I'll tell you what I did to completelly isolate MY bittorrent traffic. In azureus you can tell the program to use a specific IP, so I have two IP's per PC, one for p2p and the other one as the main IP. Then I simply shape traffic from the azureus IP in each PC. Obviously this only works for you, since you wont convince any user to do this, but I found it quite practical if that's what you need. aMule doesn't have the same option, but this traffic is easy to detect. El Martes, 12 de Septiembre de 2006 11:49, K Venkat escribió: > Hi all, > > I'm tring to isolate P2P traffic, specifically BitTorrent, for my QoS > scripts. I can't seem to completely isolate ALL BitTorrent traffic. > > I identify & mark packets and then use tc filters to put them into > appropriate classes. My firewall rules (below) do the markings. My VoIP > boxes' and ICMP traffic get highest priority (mark 1). Then comes DNS, > SSH, and Telnet (mark 2), After this, I try to isolate BitTorrent traffic > (mark 4). If the packet is none of the above, then mark with a default > mark (mark 3). > > I ran my BitTorrent client (uTorrent) for a while, with no other big > uploading application running on my network. My firewall rules and > statistics are below. You can find that a large chunk got marked with 3 > (default mark), apart from marked BitTorrent traffic. I put the LOG target > just to see what traffic it is and SURPRISE ! It was BitTorrent traffic. > > A snippet from my kernel log (from iptables) is below. My PC's IP is > 192.168.1.105 and port 10305 is uTorrent's port. And, other packets not > going out of that port - I confirmed they are from uTorrent by doing this > on a bunch of entries: > > D:\Junk>netstat -nb | grep -A1 1553 > TCP 192.168.1.105:1771 195.23.20.78:21488 ESTABLISHED 4080 > [utorrent.exe] > > D:\Junk> > > I've tried using -m layer7 --l7proto bittorrent and IPP2P's -m > ipp2p --ipp2p. Same effect. > > Kernel version - 2.4.30 > iptables version - v1.3.3 > ipp2p version : v0.8.1_rc1 > vlan1 is my WAN interface. > > FWIW, I'm doing this on my WRT54G V3 router running OpenWRT WhiteRussian > RC5. > > I don't want to put all traffic on high-ports (>1024) into Bulk since I > have a bunch of stuff running on high-ports outside that I access. I just > want to be able to completely isolate P2P/BitTorrent and mark it bulk. > > Any help appreciated. > > Thanks. > > PS. I sent this on Sep 11, 2006 at 3:56 PM. It never showed up in the list > archive. So, reposting. Apologize if this is a repeat. > > > Firewall: > --------- > Chain POSTROUTING (policy ACCEPT 1404K packets, 600M bytes) > pkts bytes target prot opt in out source destination > 1024K 394M QOS_Chain all -- * * 0.0.0.0/0 0.0.0.0/0 > > Chain QOS_Chain (1 references) > pkts bytes target prot opt in out source destination > 6971 1418K MARK all -- * vlan1 192.168.1.107 0.0.0.0/0 > MARK set 0x1 40271 8118K MARK all -- * vlan1 > 192.168.1.111 0.0.0.0/0 MARK set 0x1 0 0 MARK icmp -- > * vlan1 0.0.0.0/0 0.0.0.0/0 icmp type 8 MARK set > 0x1 281 20041 MARK udp -- * vlan1 0.0.0.0/0 0.0.0.0/0 > udp dpt:53 MARK set 0x2 0 0 MARK tcp -- * vlan1 > 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 MARK set 0x2 0 0 MARK > tcp -- * vlan1 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 > MARK set 0x2 47517 9555K RETURN all -- * * 0.0.0.0/0 > 0.0.0.0/0 MARK match !0x0 152K 72M CONNMARK all -- * * > 0.0.0.0/0 0.0.0.0/0 CONNMARK restore 3849 2043K MARK > all -- * * 0.0.0.0/0 0.0.0.0/0 ipp2p > v0.8.1_rc1 --bit MARK set 0x4 49411 28M CONNMARK all -- * * > 0.0.0.0/0 0.0.0.0/0 MARK match 0x4 CONNMARK save 24859 > 32M LOG all -- * vlan1 0.0.0.0/0 0.0.0.0/0 > length 100:65535 MARK match 0x0 LOG flags 0 level 4 prefix `UNMARKED > Packet: ' 29544 32M MARK all -- * vlan1 0.0.0.0/0 > 0.0.0.0/0 MARK match 0x0 MARK set 0x3 > > Kernel log (snippet): > --------------------- > Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1 > SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00 TTL=127 > ID=64569 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK URGP=0 > Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= OUT=vlan1 > SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00 TTL=127 > ID=64570 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK PSH > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64571 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=24.176.137.55 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64572 DF PROTO=TCP SPT=1983 DPT=50001 WINDOW=65320 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=81.178.115.37 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64573 DF PROTO=TCP SPT=1553 DPT=60546 WINDOW=65269 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=195.23.20.78 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64576 DF PROTO=TCP SPT=1771 DPT=21488 WINDOW=64842 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=195.23.20.78 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64577 DF PROTO=TCP SPT=1771 DPT=21488 WINDOW=64842 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=172.158.155.236 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64578 DF PROTO=TCP SPT=1938 DPT=35714 WINDOW=64282 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=172.158.155.236 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64579 DF PROTO=TCP SPT=1938 DPT=35714 WINDOW=64282 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=195.23.20.78 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64580 DF PROTO=TCP SPT=1771 DPT=21488 WINDOW=64842 RES=0x00 ACK > PSH URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=195.23.20.78 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64581 DF PROTO=TCP SPT=1771 DPT=21488 WINDOW=64842 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=81.178.115.37 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64583 DF PROTO=TCP SPT=1553 DPT=60546 WINDOW=65269 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=87.11.229.118 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64584 DF PROTO=TCP SPT=10305 DPT=16224 WINDOW=64396 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=24.176.137.55 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64586 DF PROTO=TCP SPT=1983 DPT=50001 WINDOW=65520 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=24.176.137.55 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64587 DF PROTO=TCP SPT=1983 DPT=50001 WINDOW=65520 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=24.176.137.55 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64588 DF PROTO=TCP SPT=1983 DPT=50001 WINDOW=65520 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=201.66.191.158 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64611 DF PROTO=TCP SPT=1748 DPT=23845 WINDOW=65426 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=201.66.191.158 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64612 DF PROTO=TCP SPT=1748 DPT=23845 WINDOW=65426 RES=0x00 ACK > URGP=0 Sep 11 14:31:01 (none) kern.warn kernel: UNMARKED Packet: IN= > OUT=vlan1 SRC=192.168.1.105 DST=172.158.155.236 LEN=1300 TOS=0x00 PREC=0x00 > TTL=127 ID=64613 DF PROTO=TCP SPT=1938 DPT=35714 WINDOW=64265 RES=0x00 ACK > URGP=0 _______________________________________________ > LARTC mailing list > LARTC@xxxxxxxxxxxxxxx > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
