 80 -m string ! --string X-Kazaa -j MARK --set-mark 1
iptables -t mangle -i eth2 -A PREROUTING -p tcp --dport 25 -j MARK --set-mark 1
iptables -t mangle -i eth2 -A PREROUTING -p tcp --dport 0:1024 -j MARK --set-mark 1
iptables -t mangle -i eth2 -A PREROUTING -p udp --dport ! 53 -j MARK --set-mark 2
iptables -t mangle -i eth2 -A PREROUTING -p tcp --dport 1863 -j MARK --set-mark 1
iptables -t mangle -i eth2 -A PREROUTING -p tcp -d 0/0 --sport 80 -j MARK --set-mark 5
iptables -t mangle -i eth2 -A PREROUTING -m mark --mark 0 -j MARK --set-mark 2
iptables -t mangle -i eth2 -A PREROUTING -j CONNMARK --save-mark
ipt_ipp2p 2656 0 (unused)
Thats my module working...
0 0 MARK tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 ipp2p v0.5a --ipp2p MARK set 0x2
0 0 MARK tcp -- eth2 * 0.0.0.0/0 0.0.0.0/0 ipp2p v0.5a --ipp2p-data MARK set 0x2
And my rules.
There are 100 users, all using p2p, but i have it restricted under my fw, but some get access though port 80... I am currently downloading, and for a day or so, no traffic recognized at all...
I have no messages at my syslog or messages files at all ...
- -----Mensaje original-----
De: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] En nombre de Mike Miller
Enviado el: miércoles, 04 de febrero de 2004 14:32
Para: lartc@xxxxxxxxxxxxxxx
Asunto: RE: limiting p2p
> Hi there, i am having really big troubles setting up ipp2p. I have a
> woody with kernel upgraded to 2.4.20 and iptables 1.2.8. I changed the
> makefile to include these modifications, but still it captures no
> traffic at all.. Do i need to run it under 2.4.18?
Well, for us it was working with all kernels from 2.4.18 on. We are currently struggeling problems with 2.4.24 but not sure if this is a kernel issue since we got a whole new box - investigation will take place soon.
First of all: are you sure there is any P2P traffic occuring at your link? Is the IPP2P rule put at the correct place (PREROUTING of mangle for example)? Go to http://rnvs.informatik.uni-leipzig.de/ipp2p/ documentation page - there are a couple of examples how to use IPP2P.
If this doesn't help come back to me with your setup and ruleset - maybe traffic is accepted somewhere else before IPP2P comes into play.
Regards,
Mike.
- --
GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...) jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel +++
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBQCESMH7diNnrrZKsEQJq4QCbByR7N5bRYmOis4+UHDYkHYlQWbAAn2oD
Ylle5BNIpEkJJiAAFoIwPKsf
=DROl
-----END PGP SIGNATURE-----
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
