免升内核在nat上封杀p2p(已试验成功)
来源:百度文库 编辑:神马文学网 时间:2024/04/29 09:52:39
软件路由论坛 - Linux -
os:redhat9.0
kernels:2.4.20-8 uname -a
iptables:系统自带1.2.7a iptables -V
首先下载对应自己系统版本的iptables源码:www.iptables.org 使用wget
然后下载最新的ipp2p补丁:www.ipp2p.org
先看介绍:
kernel
It is always a good idea to use the latest stable kernel because of recent bugfixes and improved stability. During it‘s development IPP2P was successful used with the following kernel versions:
2.4.18, 2.4.19, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.26
2.6.3, 2.6.4, 2.6.6
This does NOT mean that IPP2P may not run together with other kernel versions but it was not tested yet. If someone finds out that IPP2P also is running stable with other kernel versions feel free to inform the author (contact). A very important source for updates of the netfilter code is the patch-o-matic next generation system (POM-ng) available at the netfilter homepage. It contains the latest bugfixes and netfilter extensions (like CLASSIFY, CONNMARK, ...). The daily snapshots may be a good choice to get the very latest kernel updates. IPP2P is also included in POM-ng. If you don‘t want to use the source tarball grep latest POM-ng snapshot and run "./runme ipp2p" to install IPP2P only or "./runme extra" for IPP2P and some other updates. You‘ll need to enable IPP2P support in kernel config and recompile kernel and iptables.
iptables
As said with kernel try to use a recent version of iptables as well. We used the following versions of iptables without any problems:
1.2.7a, 1.2.8, 1.2.9rc1, 1.2.9, 1.2.11
It is also possible (and likely) that IPP2P runs together with older versions as well but we‘re lacking of experiences on this issue. New versions of iptables are released in unsteady intervals at the netfilter homepage.
呵呵最低支持标准啊!~~
解iptables源码至/usr/src/iptables-1.2.7a
解ipp2p-0.8.0_rc3.tar.gz至 /root/download/ipp2p-0.8.0_rc3
cd /root/download/ipp2p-0.8.0_rc3
vi Makefie
找到IPTABLES_SRC = /usr/src/iptables
改为IPTABLES_SRC = /usr/src/iptables-1.2.7a (刚才我们下载了对应系统的源码并解压到了这里)
好了,保存退出。在ipp2p-0.8.0_rc3目录下执行
make
cp libipt_ipp2p.so /lib/iptables/
cp ipt_ipp2p.o /lib/modules/
insmod ipt_ipp2p.o
好了,这就可以使用iptables的参数了。
iptables -A FORWARD -m ipp2p --ipp2p -j DROP
iptables -L 查看FORWARD多了条规则。
顺便自己做成脚本。添加3项:
/sbin/insmod /root/download/ipp2p-0.8.0_rc3/ipt_ipp2p.o #加载模块
/sbin/iptables -A FORWARD -m ipp2p --ipp2p -j DROP
/sbin/iptables -A INPUT -m ipp2p --ipp2p -j DROP
实测不加过滤下载神六飞船升空录像700kB-1.0mB,加载后68-80KB稳定下载速度。
呵呵ipp2p.org不断升级,应该能改善p2p的猖獗流量。
附howto部分内容:
The following table shows a lineup of all module options currently available for IPP2P. Make sure not to use --ipp2p together with any other option already included in --ipp2p !
option P2P network protocol quality
--edk eDonkey, eMule, Kademlia TCP and UDP very good
--kazaa KaZaA, FastTrack TCP and UDP good
--gnu Gnutella TCP and UDP good
--dc Direct Connect TCP only good
--bit BitTorrent, extended BT TCP and UDP good
--apple AppleJuice TCP only (need feedback)
--winmx WinMX TCP only (need feedback)
--soul SoulSeek TCP only good (need feedback)
--ares Ares, AresLite TCP only moderate (DROP only)
os:redhat9.0
kernels:2.4.20-8 uname -a
iptables:系统自带1.2.7a iptables -V
首先下载对应自己系统版本的iptables源码:www.iptables.org 使用wget
然后下载最新的ipp2p补丁:www.ipp2p.org
先看介绍:
kernel
It is always a good idea to use the latest stable kernel because of recent bugfixes and improved stability. During it‘s development IPP2P was successful used with the following kernel versions:
2.4.18, 2.4.19, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.26
2.6.3, 2.6.4, 2.6.6
This does NOT mean that IPP2P may not run together with other kernel versions but it was not tested yet. If someone finds out that IPP2P also is running stable with other kernel versions feel free to inform the author (contact). A very important source for updates of the netfilter code is the patch-o-matic next generation system (POM-ng) available at the netfilter homepage. It contains the latest bugfixes and netfilter extensions (like CLASSIFY, CONNMARK, ...). The daily snapshots may be a good choice to get the very latest kernel updates. IPP2P is also included in POM-ng. If you don‘t want to use the source tarball grep latest POM-ng snapshot and run "./runme ipp2p" to install IPP2P only or "./runme extra" for IPP2P and some other updates. You‘ll need to enable IPP2P support in kernel config and recompile kernel and iptables.
iptables
As said with kernel try to use a recent version of iptables as well. We used the following versions of iptables without any problems:
1.2.7a, 1.2.8, 1.2.9rc1, 1.2.9, 1.2.11
It is also possible (and likely) that IPP2P runs together with older versions as well but we‘re lacking of experiences on this issue. New versions of iptables are released in unsteady intervals at the netfilter homepage.
呵呵最低支持标准啊!~~
解iptables源码至/usr/src/iptables-1.2.7a
解ipp2p-0.8.0_rc3.tar.gz至 /root/download/ipp2p-0.8.0_rc3
cd /root/download/ipp2p-0.8.0_rc3
vi Makefie
找到IPTABLES_SRC = /usr/src/iptables
改为IPTABLES_SRC = /usr/src/iptables-1.2.7a (刚才我们下载了对应系统的源码并解压到了这里)
好了,保存退出。在ipp2p-0.8.0_rc3目录下执行
make
cp libipt_ipp2p.so /lib/iptables/
cp ipt_ipp2p.o /lib/modules/
insmod ipt_ipp2p.o
好了,这就可以使用iptables的参数了。
iptables -A FORWARD -m ipp2p --ipp2p -j DROP
iptables -L 查看FORWARD多了条规则。
顺便自己做成脚本。添加3项:
/sbin/insmod /root/download/ipp2p-0.8.0_rc3/ipt_ipp2p.o #加载模块
/sbin/iptables -A FORWARD -m ipp2p --ipp2p -j DROP
/sbin/iptables -A INPUT -m ipp2p --ipp2p -j DROP
实测不加过滤下载神六飞船升空录像700kB-1.0mB,加载后68-80KB稳定下载速度。
呵呵ipp2p.org不断升级,应该能改善p2p的猖獗流量。
附howto部分内容:
The following table shows a lineup of all module options currently available for IPP2P. Make sure not to use --ipp2p together with any other option already included in --ipp2p !
option P2P network protocol quality
--edk eDonkey, eMule, Kademlia TCP and UDP very good
--kazaa KaZaA, FastTrack TCP and UDP good
--gnu Gnutella TCP and UDP good
--dc Direct Connect TCP only good
--bit BitTorrent, extended BT TCP and UDP good
--apple AppleJuice TCP only (need feedback)
--winmx WinMX TCP only (need feedback)
--soul SoulSeek TCP only good (need feedback)
--ares Ares, AresLite TCP only moderate (DROP only)
软件路由论坛 - Linux - 免升内核在nat上封杀p2p(已试验成功)
免升内核在nat上封杀p2p(已试验成功)
P2P的NAT研究
常见问题 什么是P2P封杀
传朝鲜最快周日在中朝边境废弃煤矿内核试验
yaffs文件系统在2.6内核上的移植--操作步骤(转载)
NAT和P2P网络 - kinglang的专栏 - CSDNBlog
穿越NAT的p2p通信方法研究 - Network Development - Dolph...
美拦截导弹在试验中成功击中目标
NAT穿越(转)
NAT
探访Skype杀手Verso:为摆脱亏损下注封杀P2P
探访Skype杀手Verso:为摆脱亏损下注封杀P2P
在CNGI IPv6上建立诚信安全的P2P环境和分布管理系统 - 侯自强
TCP实现P2P通信、TCP穿越NAT的方法、TCP打洞
P2P网络“自由”穿越NAT的“秘密” - 技术文档 - IXPUB技术社区
P2P之UDP穿透NAT的原理与实现(附源代码)
TCP实现P2P通信、TCP穿越NAT的方法、TCP打洞_红狐
P2P网络“自由”穿越NAT的“秘密” - 技术文档 - IXPUB技术社区
P2P之UDP穿透NAT的原理与实现(shootingstars)--增强篇(附源代码)
[p2p]UDP用打洞技术穿透NAT的原理与实现
Windows 2003 上配置 VPN + NAT
朝鲜宣布成功发射试验通信卫星(图)
p2p