Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me

TOPIC: IpCop help

Re: IpCop help 13 years 5 months ago #10419

DaLight - i hope so; currently free memory stands @ 8.45% and, being a fearful windows user for so long, low memory = crashes = whining from the top brass..

Re: IpCop help 13 years 5 months ago #10420

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
I had problems with this particular IPCOP when I first installed it. It would crash about once or twice a week. In fact it crashed once while I was away on my wedding anniversary in Scotland :x :x Anyway when I got back to work I took it apart and replaced both NICs and it has not crashed once since then. That was almost two years ago. So it may be worth checking your hardware if you're getting regular crashes.

Re: IpCop help 13 years 5 months ago #10422

  • nske
  • nske's Avatar
  • Offline
  • Expert Member
  • Expert Member
  • Posts: 613
  • Thank you received: 0
No worries about the memory percentages, like DaLight said it is a common policy of the linux kernel to use as much as possible for caching, if it is required for an application it will be automatically released.

Re: IpCop help 13 years 5 months ago #10605

  • stanyo
  • stanyo's Avatar Topic Author
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 20
  • Thank you received: 0
Hi again. I continue to search for solution and discover p2pblock.

mh-lantech.css-hamburg.de/ipcop/download.php?view.103

It block Emule, KaZaa, Gnutella, DirectConnect, Bittorrent, over the GUI. There is a site in the Webinterface in which you could choose, which protocolls to block. I think to better to set lowest priority to p2p protocols or block them completely...so i instal l7-filter and do this:

#!/bin/sh
/sbin/iptables -t mangle -I PREROUTING 1 -j MARK --set-mark 4
#
# beschraenkte (gedrosselte) Protokolle
#
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto fasttrack -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto bittorent -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto edonkey -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto directconnect -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto gnutella -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto winmx -j MARK --set-mark 3
#
# wichtige protokolle und UDP bis zur vollen Bandbreite zulassen
#
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto imap -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto dns -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto smtp -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto pop3 -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto ssh -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto ftp -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 2


but it's not work. Any help ? After
/etc/rc.d/rc.firewall restart


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for bittorent.


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for winmx.

iptables v1.2.11: Couldn't find a pattern definition file for bittornado.


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for p2p.

iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for bittorent.


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for winmx.

iptables v1.2.11: Couldn't find a pattern definition file for bittornado.

iptables v1.2.11: Couldn't find a pattern definition file for abc.


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for p2p.

iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for bittorent.


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for winmx.

iptables v1.2.11: Couldn't find a pattern definition file for bittornado.


iptables: No chain/target/match by that name
iptables v1.2.11: Couldn't find a pattern definition file for p2p.


please help!!!

Re: IpCop help 13 years 5 months ago #10607

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
I've had a quick look at the L7-filter website. Looks like a very interesting piece of software. From your error messages it appears that you have not installed L7-filter properly. It cannot find the pattern files (e.g. imap.pat, bittorent.pat), which it expects to find in /etc/l7-protocols/ or /etc/l7-protocols/protocols/. You can also specify an alternative location using the "--l7dir" option with iptables. So you will need to find out where your *.pat files are located.

Re: IpCop help 13 years 5 months ago #10626

  • stanyo
  • stanyo's Avatar Topic Author
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 20
  • Thank you received: 0
The *pat files are located in /etc/l7-protocols/protocols.
I not sure where are the right place to put the script.

/etc/rc.d/rc.firewall

I put it after the:
# CUSTOM chains, can be used by the users themselves
/sbin/iptables -N CUSTOMINPUT
/sbin/iptables -A INPUT -j CUSTOMINPUT
/sbin/iptables -N CUSTOMFORWARD
/sbin/iptables -A FORWARD -j CUSTOMFORWARD
/sbin/iptables -N CUSTOMOUTPUT
/sbin/iptables -A OUTPUT -j CUSTOMOUTPUT
/sbin/iptables -t nat -N CUSTOMPREROUTING
/sbin/iptables -t nat -A PREROUTING -j CUSTOMPREROUTING
/sbin/iptables -t nat -N CUSTOMPOSTROUTING
/sbin/iptables -t nat -A POSTROUTING -j CUSTOMPOSTROUTING

Is this correct ?
Time to create page: 0.140 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup