ipcop support

community support forum
It is currently Wed Oct 22, 2014 8:55 am

All times are UTC [ DST ]




Post new topic Reply to topic  [ 18 posts ] 
Author Message
Unread postPosted: Wed Mar 30, 2005 4:22 pm 
Pro User
User avatar

Joined: Mon Oct 13, 2003 3:06 pm
Posts: 659
Location: Germany
Today i finished l7-filter for ipcop 1.4.4

This mod has an easy-to-use install-/uninstall-script.

Download and Info

_________________
If you like my addons, feel free to donate some money.
Even little amounts help to keep things going.

Image


Last edited by mh254 on Sat Apr 23, 2005 5:01 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject:
Unread postPosted: Wed Mar 30, 2005 5:46 pm 
Site Moderator

Joined: Mon May 26, 2003 6:07 am
Posts: 1355
Location: Kuala Lumpur
Any idea how much cpu power this one needs? Anything scanning the contents of a packet is going to need orders of magnitude more processing than just looking at the headers.


Top
 Profile  
 
 Post subject:
Unread postPosted: Sat Apr 23, 2005 9:20 am 
Can anyone confirm if this patch will work on a standard IPCop 1.4.5?


Top
  
 
 Post subject:
Unread postPosted: Sat Apr 23, 2005 4:21 pm 
User
User avatar

Joined: Tue May 27, 2003 3:47 am
Posts: 153
Location: Germany
Anonymous wrote:
Can anyone confirm if this patch will work on a standard IPCop 1.4.5?


Confirmed:
Code:
root@ipcop:/ # iptables -L CUSTOMFORWARD -v
Chain CUSTOMFORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination
 2821  618K DROP       all  --  any    any     192.168.0.128/25     anywhere            LAYER7 l7proto fasttrack


teletoeffel


Top
 Profile  
 
 Post subject:
Unread postPosted: Sat Apr 23, 2005 4:56 pm 
Greetings Teletoeffel,

Quote:
Confirmed:
Code:
root@ipcop:/ # iptables -L CUSTOMFORWARD -v
Chain CUSTOMFORWARD (1 references)
 pkts bytes target     prot opt in     out     source               destination
 2821  618K DROP       all  --  any    any     192.168.0.128/25     anywhere            LAYER7 l7proto fasttrack


Much appreciated! Thank You


Top
  
 
 Post subject:
Unread postPosted: Sun Apr 24, 2005 1:19 pm 
How do you config the rules? via a GUI?


Top
  
 
 Post subject:
Unread postPosted: Mon Apr 25, 2005 1:58 pm 
User
User avatar

Joined: Tue May 27, 2003 3:47 am
Posts: 153
Location: Germany
Anonymous wrote:
How do you config the rules? via a GUI?

I set them in rc.local. My example:

Code:
#!/bin/sh
/sbin/insmod ipt_layer7
/sbin/iptables -t mangle -I PREROUTING 1 -j MARK --set-mark 4
#
# beschraenkte (gedrosselte) Protokolle
#
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto fasttrack -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto bittorrent -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto edonkey -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto directconnect -j MARK --set-mark 3
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto gnutella -j MARK --set-mark 3
#
# wichtige protokolle und UDP bis zur vollen Bandbreite zulassen
#
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto imap -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto dns -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto smtp -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto pop3 -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto ssh -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -m layer7 --l7proto ftp -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 80 -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 443 -j MARK --set-mark 2
/sbin/iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 2


BTW: I'm using IPCOP 1.4.5

teletoeffel


Top
 Profile  
 
 Post subject:
Unread postPosted: Mon Apr 25, 2005 4:28 pm 
Teletoeffel,

Are you using some sort of QoS patch or are those mark packet rules valid for the standard IPCop?


Top
  
 
 Post subject:
Unread postPosted: Mon Apr 25, 2005 4:58 pm 
User
User avatar

Joined: Tue May 27, 2003 3:47 am
Posts: 153
Location: Germany
Anonymous wrote:
Teletoeffel, Are you using some sort of QoS patch or are those mark packet rules valid for the standard IPCop?

I'm using a QoS patch, see RUDE AND CRUDE: Simple Packet Shaping for Students!

teletoeffel


Top
 Profile  
 
 Post subject:
Unread postPosted: Mon Apr 25, 2005 5:00 pm 
Thanks! I really aught to get an account here :-)


Top
  
 
 Post subject:
Unread postPosted: Fri Apr 29, 2005 3:12 am 
teletoeffel:

Humm so you use that Rude and Crude QoS patch with l7-filter?
Or you use IMQ and Layer7 1.44 mod from guiguid ???

Between those two combination, which one allows IPCOP to auto-distribute bandwidth in the following way:
1. when high priority and low priority traffic competes for bandwidth, give whatever high priority traffic needs, and whatever is left to low priority traffic
2. when there is no high priority traffic, gives all bandwidth to low priority traffic
3. each LAN client has equal share of outgoing/incoming bandwidth

And if #1 to #3 are possible, which document should I read before I start to setup Rude Crude QoS or IMQ? Thank you.


Top
  
 
 Post subject:
Unread postPosted: Fri Apr 29, 2005 4:56 pm 
User
User avatar

Joined: Tue May 27, 2003 3:47 am
Posts: 153
Location: Germany
Anonymous wrote:
teletoeffel:
Humm so you use that Rude and Crude QoS patch with l7-filter?
Or you use IMQ and Layer7 1.44 mod from guiguid ???

I'm using Layer7 filtering with Rude and Crude
Anonymous wrote:
Between those two combination, which one allows IPCOP to auto-distribute bandwidth in the following way...

I don't know reagarding IMQ, the Rude and Crude script slows down unwanted UPLOAD traffic, NEVER giving it more / shared banthwidth of the high priority part. That's the thing I wanted.

teletoeffel


Top
 Profile  
 
 Post subject:
Unread postPosted: Mon May 02, 2005 5:21 pm 
New User

Joined: Tue Mar 29, 2005 11:01 pm
Posts: 66
is there a gui config for this l7 filtering?


Top
 Profile  
 
 Post subject:
Unread postPosted: Tue May 03, 2005 8:11 am 
New User

Joined: Fri Apr 29, 2005 3:15 am
Posts: 19
Install this one:
http://world.altavista.com/babelfish/tr ... pcop2.html

Then this one:
http://world.altavista.com/babelfish/tr ... orld.tk%2f

The first one provides you the l7-filter thing with IMQ.

The second one provides you an OK web GUI config for the first package.

I installed both and network is OK. However I haven't got the time to play with the l7-filter setting yet.


Top
 Profile  
 
 Post subject:
Unread postPosted: Tue May 03, 2005 8:13 am 
New User

Joined: Fri Apr 29, 2005 3:15 am
Posts: 19
Oh humm the second site is down for now. Just keep trying (no I'm not the author for neither packages),


Top
 Profile  
 
 Post subject:
Unread postPosted: Tue May 03, 2005 9:51 am 
New User

Joined: Fri Apr 29, 2005 3:15 am
Posts: 19
And the manuals are in French, so the Altavista translation might be mis-leading.

l7-filter thing with IMQ works on both 1.4.4 and 1.4.5. However for 1.4.5 you need some special instructions while installing it:

tar - jxvf imq-0.1_for_ipcop-1.4.4.tar.bz2
sed - E s/\"1.4.4/\"1.4.5/g /setup > /setup.sh
HS /setup.sh

The web interface package works on 1.4.4 for sure, but no one has tested on 1.4.5 yet.


Top
 Profile  
 
 Post subject:
Unread postPosted: Tue May 03, 2005 10:19 pm 
New User

Joined: Tue Mar 29, 2005 11:01 pm
Posts: 66
thanx for the info! maybe I should try to install it on 1.4.5 to see if it works... I never got QoS to work properly , the broke the webgui for ipcop ...


Top
 Profile  
 
 Post subject:
Unread postPosted: Wed May 04, 2005 7:38 am 
New User

Joined: Fri Apr 29, 2005 3:15 am
Posts: 19
http://world.altavista.com/babelfish/tr ... 214b780f82

http://world.altavista.com/babelfish/tr ... 2506a237ba

Both are forums related to the IMQ/l7-filter mod and the web interface mod. Translation is really bad, but it seems that 1.4.5 works fine with the IMQ 1.4.4 with patch I mentioned above.

However web interface 2.0 might have some problem with 1.4.5.

I'm still trying to find time to install Web 2.0 on my IPCOP 1.4.4 box.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 18 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group