Topic: ipp2p and sme 7.1 for P2P filtering

[gdbs]

Hi,

this is the new locationfor ipp2p rpms:

http://mirror.contribs.org/smeserver/releases/7.1/smedev/i386/RPMS/

below, how to install it with a i686 smp kernel:

rpm -Uvh http://mirror.contribs.org/smeserver/releases/7.1/smedev/i386/RPMS/kmod-ipp2p-smp-0.8.0-1.2.6.9_42.0.3.EL.i686.rpm
rpm -Uvh http://mirror.contribs.org/smeserver/releases/7.1/smedev/i386/RPMS/ipp2p-0.8.0-4.el4.sme.i686.rpm  
rpm -Uvh http://mirror.contribs.org/smeserver/contribs//gswallow/sme7/addons-testing/ipp2p/e-smith-ipp2p-0.1.0-01.noarch.rpm


then:

/sbin/e-smith/config setprop masq \
ipp2p-ipp2p tcp \
ipp2p-ares tcp \
ipp2p-apple tcp \
ipp2p-winmx tcp \
ipp2p-soul tcp \
ipp2p-bit tcp

then:

/etc/rc7.d/S36masq restart

finish with a post upgrade/reboot from the manager panel or:

signal-event post-upgrade
signal-event reboot

[william_syd]

Yum is nice.

wget http://mirror.contribs.org/smeserver/contribs//gswallow/sme7/addons-testing/ipp2p/e-smith-ipp2p-0.1.0-01.noarch.rpm
yum --enablerepo=smedev localinstall e-smith-ipp2p-0.1.0-01.noarch.rpm

[gdbs]

what is the difference please?

[stephen noble]

saves one command ?

yum will download and install the dependancies automatically
provided it can find them in a repository you have preconfigured
makes more sense when you have more dependancies

[kryptos]

hi,

i had no problem isntalling with this before. but a couple of weeks it seems the traffict are getting higher. as i check the configuration i found this.

db configuration show masq
masq=service
    DenylogTarget=drop
    Logging=most
    Stealth=no
    Trace=disabled
    ipp2p-apple=disabled
    ipp2p-ares=disabled
    ipp2p-bit=disabled
    ipp2p-ipp2p=disabled
    ipp2p-soul=disabled
    ipp2p-winmx=disabled
    pptp=yes
    status=enabled


I try to configure it again but there is already an error occured like this.

/etc/rc7.d/S36masq restart

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
done

result for uname -a

2.6.9-42.0.8.ELsmp #1 SMP Tue Jan 30 12:33:47 EST 2007 i686 i686 i386 GNU/Linux

[kryptos]

ok i got it...i found the rpms install the kmod-ipp2p-smp. Its working very well right now.

Thanks!

[gdbs]

new packages are on smetest repository... how does it work now?

I think ipp2p can be installed doing this:

yum --enablerepo=smetest install smeserver-ipp2p


but then if I do:

/sbin/e-smith/config setprop masq \
ipp2p-ipp2p tcp \
ipp2p-ares tcp \
ipp2p-apple tcp \
ipp2p-winmx tcp \
ipp2p-soul tcp \
ipp2p-bit tcp

and

etc/rc7.d/S36masq restart
signal-event post-upgrade
signal-event reboot

emule still work!

is there anything to do to make ipp2p work properly?

thx

[jonic]

From bugzilla (bug 2639 - NFR: Include IPP2P)

Properties have moved to the ipp2p service.

[gdbs]

thx for your reply... but so? ipp2p no longer work? do i have to wait the next release to make it work?

[cool34000]

Hi gdbs !

I installed this contrib with yum (with repo smetest temporary enabled)
I have the same problem as yours !
I checked the kmod installed by yum, they look good (same version as my kernel). What's wrong ??? Anyone knows how to fix this ?

[william_syd]

Does jonic's post answer the question ?

Instead of  

config setprop masq \
ipp2p-ipp2p tcp \
ipp2p-ares tcp \
ipp2p-apple tcp \
ipp2p-winmx tcp \
ipp2p-soul tcp \
ipp2p-bit tcp

something like

config set ipp2p service \
ipp2p-ipp2p tcp \
ipp2p-ares tcp \
ipp2p-apple tcp \
ipp2p-winmx tcp \
ipp2p-soul tcp \
ipp2p-bit tcp \
status enabled

Check first if the ipp2p service already exist. I don't know as I don't have it installed.

config show ipp2p

[gdbs]

thx for your help.

It doesn't work for me. emule still work...  

[william_syd]

Your answer is in here

Code: [Select]


    /sbin/iptables --new-chain ipp2p_block
    # Block p2p protocols
{
    foreach $service ('ipp2p','bit','apple','winmx','soul','ares')
    {
$proto = $ipp2p{$service} || 'disabled';
if ( $proto ne 'disabled' ) {
   $OUT .= "    /sbin/iptables -A ipp2p_block ";
   $OUT .= "-p tcp " if $proto eq 'tcp';
   $OUT .= "-p udp " if $proto eq 'udp';
   $OUT .= "-m ipp2p --$service -j denylog\n";
} else {
   $OUT .= "    # ipp2p ($service) disabled\n";
}
    }
}
    # Block p2p traffic at INPUT and FORWARD
    /sbin/iptables --append INPUT -j ipp2p_block
    /sbin/iptables --append FORWARD -j ipp2p_block

and here

Code: [Select]


    /sbin/iptables --flush ipp2p_block
    # Block p2p protocols
{
    foreach $service ('ipp2p','bit','apple','winmx','soul','ares')
    {
$proto = $ipp2p{$service} || 'disabled';
if ( $proto ne 'disabled' ) {
   $OUT .= "    /sbin/iptables -A ipp2p_block ";
   $OUT .= "-p tcp " if $proto eq 'tcp';
   $OUT .= "-p udp " if $proto eq 'udp';
   $OUT .= "-m ipp2p --$service -j denylog\n";
} else {
   $OUT .= "    # ipp2p ($service) disabled\n";
}
    }
}

and you probably need a

Code: [Select]

signal-event remoteaccess-update when your done.

[william_syd]

thx for your help.

It doesn't work for me. emule still work...  

I did say to check this before you did anything.

Code: [Select]

[root@c3 ~]# config show ipp2p
ipp2p=service
    apple=disabled
    ares=disabled
    bit=disabled
    ipp2p=disabled
    soul=disabled
    winmx=disabled
[root@c3 ~]#


So it would be (to fix what you did)

Code: [Select]

config delete ipp2pthen

Code: [Select]

config set ipp2p service \
apple all \
ares all \
bit all \
ipp2p all \
soul  all \
winmx all
or

Code: [Select]

config set ipp2p service \
apple tcp \
ares tcp \
bit tcp \
ipp2p tcp \
soul tcp \
winmx tcp
or

Code: [Select]

config set ipp2p service \
apple udp \
ares udp \
bit udp \
ipp2p udp \
soul  udp \
winmx udp
and maybe

Code: [Select]

signal-event remoteaccess-update

As you can tell, I can't read code.

Results..

Code: [Select]

/sbin/iptables --new-chain ipp2p_block
    # Block p2p protocols
    /sbin/iptables -A ipp2p_block -m ipp2p --ipp2p -j denylog
    /sbin/iptables -A ipp2p_block -m ipp2p --bit -j denylog
    /sbin/iptables -A ipp2p_block -m ipp2p --apple -j denylog
    /sbin/iptables -A ipp2p_block -m ipp2p --winmx -j denylog
    /sbin/iptables -A ipp2p_block -m ipp2p --soul -j denylog
    /sbin/iptables -A ipp2p_block -m ipp2p --ares -j denylog

/sbin/iptables --new-chain ipp2p_block
    # Block p2p protocols
    /sbin/iptables -A ipp2p_block -p tcp -m ipp2p --ipp2p -j denylog
    /sbin/iptables -A ipp2p_block -p tcp -m ipp2p --bit -j denylog
    /sbin/iptables -A ipp2p_block -p tcp -m ipp2p --apple -j denylog
    /sbin/iptables -A ipp2p_block -p tcp -m ipp2p --winmx -j denylog
    /sbin/iptables -A ipp2p_block -p tcp -m ipp2p --soul -j denylog
    /sbin/iptables -A ipp2p_block -p tcp -m ipp2p --ares -j denylog
   
/sbin/iptables --new-chain ipp2p_block
    # Block p2p protocols
    /sbin/iptables -A ipp2p_block -p udp -m ipp2p --ipp2p -j denylog
    /sbin/iptables -A ipp2p_block -p udp -m ipp2p --bit -j denylog
    /sbin/iptables -A ipp2p_block -p udp -m ipp2p --apple -j denylog
    /sbin/iptables -A ipp2p_block -p udp -m ipp2p --winmx -j denylog
    /sbin/iptables -A ipp2p_block -p udp -m ipp2p --soul -j denylog
    /sbin/iptables -A ipp2p_block -p udp -m ipp2p --ares -j denylog

-p, --protocol [!] protocol
              The protocol of the rule or of the packet to check.  The specified protocol can be one of tcp, udp, icmp, or all, or it  can  be  a  numeric
              value,  representing one of these protocols or a different one.  A protocol name from /etc/protocols is also allowed.  A "!" argument before
              the protocol inverts the test.  The number zero is equivalent to all.  Protocol all will match with all protocols and is  taken  as  default
              when this option is omitted

[cool34000]

Hi !

Thanks for your help william_syd, it's always very useful

God bless Australia

[gdbs]

hey col34000 did you get it work? i didn't try since last time because of lack of time...

if you did it, can you post what we have to do exactly after install?

thx

[cool34000]

Hi gdbs


To install ipp2p I just use yum :

Code: [Select]

yum install ipp2p smeserver-ipp2p --enablerepo=smetest
Then to enable it I do :

Code: [Select]

config set ipp2p service ipp2p both bit both apple tcp winmx tcp soul tcp ares tcp status enabled
signal-event post-upgrade
signal-event reboot

Filtering is not as perfect as it was a few month ago with oldest rpms/kernel...
At home, my emule can't connect to a server, but kad can connect in low id  and so, can download (very slowly, not much sources)
Azureus (a bitorrent client) don't find the tracker but can download very slowly.

As you can see this is not perfect, maybe a lack of configuration...
I tryed to set all to both with no more luck (and also 'all' as suggested by william_syd that works also by the way)
I just added the 'status enabled' stuff, maybe that was needed ?

[cool34000]

Hi !

Back with some news...
http://wiki.contribs.org/P2p

Should be better

[gdbs]

thx a lot cool34000!

great news! i can't wait this next version of SME!

[gdbs]

I can't install ipp2p on a fresh install of sme 7.1.3 anymore!

is it normal?

[cool34000]

Hi gdbs


I seems that the rpms will be include in 7.2
I have the same problem, the rpms are not anymore in the repo...

You still can install it if you kept the rpms. If not, I can send you an email with the needed rpms...

[stephen noble]

the rpms won't be in 7.2 base but are available in the smedev repo

[cool34000]

Hi Stephan,

This refers to smeserver-ipp2p which will be available with sme 7.2

OK, so the wiki has to be updated?

Trying to install ipp2p give me this:

# yum install smeserver-ipp2p --enablerepo smedev
==============================================================
WARNING: Additional commands may be required after running yum
==============================================================
Loading "smeserver" plugin
Loading "fastestmirror" plugin
Setting up Install Process
Setting up repositories
Loading mirror speeds from cached hostfile
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Package smeserver-ipp2p.noarch 0:1.0-2.el4.sme set to be updated
--> Running transaction check
--> Processing Dependency: kmod-ipp2p-smp for package: smeserver-ipp2p
--> Processing Dependency: ipp2p for package: smeserver-ipp2p
--> Processing Dependency: kmod-ipp2p for package: smeserver-ipp2p
--> Finished Dependency Resolution
Error: Missing Dependency: kmod-ipp2p-smp is needed by package smeserver-ipp2p
Error: Missing Dependency: ipp2p is needed by package smeserver-ipp2p
Error: Missing Dependency: kmod-ipp2p is needed by package smeserver-ipp2p
================================================================
No new rpms were installed. No additional commands are required.
================================================================

What's the problem then?
Should RPMs be available for SME 7.1.x in smedev or only for 7.2?

[stephen noble]

>OK, so the wiki has to be updated?

yes, but I'm not sure what to
as you found the dependencies have moved...

chat here http://bugs.contribs.org/show_bug.cgi?id=38

[gdbs]

You still can install it if you kept the rpms. If not, I can send you an email with the needed rpms...

Yes thx!  

gratteurdebluesteel_at_free_dot_fr

 

[gdbs]

Any chance to see ipp2p contrib for sme 7.2 soon?

 

[crazybob]

Where did smeserver-ipp2p go? Tried to follow the yum install, and it can't find the rpm. I know it is for 7.1, and that is what is on the box.

Bob

Bob

[crazybob]

Found a copy of it at 
http://distro.ibiblio.org/pub/linux/distributions/smeserver/releases/7/smedev/i386/repodata/repoview/smeserver-ipp2p-0-1.0-2.el4.sme.html
Bob

[Maelvon]

Hello,

It can be used, or it work on a  « 2.6.9-55.0.9.ELsmp » ?

Maelvon

[gdbs]

Hello,

It can be used, or it work on a  « 2.6.9-55.0.9.ELsmp » ?

Maelvon

No it have to be compile for this kernel...

I don't really know how to do it, if someone can do it, it would be great... but i really like to learn how to do it to send new versions after each kernel upgrade...

see bugzilla bug 38 for more details: http://bugs.contribs.org/show_bug.cgi?id=38