[LARTC] bridge and ipp2p question

Roberto Pereyra pereyra.roberto at gmail.com
Fri Jan 19 15:05:59 CET 2007 

Thanks Marco.

Very  useful  your reply.

Roberto

2007/1/18, Marco Aurelio <marco.casaroli at gmail.com>:
> This is not possible because ipp2p does not match every p2p packet but only
> some essential signaling packets. By filtering these packets, the p2p client
> cannot estabilish connections to transfer data, and that's how it filters
> it.
>
>  Sometimes, ipp2p 'discovers' that this is a p2p related connection after
> the connection has been established, and then drops the signaling packets.
>
>  And since you are not an AS and you have one different address per
> connection, you cannot route packets with a different source address than
> the one the connection has been established.
>
>  I have a different approach on this, it is not a perfect soulution, but it
> work quite well on some enviroments:
>
>  I route all the traffic through one NIC (the garbage p2p connection) and
> then (with iptables or u32) direct the important traffic by port (HTTP, FTP,
> IRC, MSN, DNS, SMTP, POP, etc) through the other NIC (the non-p2p
> connection). Then I filter (with ipp2p) the p2p traffic on the non-p2p NIC
> because some p2p clients try to mask the connections as it were these
> services. This works quite well, but you need to know every service your
> clients use.
>
>  I use this on a router, I never tested this with a bridge, but it may work
> too.
>
>  -- Marco
>
>
> On 1/17/07, Roberto Pereyra <pereyra.roberto at gmail.com> wrote:
> >
> > Hi all !!!
> >
> > I have a firewall bridge (not router) with two nics that filter p2p with
> ipp2p.
> >
> > All works fine but now I need to add a third nic to route all p2p traffic
> > through this nic.
> >
> > It is that possible with a bridge ?
> >
> > Later (with other server) connect to this nic  I do loading balancing
> > with two adsl lines to route all p2p traffic.
> >
> > Any hint ?
> >
> > Any howto ?
> >
> > Thanks in advance.
> >
> > roberto
> >
> >
> > --
> > Ing. Roberto Pereyra
> > ContenidosOnline
> > Looking for Linux Virtual Private Servers ? Click here:
> >
> http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56
> > _______________________________________________
> > LARTC mailing list
> > LARTC at mailman.ds9a.nl
> > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
> >
>
>
>
> --
> Marco


-- 
Ing. Roberto Pereyra
ContenidosOnline
Looking for Linux Virtual Private Servers ? Click here:
http://www.spry.com/hosting-affiliate/scripts/t.php?a_aid=426&a_bid=56

More information about the LARTC mailing list