<br><br><div><span class="gmail_quote">On 6/8/07, <b class="gmail_sendername">Saulo Silva</b> <<a href="mailto:sauloaugustosilva@gmail.com">sauloaugustosilva@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
HI Marcos , <br><br>I tried your rules, but without success . Thank for that help . <br>And , how about ip2pp ? Is this application could do that ? Help me to shape edonkey traffic ??? <br><br>Best Regards, <br><br>Saulo Silva
<br><br><div><span class="gmail_quote">2007/6/8, Marco Aurelio <<a href="mailto:marco.casaroli@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">marco.casaroli@gmail.com</a>>:</span>
<div><span class="e" id="q_1130dfbd7a121257_1"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
l7's edonkey filter does not match all edonkey traffic, it does not<br>match data packets (that you want to shape). It matches however the<br>signaling packets that can be related to data connections.<br><br>I never tried L7 but I think these may help you
<br><br>iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark<br>iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT<br>iptables -t mangle -A PREROUTING -mlayer7 --l7proto edonkey -j MARK --set-mark 2
<br>iptables -t mangle -A PREROUTING -p tcp -m mark --mark 2 -j CONNMARK --save-mark<br><br><br>On 6/8/07, Saulo Silva <<a href="mailto:sauloaugustosilva@gmail.com" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
sauloaugustosilva@gmail.com</a>> wrote:<br>> Hi All ,
<br>><br>> My first message and I have a little problem with my FC6 box trying to block<br>> emule traffic using layer7 .<br>><br>> Here my network :<br>><br>> Internet --------- ADSL Router ------------------- FC6 Box
<br>> -------------------- Emule Box<br>><br>> external ADSL : Dynamic<br>> Internal ADSL : <a href="http://192.168.254.1" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.254.1
</a><br>><br>> external FC6 : <a href="http://192.168.254.3" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.254.3
</a><br>> internal FC6 : <a href="http://192.168.253.1" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.253.1</a><br>><br>> Emule Box : <a href="http://192.168.253.3" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.253.3</a><br>><br>> I guess that everything is ok with layer7 . Here my mangle rules .
<br>><br>> # iptables -t mangle -A PREROUTING -mlayer7 --l7proto edonkey -j MARK<br>> --set-mark 2<br>> # iptables -t mangle -A PREROUTING -m mark --mark 2 -j LOG --log-prefix<br>> "PREROUTING MARK : "
<br>><br>><br>> iptables -t mangle -A FORWARD -mlayer7 --l7proto edonkey -j MARK --set-mark<br>> 2<br>> iptables -t mangle -A FORWARD -m mark --mark 2 -j LOG --log-prefix "FORWARD<br>> MARK : "
<br>><br>> The output from log is :<br>><br>> Jun 8 14:18:46 fs-linux kernel: FORWARD MARK : IN=eth0 OUT=eth1<br>> SRC=<a href="http://203.91.83.127" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
203.91.83.127</a> DST=<a href="http://192.168.253.3" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.253.3
</a> LEN=180 TOS=0x00 PREC=0x00 TTL=105<br>> ID=18725 PROTO=TCP SPT=51674 DPT=4662 WINDOW=16944 RES=0x00 ACK PSH URGP=0<br>><br>> Jun 8 14:18:48 fs-linux kernel: PREROUTING MARK : IN=eth0 OUT=<br>> MAC=00:06:4f:47:ad:e0:00:0f:3d:cc:29:e0:08:00
<br>> SRC=<a href="http://200.209.170.138" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">200.209.170.138</a> DST=<a href="http://192.168.254.3" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.254.3</a> LEN=139 TOS=0x00 PREC=0x00 TTL=115<br>> ID=18002 DF PROTO=TCP SPT=1476 DPT=4662 WINDOW=65535 RES=0x00 ACK PSH URGP=0
<br>> Jun 8 14:18:48 fs-linux kernel: FORWARD MARK : IN=eth0 OUT=eth1 SRC=<br>> <a href="http://200.209.170.138" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">200.209.170.138</a> DST=<a href="http://192.168.253.3" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.253.3</a> LEN=139 TOS=0x00 PREC=0x00 TTL=114
<br>> ID=18002 DF PROTO=TCP SPT=1476 DPT=4662 WINDOW=65535 RES=0x00 ACK PSH URGP=0<br>><br>> Jun 8 14:18:51 fs-linux kernel: PREROUTING MARK : IN=eth0 OUT=<br>> MAC=00:06:4f:47:ad:e0:00:0f:3d:cc:29:e0:08:00 SRC=
<br>> <a href="http://200.244.104.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">200.244.104.10</a> DST=<a href="http://192.168.254.3" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
192.168.254.3</a> LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=7042<br>> PROTO=TCP SPT=50675 DPT=4662 WINDOW=64952 RES=0x00 ACK FIN URGP=0
<br>><br>> Jun 8 14:18:51 fs-linux kernel: FORWARD MARK : IN=eth0 OUT=eth1 SRC=<br>> <a href="http://200.244.104.10" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">200.244.104.10</a> DST=
<a href="http://192.168.253.3" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.253.3</a> LEN=40 TOS=0x00 PREC=0x00 TTL=116 ID=7042
<br>> PROTO=TCP SPT=50675 DPT=4662 WINDOW=64952 RES=0x00 ACK FIN URGP=0<br>><br>> So it's look like mark is working .<br>><br>> So now I use the cbq.init script with that configuration :<br>><br>> cat /etc/sysconfig/cbq/cbq-
0002.emule_in<br>><br>> DEVICE=eth0,100Mbit,10Mbit<br>> RATE=3Kbit<br>> WEIGHT=1Kbit<br>> PRIO=5<br>> BOUNDED=yes<br>> ISOLATED=yes<br>> MARK=2<br>><br>> cat /etc/sysconfig/cbq/cbq-0002.emule_out
<br>> DEVICE=eth1,100Mbit,10Mbit<br>> RATE=3Kbit<br>> WEIGHT=1Kbit<br>> PRIO=5<br>> BOUNDED=yes<br>> ISOLATED=yes<br>> MARK=2<br>><br>> that generate this tc codes .<br>><br>> /sbin/tc qdisc add dev eth0 root handle 1 cbq bandwidth 100Mbit avpkt 3000
<br>> cell 8<br>> /sbin/tc class change dev eth0 root cbq weight 10Mbit allot 1514<br>><br>> /sbin/tc qdisc del dev eth1 root<br>> /sbin/tc qdisc add dev eth1 root handle 1 cbq bandwidth 100Mbit avpkt 3000
<br>
> cell 8<br>> /sbin/tc class change dev eth1 root cbq weight 10Mbit allot 1514<br>><br>> /sbin/tc class add dev eth0 parent 1: classid 1:2 cbq bandwidth 100Mbit rate<br>> 3Kbit weight 1Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 3000 bounded
<br>> isolated<br>> /sbin/tc qdisc add dev eth0 parent 1:2 handle 2 tbf rate 3Kbit buffer 10Kb/8<br>> limit 15Kb mtu 1500<br>> /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 200 handle 2 fw<br>> classid 1:2
<br>><br>> /sbin/tc class add dev eth1 parent 1: classid 1:2 cbq bandwidth 100Mbit rate<br>> 3Kbit weight 1Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 3000 bounded<br>> isolated<br>> /sbin/tc qdisc add dev eth1 parent 1:2 handle 2 tbf rate 3Kbit buffer 10Kb/8
<br>> limit 15Kb mtu 1500<br>> /sbin/tc filter add dev eth1 parent 1:0 protocol ip prio 200 handle 2 fw<br>> classid 1:2<br>><br>> Can anyone explain me what is wrong . Why I cannot shape this traffic ????
<br>
><br>> Any help will be appreciated .<br>><br>> Best Regards ,<br>><br>> Saulo Silva<br>><br>> _______________________________________________<br>> LARTC mailing list<br>> <a href="mailto:LARTC@mailman.ds9a.nl" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
LARTC@mailman.ds9a.nl</a><br>> <a href="http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
</a><br>><br>><br><br><br>--<br>Marco Casaroli<br>SapucaiNet Telecom
<br>+55 35 34712377 ext 5<br></blockquote></span></div></div><br>
<br>_______________________________________________<br>LARTC mailing list<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:LARTC@mailman.ds9a.nl">LARTC@mailman.ds9a.nl</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc" target="_blank">
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc</a><br><br></blockquote></div>I block all P2P traffic with ipp2p , it works great.<br>iptables -t mangle -i eth0 -A FORWARD -m ipp2p --ipp2p -j DROP<br><br clear="all">
<br>-- <br>[]'s<br>Salatiel<br><br>"O maior prazer do inteligente é bancar o idiota <br> diante de um idiota que banca o inteligente".