From: "ThE PhP_KiD" <gregoriandres@yahoo.com.ar>
To: lartc@vger.kernel.org
Subject: [LARTC] limiting p2p
Date: Fri, 07 Nov 2003 15:27:25 +0000 [thread overview]
Message-ID: <marc-lartc-106821892518555@msgid-missing> (raw)
Hi List !
I'm trying excelent module ipt_p2p from Filipe
Almeida in a Linux Box with several connections,
in order to block p2p traffic with next rule:
iptables -L -t filter -m ipt_p2p -j DROP
And results was that the traffic have been reduced
from 1,3 mb to 0,85 mb !!! Excelent !!
how ever, I've noted that after two days running,
that Linux Box (RH 7,2 updated - Kernel 2.4.22
- iptables 1.2.8 with String and ConnMark modules,
Pentium 4, 1.8 Mhz, 256 Mgbytes RAM, and 3c509 eth0,
eth1 and eth2),
begins to drop others packets and a simple ping
look like this:
# ping 192.168.210.3 (by example)
PING 192.168.210.3 (192.168.210.3) from 192.168.210.254 : 56(84) bytes of
data.
64 bytes from 192.168.210.3: icmp_seq=0 ttld timeI9 usec
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
64 bytes from 192.168.210.3: icmp_seq=1 ttld timeG8 usec
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
64 bytes from 192.168.210.3: icmp_seq=2 ttld timeH9 usec
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
Next, the only way to fix this was making a REBOOT.
I've heared similar problems (not with ipt_p2p), and some
one say that next could be works: (in a cron job)
echo -n "Unloading modules.."
rmmod -a
lsmod |grep "ipt_\|ip_\|iptable" |cut -f1 -d\ |xargs rmmod 2>/dev/null &&\
echo "Done!" || echo "failed!"
and some other suggest that I could try a: "iptables clear"
and regenerate IP Tables
From Man:
> ping sendto: operation not permitted
sendto(2) system call failed with errno EPERM,
operation not permitted => reason is in the
local firewall rules, chain OUTPUT.
Otherwise the sendto(2) would have succeeded,
and the error would come in an ICMP error packet.
Have you a clue of this ?
Thank you.
Best Regards.
Andres.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next reply other threads:[~2003-11-07 15:27 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-11-07 15:27 ThE PhP_KiD [this message]
2004-02-02 9:39 ` [LARTC] limiting p2p Michal Kustosik
2004-02-02 10:14 ` Eddie
2004-02-02 11:30 ` Michal Kustosik
2004-02-02 18:27 ` ThE PhP_KiD
2004-02-03 0:01 ` ThE LinuX_KiD
2004-02-03 17:44 ` andybr
2004-02-03 23:52 ` miller69
2004-02-04 12:55 ` GoMi
2004-02-04 13:31 ` Mike Miller
2004-02-04 15:39 ` GoMi
2004-02-04 16:57 ` Mike Miller
2004-02-04 17:48 ` GoMi
2004-02-04 17:49 ` GoMi
2004-02-05 19:05 ` Mike Miller
2004-02-07 14:36 ` GoMi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-106821892518555@msgid-missing \
--to=gregoriandres@yahoo.com.ar \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.