Menu
▾
▴
[Shorewall-users] How to control P2P traffics with shorewall
|
From: ngouyamsa r. <mfo...@ya...> - 2006-02-21 21:46:43
|
Hi Tom,
Thank's so much for your fast answer. I am sorry but as you can see I am not a shorewall guru. But I hope you will still accept to help me. I am reading the shorewall documentation a again and hope I will avoid to ask stupid questions the next time as about the number of zones I can create. Let us go straight to the problem I want you to help me to sort out.
I have a problem with P2P traffics in the ISP network I administrate.
I have a Fedora Core 4 server, with BIND, Squid and shorewall installed as
my main server. Behin it I have a mail server. I all the time have problem of
slow connexion when customers to much P2P applications as Kazaa, bitorrent ..
I have two satellite connexions, one is the main and the second one is a backup.
I am currently making a list of all the ports that applications use. As I know it is not really possible to block P2P, I would like to forward all the P2P traffic from my main satellite connexion > to the backup satellite connexion.
This is what I plan to implement to issue it:
On my main server:
> Squid
>Shorewall
>3 Ethernet Cards
eth0 IP1= 81.75.1.x > > > Main Satellite Connexion
eth1 IP2 = 172.168.2.x > > >Internal Network
eth2 IP3 = 82.75.3.x > > > Backup Satellite
Shorewall Static NAT
External Address External Interface Internal address All Interfaces Local
82.75.3.2 eth2 81.75.1.2 No Yes
Masquerading
Interface Subnet
Eth0 Eth1
Zone File
Net Internet
Lan LAN
P2PZ P2PZ
Interfaces file
Eth0 Net
Eth1 Lan
Eth2 P2PZ
Firewall Rules
ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
PORT PORT DEST
DNAT LAN P2PZ:82.75.3.2 tcp (P2P ports) -
Roland Mfondoum
VAKIFLAR ISHANI
C BLOCK KAT1
No 7-8
GIRNE KKTC
MERSIN 10 TURKEY
PHONE: +90-392-815-8905
FAX: +90-392-815-8904
---------------------------------
Yahoo! Mail
Use Photomail to share photos without annoying attachments. |