Szymon Mroofka пишет:
Hi,
I have simple question about Skype. What are the methods of selecting packets
which belongs to Skype??
I know about 7layer but I don't belive that is only way.
Is 7layer realy good and stable solution for routers which must handle more
than 1000 users ?
Hi everybody!
I use Layer-7 filter for hook packets like this :
$ipt -t mangle -N SKYPE
$ipt -t mangle -A SKYPE -j MARK --set-mark 41
$ipt -t mangle -A SKYPE -j LOG --log-prefix "IPT. SKYPE: " --log-ip-options
$ipt -t mangle -A SKYPE -j IMQ
....
....
....
$ipt -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols
--l7proto dns -j DNS
...
$ipt -t mangle -A PREROUTING -m layer7 --l7dir /etc/l7-protocols
--l7proto skypetoskype -j SKYPE
...
$ipt -t mangle -A PREROUTING -j OTHER
the iptables -t mangle -L PREROUTING -n -v show it's correct,
but I see in LOG and see this:
Aug 23 10:57:16 gate kernel: IPT. SKYPE: IN=eth0 OUT= MAC=xx:xx:...xx
SRC=10.10.0.114 DST=10.10.0.1 LEN=140 TOS=0x04 PREC=0x00 TTL=64 ID=0
PROTO=UDP SPT=162 DPT=162 LEN=120
etc...
grep 162 /etc/services
snmp-trap 162/tcp snmptrap # Traps for SNMP
snmp-trap 162/udp snmptrap # Traps for SNMP
it's not SKYPE, i think .... it is normal?
my kernel 2.6.15, iptables v 1.3.5 all pathced, all modules is load.
thx.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
