RE: limiting p2p

["GoMi" <gomi@xxxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There it goes, btw..thank you very much ;)

Chain PREROUTING (policy ACCEPT 26236333 packets, 12882098667 bytes)
    pkts      bytes target     prot opt in     out     source               destination
  249121 26462887 CONNMARK   all  --  eth2   *       0.0.0.0/0            0.0.0.0/0          CONNMARK restore
  142502 21317691 ACCEPT     all  --  eth2   *       0.0.0.0/0            0.0.0.0/0          MARK match !0x0
      24    14682 MARK       icmp --  eth2   *       0.0.0.0/0            0.0.0.0/0          MARK set 0x4
       0        0 MARK       tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0          ipp2p v0.5a --ipp2p MARK set 0x2
      27     1296 MARK       tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:1214 MARK set 0x2
       3      144 MARK       tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:2234 MARK set 0x2
     438    33099 MARK       udp  --  eth2   *       0.0.0.0/0            0.0.0.0/0          udp dpt:53 MARK set 0x1
    6712   321889 MARK       tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:80 STRING match !X-Kazaa MARK set 0x1
       0        0 MARK       tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:25 MARK set 0x1
   98629  4733897 MARK       tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0          tcp dpts:0:1024 MARK set 0x1
    2746   133990 MARK       udp  --  eth2   *       0.0.0.0/0            0.0.0.0/0          udp dpt:!53 MARK set 0x2
      95     4560 MARK       tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0          tcp dpt:1863 MARK set 0x1
       0        0 MARK       tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0          tcp spt:80 MARK set 0x5
    4622   221848 MARK       all  --  eth2   *       0.0.0.0/0            0.0.0.0/0          MARK match 0x0 MARK set 0x2
  106580  5143324 CONNMARK   all  --  eth2   *       0.0.0.0/0            0.0.0.0/0          CONNMARK save
  103317  4959216 MARK       tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x02 MARK set 0x3
      15      601 chkack     tcp  --  eth2   *       0.0.0.0/0            0.0.0.0/0          tcp flags:0x16/0x10
  106556  5142172 chgtos     all  --  eth2   *       0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy ACCEPT 116314 packets, 17066648 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 39662528 packets, 15020457598 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 127443 packets, 41248573 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 32254661 packets, 14698686461 bytes)
    pkts      bytes target     prot opt in     out     source               destination

Chain chgtos (1 references)
    pkts      bytes target     prot opt in     out     source               destination
   99134  4770212 TOS        all  --  *      *       0.0.0.0/0            0.0.0.0/0          CONNMARK match 0x1 TOS set 0x10
    7398   357278 TOS        all  --  *      *       0.0.0.0/0            0.0.0.0/0          CONNMARK match 0x2 TOS set 0x08
       0        0 TOS        all  --  *      *       0.0.0.0/0            0.0.0.0/0          CONNMARK match 0x3 TOS set 0x10
       0        0 TOS        all  --  *      *       0.0.0.0/0            0.0.0.0/0          CONNMARK match 0x5 TOS set 0x02
  106556  5142172 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain chkack (1 references)
    pkts      bytes target     prot opt in     out     source               destination
      15      601 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0          length 0:128 MARK set 0x3
       0        0 MARK       all  --  *      *       0.0.0.0/0            0.0.0.0/0          length 128:65535 MARK set 0x2
      15      601 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

- -----Mensaje original-----
De: lartc-admin@xxxxxxxxxxxxxxx [mailto:lartc-admin@xxxxxxxxxxxxxxx] En nombre de Mike Miller
Enviado el: miércoles, 04 de febrero de 2004 17:58
Para: GoMi
CC: lartc@xxxxxxxxxxxxxxx
Asunto: RE:  limiting p2p


>      iptables -t mangle -i eth2 -A PREROUTING -p tcp -m ipp2p --ipp2p 
> -j
> MARK --set-mark 2
>      iptables -t mangle -i eth2 -A PREROUTING -p tcp -m ipp2p 
> --ipp2p-data -j MARK --set-mark 2
There is no need to use --ipp2p and --ipp2p-data on one box. Use --ipp2p only this should be sufficient for most systems. But IPP2P should work with this ruleset anyway.

Please do me a favour and remove both rules containing string matches from your ruleset let it run for a while and give me the full output of "iptables -t mangle -L -n -v -x". I guess you're using Kazaa? Is it a (nat-)router or a bridge?

Regards,
Mike


- -- 
GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...) jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel +++

_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/


-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0

iQA/AwUBQCEwcX7diNnrrZKsEQJP/wCg+tPDcIcUPa8EN/DlaHvn64quoCQAoNd9
9x0EfDRmwAAAS6iR27eaFhE5
=Ltdq
-----END PGP SIGNATURE-----


_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/