- Posts: 7
- Thank you received: 0
IpCop help
- TheHarlequin
- Offline
- New Member
Less
More
19 years 1 month ago #10419
by TheHarlequin
Replied by TheHarlequin on topic Re: IpCop help
DaLight - i hope so; currently free memory stands @ 8.45% and, being a fearful windows user for so long, low memory = crashes = whining from the top brass..
19 years 1 month ago #10420
by DaLight
Replied by DaLight on topic Re: IpCop help
I had problems with this particular IPCOP when I first installed it. It would crash about once or twice a week. In fact it crashed once while I was away on my wedding anniversary in Scotland :x :x Anyway when I got back to work I took it apart and replaced both NICs and it has not crashed once since then. That was almost two years ago. So it may be worth checking your hardware if you're getting regular crashes.
19 years 1 month ago #10422
by nske
Replied by nske on topic Re: IpCop help
No worries about the memory percentages, like DaLight said it is a common policy of the linux kernel to use as much as possible for caching, if it is required for an application it will be automatically released.
19 years 1 month ago #10605
by stanyo
Replied by stanyo on topic Re: IpCop help
Hi again. I continue to search for solution and discover p2pblock.
mh-lantech.css-hamburg.de/ipcop/download.php?view.103
It block Emule, KaZaa, Gnutella, DirectConnect, Bittorrent, over the GUI. There is a site in the Webinterface in which you could choose, which protocolls to block. I think to better to set lowest priority to p2p protocols or block them completely...so i instal l7-filter and do this:
#!/bin/sh
/sbin/iptables -t mangle -I PREROUTING 1 -j MARK --set-mark 4
#
# beschraenkte (gedrosselte) Protokolle
#
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto fasttrack -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto bittorent -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto edonkey -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto directconnect -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto gnutella -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto winmx -j MARK --set-mark 3
#
# wichtige protokolle und UDP bis zur vollen Bandbreite zulassen
#
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto imap -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto dns -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto smtp -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto pop3 -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto ssh -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto ftp -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 2
but it's not work. Any help ? After
/etc/rc.d/rc.firewall restart
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for bittorent.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for winmx.
iptables v1.2.11: Couldn't find a pattern definition file for bittornado.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for p2p.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for bittorent.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for winmx.
iptables v1.2.11: Couldn't find a pattern definition file for bittornado.
iptables v1.2.11: Couldn't find a pattern definition file for abc.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for p2p.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for bittorent.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for winmx.
iptables v1.2.11: Couldn't find a pattern definition file for bittornado.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for p2p.
please help!!!
mh-lantech.css-hamburg.de/ipcop/download.php?view.103
It block Emule, KaZaa, Gnutella, DirectConnect, Bittorrent, over the GUI. There is a site in the Webinterface in which you could choose, which protocolls to block. I think to better to set lowest priority to p2p protocols or block them completely...so i instal l7-filter and do this:
#!/bin/sh
/sbin/iptables -t mangle -I PREROUTING 1 -j MARK --set-mark 4
#
# beschraenkte (gedrosselte) Protokolle
#
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto fasttrack -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto bittorent -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto edonkey -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto directconnect -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto gnutella -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto winmx -j MARK --set-mark 3
#
# wichtige protokolle und UDP bis zur vollen Bandbreite zulassen
#
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto imap -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto dns -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto smtp -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto pop3 -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto ssh -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto ftp -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 2
but it's not work. Any help ? After
/etc/rc.d/rc.firewall restart
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for bittorent.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for winmx.
iptables v1.2.11: Couldn't find a pattern definition file for bittornado.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for p2p.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for bittorent.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for winmx.
iptables v1.2.11: Couldn't find a pattern definition file for bittornado.
iptables v1.2.11: Couldn't find a pattern definition file for abc.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for p2p.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for bittorent.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for winmx.
iptables v1.2.11: Couldn't find a pattern definition file for bittornado.
iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for p2p.
please help!!!
19 years 1 month ago #10607
by DaLight
Replied by DaLight on topic Re: IpCop help
I've had a quick look at the
L7-filter
website. Looks like a very interesting piece of software. From your error messages it appears that you have not installed L7-filter properly. It cannot find the pattern files (e.g. imap.pat, bittorent.pat), which it expects to find in /etc/l7-protocols/ or /etc/l7-protocols/protocols/. You can also specify an alternative location using the "--l7dir" option with iptables. So you will need to find out where your *.pat files are located.
19 years 1 month ago #10626
by stanyo
Replied by stanyo on topic Re: IpCop help
The *pat files are located in /etc/l7-protocols/protocols.
I not sure where are the right place to put the script.
/etc/rc.d/rc.firewall
I put it after the:
# CUSTOM chains, can be used by the users themselves
/sbin/iptables -N CUSTOMINPUT
/sbin/iptables -A INPUT -j CUSTOMINPUT
/sbin/iptables -N CUSTOMFORWARD
/sbin/iptables -A FORWARD -j CUSTOMFORWARD
/sbin/iptables -N CUSTOMOUTPUT
/sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
/sbin/iptables -t nat -N CUSTOMPREROUTING
/sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
/sbin/iptables -t nat -N CUSTOMPOSTROUTING
/sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
Is this correct ?
I not sure where are the right place to put the script.
/etc/rc.d/rc.firewall
I put it after the:
# CUSTOM chains, can be used by the users themselves
/sbin/iptables -N CUSTOMINPUT
/sbin/iptables -A INPUT -j CUSTOMINPUT
/sbin/iptables -N CUSTOMFORWARD
/sbin/iptables -A FORWARD -j CUSTOMFORWARD
/sbin/iptables -N CUSTOMOUTPUT
/sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
/sbin/iptables -t nat -N CUSTOMPREROUTING
/sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
/sbin/iptables -t nat -N CUSTOMPOSTROUTING
/sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING
Is this correct ?
Time to create page: 0.146 seconds