From mboxrd@z Thu Jan  1 00:00:00 1970
From: "ThE PhP_KiD" <gregoriandres@yahoo.com.ar>
Date: Fri, 07 Nov 2003 15:27:25 +0000
Subject: [LARTC] limiting p2p
Message-Id: <marc-lartc-106821892518555@msgid-missing>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi List !

I'm trying excelent module ipt_p2p from Filipe
Almeida in a Linux Box with several connections,
in order to block p2p traffic with next rule:

iptables -L -t filter -m ipt_p2p -j DROP

And results was that the traffic have been reduced
from 1,3 mb to 0,85 mb !!! Excelent !!

how ever, I've noted that after two days running,
that Linux Box  (RH 7,2 updated - Kernel 2.4.22
- iptables 1.2.8 with String and ConnMark modules,
Pentium 4, 1.8 Mhz, 256 Mgbytes RAM, and 3c509 eth0,
eth1 and eth2),
begins to drop others packets and a simple ping
look like this:


# ping 192.168.210.3    (by example)

PING 192.168.210.3 (192.168.210.3) from 192.168.210.254 : 56(84) bytes of
data.
64 bytes from 192.168.210.3: icmp_seq=0 ttld timeI9 usec
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
64 bytes from 192.168.210.3: icmp_seq=1 ttld timeG8 usec
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
64 bytes from 192.168.210.3: icmp_seq=2 ttld timeH9 usec
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted
ping: sendto: Operation not permitted

Next, the only way to fix this was making a REBOOT.

I've heared similar problems (not with ipt_p2p), and some
one say that next could be works: (in a cron job)

echo -n "Unloading modules.."
rmmod -a
lsmod |grep "ipt_\|ip_\|iptable" |cut -f1 -d\ |xargs rmmod 2>/dev/null &&\
echo "Done!" || echo "failed!"

and some other suggest that I could try a: "iptables clear"
and regenerate IP Tables


>From Man:

>   ping sendto: operation not permitted

 sendto(2) system call failed with errno EPERM,
 operation not permitted => reason is in the
 local firewall rules, chain OUTPUT.

 Otherwise the sendto(2) would have succeeded,
 and the error would come in an ICMP error packet.


Have you a clue of this ?

Thank you.
Best Regards.

Andres.


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/