[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mldonkey-users] Motre donitor ideas
|
From: |
Goswin Brederlow |
|
Subject: |
[Mldonkey-users] Motre donitor ideas |
|
Date: |
06 Feb 2003 22:25:00 +0100 |
|
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Portable Code) |
Sven Hartge <address@hidden> writes:
> Um 03:17 Uhr am 06.02.03 schrieb Goswin Brederlow:
>
> > The initial Question was why donitor uses so many iptables rules (2
> > per connection). There are some new questions at the end too.
>
> > I played around a bit with the iptables rules and now have the
> > following setup:
>
> > eth0 : 192.168.0.3 (my normal IP)
> > eth0.1: 192.168.0.6 (IP for mldonkey)
>
> I have my donkey running directly on my ippp0 device, so I am not able to
> add a second alias to that one to seperate the donkey traffic from the
> rest.
>
> So I'd have to got for the INPUT-pid-match patch.
>
> But your approach is _very_ interesting.
Another idea for people running mldonkey directly with their official
IP:
Upload traffic is easily matched by user and/or pid.
For incoming traffic it would be nice to know all ports mldonkey (and
only mldonkey) uses:
- The server/client/overnet ports are known, thats easy.
- Any outgoing connect from mldonkey gets SNAT'ed to port 23000-23999
- Any non mldonkey outgoing connect on ports 23000-23999 gets SNAT'ed
to 24000-
- Any data coming in for ports 23000-23999 will be mldonkey download
That should work, right?
Another speedup with the current setup would be to use another table
DKY_TEST and put all dynamic rules into that table. rem_rules could
then just flush that table saving half the time (Probably more. Adding
rules should be faster than deleting).
I noticed that mldonkey zeros out the counters of all chains every 2
minutes, which might be disruptive to other services. Only the
DKY_UP/DWN chains should be zeroed.
MfG
Goswin