Expert opinion on iptables/torrents | Unix Linux Forums | UNIX for Advanced & Expert Users

  Go Back    


UNIX for Advanced & Expert Users Expert-to-Expert. Learn advanced UNIX, UNIX commands, Linux, Operating Systems, System Administration, Programming, Shell, Shell Scripts, Solaris, Linux, HP-UX, AIX, OS X, BSD.

Expert opinion on iptables/torrents

UNIX for Advanced & Expert Users


Tags
encryption, iptables, torrents

Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 04-25-2013
darkman_hr darkman_hr is offline
Registered User
 
Join Date: Oct 2010
Last Activity: 27 July 2013, 11:49 AM EDT
Location: Sibenik, Croatia
Posts: 17
Thanks: 3
Thanked 0 Times in 0 Posts
Network Expert opinion on iptables/torrents

Hello all,

I want to deny any torrents passing thru linux box that are NOT encrypted. My ISP is doing packet inspection and gives warnings.

I'd like to allow torrents when client sets encryption.

Any thoughts?
Sponsored Links
    #2  
Old 04-25-2013
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 1 September 2014, 10:35 PM EDT
Location: Saskatchewan
Posts: 19,272
Thanks: 774
Thanked 3,237 Times in 3,035 Posts
iptables can do lots of fun things with sources, destinations, routes, types, and to a limited extent stateful things like simple detection of some protocols but I don't think it's good for this depth of packet content reading. It's just a firewall in the end.
The Following User Says Thank You to Corona688 For This Useful Post:
darkman_hr (04-25-2013)
Sponsored Links
    #3  
Old 04-25-2013
darkman_hr darkman_hr is offline
Registered User
 
Join Date: Oct 2010
Last Activity: 27 July 2013, 11:49 AM EDT
Location: Sibenik, Croatia
Posts: 17
Thanks: 3
Thanked 0 Times in 0 Posts
At level7 perhaps?
If I block via l7 all non-standard ports >1024 (ie. allow only 80, 53, 22 etc..) I read somewhere that l7 will not stop encrypted torrents... is that true? I'm guessing it makes sense since it cannot really peek into them to match pattern?

I use iptables daily.. know lot of tricks.. but this packet inspection is really fuss.

I'll make another thread now about paypal/iptables which is also giving me headache.. perhaps someone knows...


I really like that there are people here that I might actually talk to about networking and linux and stuff.. sometimes I feel like I'm alone.. not even google can give me answers I seek.

    #4  
Old 04-25-2013
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 1 September 2014, 10:35 PM EDT
Location: Saskatchewan
Posts: 19,272
Thanks: 774
Thanked 3,237 Times in 3,035 Posts
Quote:
Originally Posted by DARKMAN_HR View Post
At level7 perhaps?
l7 is a do-anything addon for iptables which connects iptables to usermode software. It's this software which must do the packet analysis.

It's possible but difficult; bittorent is (intentionally) hard to tell apart from ordinary traffic. In response to throttling and censorship, it has become even more so.
Quote:
If I block via l7 all non-standard ports >1024 (ie. allow only 80, 53, 22 etc..)
That is what I had to do eventually. (You don't need l7 to block ports. Plain iptables can do that easily.) It cannot block all torrents but many. It was a sad moment, a final admission of defeat, that I couldn't simply let my customers have what they wanted at all times.
Quote:
I read somewhere that l7 will not stop encrypted torrents... is that true?
Yes, very difficult. It probably negotiates over https, which customers obviously need to work unimpeded; which once connected can carry whatever it wants without letting you see the contents. This is also how tor hides itself.
Sponsored Links
    #5  
Old 04-25-2013
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 1 September 2014, 10:35 PM EDT
Location: Saskatchewan
Posts: 19,272
Thanks: 774
Thanked 3,237 Times in 3,035 Posts
You could also try traffic control, speed limiting instead of or in addition to block/don't block. Prioritize any obviously recognizable traffic.
Sponsored Links
    #6  
Old 04-25-2013
darkman_hr darkman_hr is offline
Registered User
 
Join Date: Oct 2010
Last Activity: 27 July 2013, 11:49 AM EDT
Location: Sibenik, Croatia
Posts: 17
Thanks: 3
Thanked 0 Times in 0 Posts
I can.. and I do that already.. just .. it's not that throughput is bugging me.. -- ISP is bugging me.. they inspected some packet and they saw Movie.name.warez.torrent.bla.avi .... and they want it resolved or they'll unplug me... so that's my main concern..
I had firewall open on network from 00 to 08am ... and users could use whatever... but now I got to lock even that hours and as you said - give it up and surrender :/
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Expert Opinion rsheikh UNIX for Advanced & Expert Users 6 03-02-2009 09:13 AM
Opinion HN19 Post Here to Contact Site Administrators and Moderators 7 12-19-2003 07:00 PM
Your Opinion requested pc9456 Solaris 4 11-17-2003 08:56 AM
Need your help and opinion dennie1 UNIX Desktop for Dummies Questions & Answers 4 07-10-2002 03:19 PM



All times are GMT -4. The time now is 07:42 AM.