Topic: Filtering p2p (FIXED)

[cool34000]

Hi,


I'm trying to make ipp2p fully working with no luck

My config is SME 7.0 (up to date with default repository) in server+gateway mode...
I've downloaded and installed those rpms with no errors :

Code: [Select]

- ipp2p-0.8.0-01.i586.rpm
- e-smith-ipp2p-0.1.0-01.noarch.rpm
- kernel-module-ipp2p-0.8.0-01_2.6.9_42.0.2.EL.i686.rpmaccording to my Kernel version :

Code: [Select]

# uname -a
Linux sme-box 2.6.9-42.0.2.ELsmp #1 SMP Wed Aug 23 00:17:26 CDT 2006 i686 athlon i386 GNU/LinuxThen I've followed this thread and done this :

Code: [Select]

/sbin/e-smith/config setprop masq \
ipp2p-ipp2p tcp \
ipp2p-ares tcp \
ipp2p-apple tcp \
ipp2p-winmx tcp \
ipp2p-soul tcp \
ipp2p-bit tcp
/etc/rc7.d/S36masq restart
signal-event post-upgrade
signal-event rebootI've tryed to download with a bitorrent client (Azureus) and ipp2p didn't drop the traffic at all...

So I went to www.ipp2p.org for some infos & some tweaks.
Here's what I've tryed :
- Modifying the template /etc/e-smith/templates/etc/rc.d/init.d/masq/38ipp2p

Code: [Select]

   ipp2p=$(/sbin/e-smith/config getprop masq ipp2p-ipp2p)
    edk=$(/sbin/e-smith/config getprop masq ipp2p-edk)
    kazaa=$(/sbin/e-smith/config getprop masq ipp2p-kazaa)
    gnu=$(/sbin/e-smith/config getprop masq ipp2p-gnu)
    dc=$(/sbin/e-smith/config getprop masq ipp2p-dc)
    bit=$(/sbin/e-smith/config getprop masq ipp2p-bit)
    apple=$(/sbin/e-smith/config getprop masq ipp2p-apple)
    winmx=$(/sbin/e-smith/config getprop masq ipp2p-winmx)
    soul=$(/sbin/e-smith/config getprop masq ipp2p-soul)
    ares=$(/sbin/e-smith/config getprop masq ipp2p-ares)


    if [ $ipp2p = "tcp" ]; then
       /sbin/iptables --append FORWARD -p tcp -m ipp2p --ipp2p -j denylog
    fi
    if [ $ipp2p = "both" ]; then
       /sbin/iptables --append FORWARD -m ipp2p --ipp2p -j denylog
    fi
    if [ $edk = "tcp" ]; then
       /sbin/iptables --append FORWARD -p tcp -m ipp2p --edk -j denylog
    fi
    if [ $edk = "both" ]; then
       /sbin/iptables --append FORWARD -m ipp2p --edk -j denylog
    fi
    if [ $kazaa = "tcp" ]; then
       /sbin/iptables --append FORWARD -p tcp -m ipp2p --kazaa -j denylog
    fi
    if [ $kazaa = "both" ]; then
       /sbin/iptables --append FORWARD -m ipp2p --kazaa -j denylog
    fi
    if [ $gnu = "tcp" ]; then
       /sbin/iptables --append FORWARD -p tcp -m ipp2p --gnu -j denylog
    fi
    if [ $gnu = "both" ]; then
       /sbin/iptables --append FORWARD -m ipp2p --gnu -j denylog
    fi
    if [ $dc = "tcp" ]; then
      /sbin/iptables --append FORWARD -p tcp -m ipp2p --dc -j denylog
    fi
    if [ $bit = "tcp" ]; then
       /sbin/iptables --append FORWARD -p tcp -m ipp2p --bit -j denylog
    fi
    if [ $bit = "both" ]; then
       /sbin/iptables --append FORWARD -m ipp2p --bit -j denylog
    fi
    if [ $apple = "tcp" ]; then
       /sbin/iptables --append FORWARD -p tcp -m ipp2p --apple -j denylog
    fi
    if [ $apple = "both" ]; then
       /sbin/iptables --append FORWARD -m ipp2p --apple -j denylog
    fi
    if [ $winmx = "tcp" ]; then
       /sbin/iptables --append FORWARD -p tcp -m ipp2p --winmx -j denylog
    fi
    if [ $winmx = "both" ]; then
       /sbin/iptables --append FORWARD -m ipp2p --winmx -j denylog
    fi
    if [ $soul = "tcp" ]; then
      /sbin/iptables --append FORWARD -p tcp -m ipp2p --soul -j denylog
    fi
    if [ $soul = "both" ]; then
      /sbin/iptables --append FORWARD -m ipp2p --soul -j denylog
    fi
    if [ $ares = "tcp" ]; then
      /sbin/iptables --append FORWARD -p tcp -m ipp2p --ares -j denylog
    fi
    if [ $ares = "both" ]; then
      /sbin/iptables --append FORWARD -m ipp2p --ares -j denylog
    fiI expanded the template and restarted masq :

Code: [Select]

expand-template /etc/rc.d/init.d/masq
service masq restart- Then I created the missing files in '/root/addons/ipp2p/db/' just like the others for edk, kazaa, gnu and dc
These files only contains

Code: [Select]

disabled

- Finally, I tryed that :

Code: [Select]

/sbin/e-smith/config setprop masq \
ipp2p-ipp2p both \
ipp2p-edk both \
ipp2p-kazaa both \
ipp2p-gnu both \
ipp2p-dc tcp \
ipp2p-bit both \
ipp2p-apple tcp \
ipp2p-winmx tcp \
ipp2p-soul tcp \
ipp2p-ares tcp
/etc/rc7.d/S36masq restartwitch gave me :

Code: [Select]

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
Masq config seems to be ok :

Code: [Select]

# config show masq
masq=service
    DenylogTarget=drop
    Logging=most
    Stealth=no
    TCPMinimizeDelay=22
    Trace=disabled
    ipp2p-apple=tcp
    ipp2p-ares=tcp
    ipp2p-bit=both
    ipp2p-dc=tcp
    ipp2p-edk=both
    ipp2p-gnu=both
    ipp2p-ipp2p=both
    ipp2p-kazaa=both
    ipp2p-soul=tcp
    ipp2p-winmx=tcp
    pptp=yes
    status=enabledThis seems to work also :

Code: [Select]

#config getprop masq ipp2p-edk
both

Any ideas why this isn't working ? I'm really stuck !

[william_syd]

ipp2p-0.8.0-01.i586.rpm

Where did you get that from ?

[cool34000]

Oups
Man, I spent all night on it !
Looks like a big mistake to me now ! I thought I had downloaded the i686 rpm version...
Furthermore, I missed another rpm : kernel-smp-module-ipp2p-0.8.0-01_2.6.9_42.0.2.EL.i686.rpm


So here's the simply working howto :
download
 - ipp2p-0.8.0-01.i686.rpm from here
 - e-smith-ipp2p-0.1.0-01.noarch.rpm from here
 - kernel-module-ipp2p-0.8.0-01_2.6.9_42.0.2.EL.i686.rpm from here
 - kernel-smp-module-ipp2p-0.8.0-01_2.6.9_42.0.2.EL.i686.rpm from here

Code: [Select]

#rpm -Uvh *.rpm
#/sbin/e-smith/config setprop masq ipp2p-ipp2p both ipp2p-bit both ipp2p-apple tcp ipp2p-winmx tcp ipp2p-soul tcp ipp2p-ares tcp
#/etc/rc7.d/S36masq restart
#signal-event post-upgrade; signal-event rebootAfter the reboot, all unwanted p2p traffic was dropped

4 f***ing lines, I bet I should go to bed now !

[stefan_gk]

So here's the simply working howto :
download
 - ipp2p-0.8.0-01.i686.rpm from here
 - e-smith-ipp2p-0.1.0-01.noarch.rpm from here
 - kernel-module-ipp2p-0.8.0-01_2.6.9_42.0.2.EL.i686.rpm from here
 - kernel-smp-module-ipp2p-0.8.0-01_2.6.9_42.0.2.EL.i686.rpm

I think that the correct links for downloading are:
 - ipp2p-0.8.0-01.i686.rpm from here
 - e-smith-ipp2p-0.1.0-01.noarch.rpm from here
 - kmod-ipp2p-0.8.0-1.2.6.9_42.0.3.EL.i686.rpm from here
 - kmod-ipp2p-smp-0.8.0-1.2.6.9_42.0.3.EL.i686.rpm from here

as far the link are broken ...

[cool34000]

It seems that rpms have been updated since this week end !

Nevertheless, I think the last 2 rpms are not for SME as they are for kernel 2.6.9_42.0.3.EL (SME is 2.6.9_42.0.2.EL).

[cool34000]

SME 7.1 is released... New Kernel for SME 7 (2.6.9_42.0.3.EL) means new kernel modules for ipp2p...

Upgrade your rpms !