Re: [LARTC] MRTG and IPP2P - Iptables

[miller69]

> 09# iptables -t mangle -A POSTROUTING -m mark --mark 1 -j ACCEPT
> 10# iptables -t mangle -A POSTROUTING -m mark --mark 2 -j ACCEPT
> 11# iptables -t mangle -A POSTROUTING -m mark --mark 3 -j ACCEPT
> 12# iptables -t mangle -A POSTROUTING -m mark --mark 4 -j ACCEPT
> 13# iptables -t mangle -A POSTROUTING -m mark --mark 5 -j ACCEPT
> I have only added the --soul and --bit networks, with mark 6 and 7... 
> And the command iptables -t mangle -L -n -v -x is working fine SHowing
So you need MRTG working on the packet/bytecounters of POSTROUTING? I'm not
familiar with MTRG but a simple shell script should at least be able to
extract the numbers. I'd be glad to see any solution to this!


> 0.0.0.0/0   ipp2p v0.5c --soul MARK set 0x6
Well, one hint: IPP2P will mark some soulseek packets but the downloads
won't get marked. You can use IPP2P to drop soulseek packets thus making soulseek
stop working but marking (and shaping) will not work properly.

Regards,

-- 
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz

___
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

[LARTC] MRTG and IPP2P - Iptables

[Leandro Andrade Travaglia]

Hi all,
 
I'm trying to use MRTG to monitor and make graphs 
of my P2P traffic.
I'm using IPP2P 0.5c - Iptables 
1.2.9
The IPP2P was configured like this:
 
example three:01# iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
02# iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
03# iptables -t mangle -A PREROUTING -p tcp -m ipp2p --edk -j MARK --set-mark 1
04# iptables -t mangle -A PREROUTING -p tcp -m ipp2p --dc -j MARK --set-mark 2
05# iptables -t mangle -A PREROUTING -p tcp -m ipp2p --gnu -j MARK --set-mark 3
06# iptables -t mangle -A PREROUTING -p tcp -m ipp2p --kazaa -j MARK --set-mark 4
07# iptables -t mangle -A PREROUTING -p tcp -m ipp2p --apple -j MARK --set-mark 5
08# iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --save-mark

09# iptables -t mangle -A POSTROUTING -m mark --mark 1 -j ACCEPT
10# iptables -t mangle -A POSTROUTING -m mark --mark 2 -j ACCEPT
11# iptables -t mangle -A POSTROUTING -m mark --mark 3 -j ACCEPT
12# iptables -t mangle -A POSTROUTING -m mark --mark 4 -j ACCEPT
13# iptables -t mangle -A POSTROUTING -m mark --mark 5 -j ACCEPT
 
I have only added the --soul and --bit networks, 
with mark 6 and 7... 
And the command iptables -t mangle -L -n -v -x is 
working fine SHowing all my P2P traffic of each different network 
:
 
iptables -t mangle -L -n -v -xChain 
PREROUTING (policy ACCEPT 31197 packets, 5559838 bytes)    
pkts  bytes target prot opt 
in out 
source   
destination   33059  9516328 CONNMARK   tcp  
--  *  *   
0.0.0.0/0    
0.0.0.0/0   CONNMARK 
restore   12001  5091047 ACCEPT 
tcp  --  *  
*   
0.0.0.0/0    
0.0.0.0/0   MARK match 
!0x0 153    32656 
MARK   tcp  --  
*  *   
0.0.0.0/0    
0.0.0.0/0   ipp2p 
v0.5c --edk MARK set 0x1   
0    0 
MARK   tcp  --  
*  *   
0.0.0.0/0    
0.0.0.0/0   ipp2p 
v0.5c --dc MARK set 0x2   
0    0 
MARK   tcp  --  
*  *   
0.0.0.0/0    
0.0.0.0/0   ipp2p 
v0.5c --gnu MARK set 0x3  57    
24854 MARK   tcp  --  
*  *   
0.0.0.0/0    
0.0.0.0/0   ipp2p 
v0.5c --kazaa MARK set 0x4   
0    0 
MARK   tcp  --  
*  *   
0.0.0.0/0    
0.0.0.0/0   ipp2p 
v0.5c --apple MARK set 0x5   
2  154 MARK   
tcp  --  *  
*   
0.0.0.0/0    
0.0.0.0/0   ipp2p 
v0.5c --soul MARK set 0x6   
0    0 
MARK   tcp  --  
*  *   
0.0.0.0/0    
0.0.0.0/0   ipp2p 
v0.5c --bit MARK set 0x7   20324  4360417 
CONNMARK   tcp  --  *  
*   
0.0.0.0/0    
0.0.0.0/0   CONNMARK 
save
 
Chain INPUT (policy ACCEPT 16997 packets, 
3182031 bytes)    pkts  bytes 
target prot opt in 
out 
source   
destination
 
Chain FORWARD (policy ACCEPT 26178 
packets, 7467918 bytes)    pkts  
bytes target prot opt in 
out 
source   
destination
 
Chain OUTPUT (policy ACCEPT 17072 packets, 
3252442 bytes)    pkts  bytes 
target prot opt in 
out 
source   
destination
 
Chain POSTROUTING (policy ACCEPT 31071 
packets, 5596377 bytes)    pkts  
bytes target prot opt in 
out 
source   
destination   11106  4799465 ACCEPT 
all  --  *  
*   
0.0.0.0/0    
0.0.0.0/0   MARK match 
0x1   
0    0 ACCEPT 
all  --  *  
*   
0.0.0.0/0    
0.0.0.0/0   MARK match 
0x2   
0    0 ACCEPT 
all  --  *  
*   
0.0.0.0/0    
0.0.0.0/0   MARK match 
0x3 657   269207 
ACCEPT all  --  
*  *   
0.0.0.0/0    
0.0.0.0/0   MARK match 
0x4   
0    0 ACCEPT 
all  --  *  
*   
0.0.0.0/0    
0.0.0.0/0   MARK match 
0x5 436    60031 
ACCEPT all  --  
*  *   
0.0.0.0/0    
0.0.0.0/0   MARK match 
0x6   
0    0 ACCEPT 
all  --  *  
*   
0.0.0.0/0    
0.0.0.0/0   MARK match 
0x7
 
MRTG is already working fine, monitoring my eth0 
and eth1 traffic. Also my CPU / Memory usage..
 
Can someone help me ?
 
Best regards,
        
    LEANDRO TRAVAGLIA
 
---Outgoing mail is certified Virus 
Free.Checked by AVG anti-virus system (http://www.grisoft.com).Version: 6.0.639 / 
Virus Database: 408 - Release Date: 22/3/2004