Skip to main content

IpCop help

More
18 years 7 months ago #10419 by TheHarlequin
Replied by TheHarlequin on topic Re: IpCop help
DaLight - i hope so; currently free memory stands @ 8.45% and, being a fearful windows user for so long, low memory = crashes = whining from the top brass..
More
18 years 7 months ago #10420 by DaLight
Replied by DaLight on topic Re: IpCop help
I had problems with this particular IPCOP when I first installed it. It would crash about once or twice a week. In fact it crashed once while I was away on my wedding anniversary in Scotland :x :x Anyway when I got back to work I took it apart and replaced both NICs and it has not crashed once since then. That was almost two years ago. So it may be worth checking your hardware if you're getting regular crashes.
More
18 years 7 months ago #10422 by nske
Replied by nske on topic Re: IpCop help
No worries about the memory percentages, like DaLight said it is a common policy of the linux kernel to use as much as possible for caching, if it is required for an application it will be automatically released.
More
18 years 7 months ago #10605 by stanyo
Replied by stanyo on topic Re: IpCop help
Hi again. I continue to search for solution and discover p2pblock.

mh-lantech.css-hamburg.de/ipcop/download.php?view.103

It block Emule, KaZaa, Gnutella, DirectConnect, Bittorrent, over the GUI. There is a site in the Webinterface in which you could choose, which protocolls to block. I think to better to set lowest priority to p2p protocols or block them completely...so i instal l7-filter and do this:

#!/bin/sh
/sbin/iptables -t mangle -I PREROUTING 1 -j MARK --set-mark 4
#
# beschraenkte (gedrosselte) Protokolle
#
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto fasttrack -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto bittorent -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto edonkey -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto directconnect -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto gnutella -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto winmx -j MARK --set-mark 3
#
# wichtige protokolle und UDP bis zur vollen Bandbreite zulassen
#
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto imap -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto dns -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto smtp -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto pop3 -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto ssh -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto ftp -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 2


but it's not work. Any help ? After
/etc/rc.d/rc.firewall restart


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for bittorent.


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for winmx.

iptables v1.2.11: Couldn't find a pattern definition file for bittornado.


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for p2p.

iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for bittorent.


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for winmx.

iptables v1.2.11: Couldn't find a pattern definition file for bittornado.

iptables v1.2.11: Couldn't find a pattern definition file for abc.


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for p2p.

iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for bittorent.


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for winmx.

iptables v1.2.11: Couldn't find a pattern definition file for bittornado.


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for p2p.


please help!!!
More
18 years 7 months ago #10607 by DaLight
Replied by DaLight on topic Re: IpCop help
I've had a quick look at the L7-filter website. Looks like a very interesting piece of software. From your error messages it appears that you have not installed L7-filter properly. It cannot find the pattern files (e.g. imap.pat, bittorent.pat), which it expects to find in /etc/l7-protocols/ or /etc/l7-protocols/protocols/. You can also specify an alternative location using the "--l7dir" option with iptables. So you will need to find out where your *.pat files are located.
More
18 years 7 months ago #10626 by stanyo
Replied by stanyo on topic Re: IpCop help
The *pat files are located in /etc/l7-protocols/protocols.
I not sure where are the right place to put the script.

/etc/rc.d/rc.firewall

I put it after the:
# CUSTOM chains, can be used by the users themselves
/sbin/iptables -N CUSTOMINPUT
/sbin/iptables -A INPUT -j CUSTOMINPUT
/sbin/iptables -N CUSTOMFORWARD
/sbin/iptables -A FORWARD -j CUSTOMFORWARD
/sbin/iptables -N CUSTOMOUTPUT
/sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
/sbin/iptables -t nat -N CUSTOMPREROUTING
/sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
/sbin/iptables -t nat -N CUSTOMPOSTROUTING
/sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING

Is this correct ?
Time to create page: 0.139 seconds