LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-17-2009, 01:05 PM   #1
nekkro-kvlt
LQ Newbie
 
Registered: May 2009
Posts: 20

Rep: Reputation: 0
Netfilter conntracking for P2P protocols (edonkey, bittorent...)


Hi everyone, I would like to allow multi users to access P2P networks, so I wonder if there's a way to tracking these kind of protocols with netfilter, and also compatibility with nat, like the module conntrack_ftp seems to do with the FTP protocol.
Thanks guys.
Edit/Delete Message
 
Old 05-18-2009, 07:45 AM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by nekkro-kvlt View Post
Hi everyone, I would like to allow multi users to access P2P networks, so I wonder if there's a way to tracking these kind of protocols with netfilter, and also compatibility with nat, like the module conntrack_ftp seems to do with the FTP protocol.
Thanks guys.
I've never used eDonkey, but I can tell you that I've never needed any special helper modules in order to do stateful packet filtering for BitTorrent or Gnutella. The only reason you need a helper for FTP is because the port number for the data connection is sent at the application layer. I would think the P2P protocol designers would avoid doing that sorta thing, in order to make file distribution as simple as possible. Of course, like I said, I've only got experience with BitTorrent and Gnutella.

Last edited by win32sux; 05-18-2009 at 07:47 AM.
 
Old 05-18-2009, 07:58 AM   #3
nekkro-kvlt
LQ Newbie
 
Registered: May 2009
Posts: 20

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by win32sux View Post
I've never used eDonkey, but I can tell you that I've never needed any special helper modules in order to do stateful packet filtering for BitTorrent or Gnutella. The only reason you need a helper for FTP is because the port number for the data connection is sent at the application layer. I would think the P2P protocol designers would avoid doing that sorta thing, in order to make file distribution as simple as possible. Of course, like I said, I've only got experience with BitTorrent and Gnutella.
Hi, I do not use gnutella, but bittorent speed is improved if allowing inbound connection to the client. For ed2k, there's the same thing, you need to redirect inbound connections to the client. As these ports can be configured in client options, I thing they're negociated with the server. A solution that may do the trick is IPP2P, but I hadn't time to check it yet.
 
Old 05-18-2009, 06:51 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by nekkro-kvlt View Post
Hi, I do not use gnutella, but bittorent speed is improved if allowing inbound connection to the client. For ed2k, there's the same thing, you need to redirect inbound connections to the client. As these ports can be configured in client options, I thing they're negociated with the server. A solution that may do the trick is IPP2P, but I hadn't time to check it yet.
Personally, I've never heard of BitTorrent doing that, and my experience has been that it hasn't. In the application, I configure the port I want it to use and that's it. Iptables only needs to be told to allow inbound connections to that port - everything else is handled by connection tracking. Imagine how messed-up it would be if people would need to use stuff like IPP2P in order to make BitTorrent work! Of course, I'm not denying that application-layer filters are useful. I'm just saying that they are pointless for BitTorrent and Gnutella if what you want is to:
Quote:
Originally Posted by nekkro-kvlt View Post
allow multi users to access P2P networks

Last edited by win32sux; 05-18-2009 at 06:55 PM.
 
  


Reply

Tags
nat, netfilter, p2p


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Why is multicast protocols designed in Layer 3 when routing protocols in L5 vineeth_thampi Linux - Networking 2 07-04-2006 05:23 PM
iptables-p2p - Instalation problems | How to block p2p with iptables Woping Linux - Networking 0 03-14-2006 12:56 PM
Risk of Linux P2P vs. Windows P2P software snatale1 Linux - Software 2 12-04-2004 07:14 PM
edonkey gablu Linux - Software 1 08-30-2004 04:00 AM
edonkey ugenn Solaris / OpenSolaris 4 07-02-2003 01:51 PM


All times are GMT -5. The time now is 09:24 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration