Topic: can i still use ipp2p for p2p blocking, or is there a better way?

[logan]

Good day,
First off, i am not guru of SME yet (but working on it)
Second, i have searched the forums here as far as i could, but i seem to have moved in circles without actually getting anywhere!

I have been instructed to block all p2p such as limewire, emule etc. In my research i found what seems to be the best solution to my problem: http://wiki.contribs.org/P2P_blocking but i don't know where to get it (thus if it is still available for use on SME)
The closest i could get (of all the posts concerning ipp2p) was: http://forums.contribs.org/index.php?topic=35167.0 but all the links in this post resolve to 404 not found. Other posts (most early 2007) with links to rpm or how to's all resolve 404 not found.

So my first request to information would be, is ipp2p still available for use on SME (preferably 7.3) and if so where can i get it?

The other supposed solution is to use Dansguardian: http://wiki.contribs.org/Dansguardian - but here i am not to sure if this is capable of assisting me in blocking p2p activity? And i do not wish to spend many an hour to figure out how to optimize danceguardian only to find out that it does not assist in resolving the issue!?

Any and all insight/info will most greatly be appreciated!

[william_syd]

Good day,
First off, i am not guru of SME yet (but working on it)

--snip--

So my first request to information would be, is ipp2p still available for use on SME (preferably 7.3) and if so where can i get it?

--snip--

Let your journey to becoming a guru begin......

http://bugs.contribs.org/show_bug.cgi?id=38

[besterl]

I am trying to install this on a 7.2 server.

uname -a
Linux firewall 2.6.9-55.0.9.ELsmp #1 SMP Thu Sep 27 18:27:41 EDT 2007 i686 i686 i386 GNU/Linux

I have downloaded and imported the GPG key and added the smenethesis repo.

Command for install as follows:
wget http://smeserver.nethesis.it/releases/RPM-GPG-KEY-nethesis
rpm --import RPM-GPG-KEY-nethesis
yum install ipp2p --enablerepo=smenethesis
This is the result:

Package ipp2p-0.8.0-4.el4.sme.i686.rpm is not signed

This is trying to do it from the prebuilt rpm's from bug 38. I am loathe to try and rebuild it myself

Any ideas please

[logan]

Let your journey to becoming a guru begin......

http://bugs.contribs.org/show_bug.cgi?id=38

it has begun ..... thank you!

I do have one question: (errors tell you something happened somewhere for some reason)
what does the following error mean? 0.o
"Enabling IP masquerading: iptables: No chain/target/match by that name"


I am trying the basic idea of rpm installs for kmod, ipp2p and iptables ..... but this means i mus then figure out how to add the correct rules to masq, but here is where i am gettings snags! ^^

[logan]

ok, i am stuck with something i just know is a simple problem, but i seem to miss that all important piece of info to put it all together.

I have used a rather wide implementation of the RPM installation procedures to get the ipp2p on my SME 7.3. Seems if all is fine.
I have come to understand that i will need to add rules to chains (ex FORWARD) via iptables, and it is here that i fail!

i don't understand iptables and masq well enough, so my explanation may seem a tad off! ^^

i have libipt_ipp2p.so in /lib/iptables
when i attempt to make a rule (a rule described in many an example :: http://www.ipp2p.org/docu_en.html) either via typing in the command or making a template for masq i get the following:

Code: [Select]

[root@netkeeper iptables]# iptables -A FORWARD -m ipp2p --ipp2p -j DROP
iptables: No chain/target/match by that name
[root@netkeeper iptables]#
so i test by typing the following:

Code: [Select]

[root@netkeeper iptables]# iptables -A FORWARD -m ipp2p -j DROP
iptables v1.2.11:
ipp2p-parameter problem: for ipp2p usage type: iptables -m ipp2p --help

Try `iptables -h' or 'iptables --help' for more information.
[root@netkeeper iptables]#
Thus iptables does understand the match to 'ipp2p' and when you view the help they say that a ligit option for ipp2p is '--ipp2p'.
Can anyone explain what the problem might be that it understands the match but not the option provided, or if you know of something else that i must check out with iptables and/masq please, all info is welcome!

[william_syd]

The forum is a poor place to discuss development.

Your better to check out the mailing lists.

http://lists.contribs.org/mailman/listinfo/

[logan]

Thank you!

[besterl]

Hi Logan - I have it installed now.

Had to go and find the e-smith portion here

http://savvylink.com/savvyserver/7/i386/RPMS.savvy-test/e-smith-ipp2p-0.1.0-01.noarch.rpm

and installed the other RPM's manually

It seems to be running now, but I cannot see it blocking anything

My next step is to install a standard 7.2 and see if works on there

My biggest concern is around the config settings - there is a lot of disparity.

Also when I do a  /etc/rc7.d/S36masq restart

I get

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
done

This seems to tell me that all the necessary portions are installed but just needs to be configured properly

[logan]

I get

Shutting down IP masquerade and firewall rules:         Done!

Enabling IP masquerading: iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
done

This seems to tell me that all the necessary portions are installed but just needs to be configured properly

Hi besterl,
i have been struggling with the same issue, it seems that all is installed that must be installed, but it blocks nothing.
The "rules in the chains" need to be set up so that ipp2p is used in the firewall/proxy, and the way to do this is to use iptables. But as i said in an earlier post of mine, setting the rules do not seem to work. I am trying to figure out if i am using iptables command correctly or not!
But i do think that if you set all you need to set using iptables command you will find ipp2p working as it should! (well that is what i hope)

to william_syd,
Thank you for the link to the development mailing list, but i do not think my previous post will be suitable on the mailing list. My question was on how an existing 'element' of the SME works or should be used.
But i am still searching and trying and learning!

[stephen noble]

i have been struggling with the same issue, it seems that all is installed that must be installed, but it blocks nothing.

My question was on how an existing 'element' of the SME works or should be used.

The wiki states clearly that
** The package will need recompiling for SME 7.x before it will work **

no amount of configuring will help

[logan]

ah, a stupid mistake from my side!
I apologize, the enthusiasms of having a possible solution blinded me to the details!