SSCR Internet Admin wrote:
It seems that I am observing now, 90% of torrent downloads are not
connecting... I guess I would try several days, if these active connecting
torrent can actually connect... This is somewhat useful as of now on my
opinion, it cuts down torrent access...
As would redirecting all traffic to /dev/null
At present you are using a large memory/cpu-using process (squid) as a
cheap blackhole.
Squid is just receiving many requests it cant hanlde and drops almost
immediately. There is other software available much better suited to
that than squid.
My point about REDIRECT/DNAT is the kernel-level differences between
DNAT and REDIRECT that allow transparent mode to operate better with
REDIRECT. Torrents still remain an unknown method to current generations
of squid regardless of how they reach squid.
Amos
-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx]
Sent: Tuesday, October 23, 2007 3:22 PM
To: SSCR Internet Admin
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: Re: For admins that wanted to stop torrent downloads
SSCR Internet Admin wrote:
Hi,
I am experimenting on how to stop torrent downloads, but when a torrent
client already established a connection, it don't drop the packets at all.
I hope someone could share a thought or two about my approach....
1. Run squid on transparent mode
2. I run this iptables command...
#Reroute all ports to port 3128
$IPT -t nat -I PREROUTING -i $INT -p tcp --dport 80 -j DNAT --to
192.168.100.1:3128
Target to use is REDIRECT not DNAT.
Or on systems with appropriately patched kernel TPROXY target is available.
<snip remaining list of ports>
4. I have found this logs on cache.log
2007/10/23 13:47:42| parseHttpRequest: Requestheader contains NULL
characters
2007/10/23 13:47:42| parseHttpRequest: Unsupported method 'BitTorrent'
2007/10/23 13:47:42| clientReadRequest: FD 137 (192.168.100.61:3907)
Invalid
Request
2007/10/23 13:47:43| parseHttpRequest: Requestheader contains NULL
characters
2007/10/23 13:47:43| parseHttpRequest: Unsupported method 'BitTorrent'
2007/10/23 13:47:43| clientReadRequest: FD 89 (192.168.100.61:3908)
Invalid
Request
2007/10/23 13:47:43| parseHttpRequest: Requestheader contains NULL
characters
2007/10/23 13:47:43| parseHttpRequest: Unsupported method 'BitTorrent'
2007/10/23 13:47:43| clientReadRequest: FD 152 (192.168.100.61:3909)
Invalid
I don't know if these experiment also exist, but it's a good way, maybe
someone could make a patch that blocks torrents or p2p apps based on the
cache.log results.
Better yet. The dev team is looking for somebody interested in adding
full Torrent support to squid.
That would entail adding settings and ACL to configure access/denial
properly.
Amos