IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.85 MB
Powered by
Channel Info
Network: freenodeChannel: #iptables |
Search in www.irclog.org
Log from #iptables at freenode 2006-05-26
Pages: 1
[20:47]<efyfjr>hi there
[20:47]<efyfjr>having some problems with my iptables rules
[20:48]<efyfjr>I'm trying to deny P2P to my users
[20:48]<efyfjr>using some L7 filters
[20:48]<efyfjr>but my router has chillispot that uses tun0 interface
[20:49]<efyfjr>my guess is that the rules only apply to direct connections and not from the tun0 interface
[20:49]<efyfjr>how can I correct this?
[21:01]<jdrd>Epilog: have similar probs but i want only to priorise this
[21:02]<efyfjr>omay: I want to get rid of all P2P traffic
[21:02]<efyfjr>in my router
[21:02]<efyfjr>its a hotspot project I have
[21:02]<jdrd>Epilog: i would suggest to drop all of them with ipp2p
[21:02]<efyfjr>omay: already done
[21:03]<efyfjr>but I keep getting a lot of traffic
[21:03]<jdrd>don't work?
[21:03]<jdrd>... that's also my problem too, i set the rulez but they do nothing
[21:03]<efyfjr>I suspect, since I have chillispot in the router, that the traffic is getting through suing the tun0 interface that chilli uses
[21:03]<efyfjr>and passing my firewall rules
[21:04]<jdrd>copy your rulez for this interface?
[21:05]<efyfjr>omay: can you take a look at my rules?
[21:06]<jdrd>Epilog: i can but i am a noob too :D
[21:06]<efyfjr>omay: one sec. I'll post it in pastebin
[21:06]<jdrd>i am trying all the time but i can't get my ssh work if some torrents are on :(
[21:08]<efyfjr>http://pastebin.com/739764
[21:11]<jdrd>hm no drop rulez on OUTPUT?
[21:11]<efyfjr>omay: http://pastebin.com/739771
[21:11]<efyfjr>the advgrp_1/2 is not being called
[21:12]<efyfjr>Chain advgrp_1 (0 references)
[21:13]<jdrd>have no idea about your advgrp's ;)
[21:13]<jdrd>i would drop all p2p forwarded packets
[21:13]<jdrd>if this only a router
[21:14]<jdrd>iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -j DROP ?
[21:15]<efyfjr>in line 22 of the rules, The first rule of forward is,
[21:15]<efyfjr>Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
[21:15]<efyfjr> pkts bytes target prot opt in out source destination
[21:15]<efyfjr>15041 634K ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0 state NEW
[21:15]<efyfjr>and after some other rules
[21:16]<efyfjr>I get the lan2wan group that calls the grp_1 and grp_2
[21:16]<efyfjr>but never
[21:16]<efyfjr>the advgrp_1 that has the ipp2p
[21:18]<jdrd>the router should drop all forwarded p2p packets with this line, no matter where they are from
[21:20]<efyfjr>so I guess I should call a "-I FORWARD -p tcp -m ipp2p --ipp2p -j DROP"
[21:21]<efyfjr>I should do a insert "-I" after chillispot has stated
[21:21]<efyfjr>started
[21:30]<jdrd>does anybody have a working shaping solution for torrents?
[21:53]<efyfjr>I think I got it
[21:54]<efyfjr>chillispot has a way to execute a script when ever the tun0 interface is up
[21:54]<efyfjr>I added a -I FORWARD -i tun0 ... rule
[21:54]<efyfjr>and I think I'm getting some results
[21:55]<efyfjr>Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
[21:55]<efyfjr> pkts bytes target prot opt in out source destination
[21:55]<efyfjr> 2022 264K DROP all -- tun0 * 0.0.0.0/0 0.0.0.0/0 ipp2p v0.8.1_rc1 --ipp2p
[21:55]<efyfjr>22109 980K ACCEPT all -- tun0 * 0.0.0.0/0 0.0.0.0/0 state NEW
[22:16]<zznszzyj>and to skype ? any solution ? :P
[22:46]<-- dvxn|syzzzyus xzs>http://www.bagdadsoftware.de")
Pages: 1
