X-Original-To: alpine-devel@lists.alpinelinux.org Delivered-To: alpine-devel@lists.alpinelinux.org Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.25]) by lists.alpinelinux.org (Postfix) with ESMTP id C831A17003B80 for ; Tue, 9 Dec 2008 09:30:16 +0000 (UTC) Received: by ey-out-2122.google.com with SMTP id 4so723358eyf.13 for ; Tue, 09 Dec 2008 01:30:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:subject:from:to:cc :in-reply-to:references:content-type:date:message-id:mime-version :x-mailer:content-transfer-encoding; bh=UVPRufbTndiB2d5zqgw6awRI2+aQFCCVSBZy/qYD/Bw=; b=ZQKzIhj8Uv+YGfefxqYcmdXygeDaAdHWKVBzHm4/dP8rB6UNnT/bkvYx2JQRuXGT8T ljr9i8U7LMtqcVqMjrFE2pERyxjz3xVp5g6+/gypUHZdYalTkbg9vpgqYH3nFEo7cS0Z IDHNLNo3tack0o65lDQJBMRON7iDW+6lFIV5Y= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=subject:from:to:cc:in-reply-to:references:content-type:date :message-id:mime-version:x-mailer:content-transfer-encoding; b=CWh0usFdU7eyEEouFplyJKYo1ng/3z+D2MCtmhFNnl+7f0KnxPr9OizMmg6Gj4k7fJ O4ijzN404O699gy5Bd4Aw6uAHt5yxWfmUbQNzEaV6p1+HivIlSMqjh4j575863uQoQcd ILsU9YR3SS33LhN9641YLBV10ezekjfSPNiwE= Received: by 10.210.34.2 with SMTP id h2mr4677900ebh.58.1228815015400; Tue, 09 Dec 2008 01:30:15 -0800 (PST) Received: from ?10.65.0.5? (149-182-13.oke2-bras2.adsl.tele2.no [90.149.182.13]) by mx.google.com with ESMTPS id 5sm3967921eyf.30.2008.12.09.01.30.13 (version=SSLv3 cipher=RC4-MD5); Tue, 09 Dec 2008 01:30:14 -0800 (PST) Subject: Re: [alpine-devel] 1.7.28 issues From: Natanael Copa To: Harry Lachanas Cc: alpine-devel@lists.alpinelinux.org In-Reply-To: <493D5DDD.2020100@freemail.gr> References: <493CBFDB.1020508@freemail.gr> <1228752276.24384.135.camel@nc> <493D5DDD.2020100@freemail.gr> Content-Type: text/plain Date: Tue, 09 Dec 2008 10:30:11 +0100 Message-Id: <1228815011.24384.188.camel@nc> X-Mailinglist: alpine-devel Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: Mime-Version: 1.0 X-Mailer: Evolution 2.24.2 Content-Transfer-Encoding: 7bit On Mon, 2008-12-08 at 19:48 +0200, Harry Lachanas wrote: > Natanael Copa wrote: > > On Mon, 2008-12-08 at 08:34 +0200, Harry Lachanas wrote: > > > >> Hi all, > >> > >> I salute the 1.7.28 release and found the following little problems ... > >> > >> xtables-addons + iptables 1.4.2 > >> > >> a) xtables-addons misses the ipp2p component > >> > > > > It is supposed to be in the modloop (the loopback device where kernel > > modules are). No kernel modules are included in apk packages. > > > > > Hi nc !! I understand now that I wasn't clear enough. or i just dont read carefully enough. > The xtables-addons module seems ok .... > > It is the iptables --> libxt_ipp2p.so that is missing from /lib/xtables right. this was the problem. > ( this is the lib module that iptables use to contact the > xtables-addons kernel module. ) i know. i just had too many things going on in my head at the same time. stuff like this ted to happen then. > instead the /lib/iptables/libipt_ipp2p.so is there, as if the old module > was compiled in the kernel ??. I think is because you have ipp2p package installed. do: apk_delete ipp2p. > >> b) the old ipp2p component is still compiled in the Kernel > >> but since iptables version 1.4.2 is implied it cannot be used, > >> > > > > are you 100% that its not the xtables-addons that is in there? looks to > > me that when you modprobe ipp2p you actually get the xtables-addons > > module. lsmod shows xt_ipp2p (new from xtables-addons) and not ipt_ipp2p > > (old ipp2p) > > > > > > > yes the xt_ipp2p module gets loaded .... > > but if U do a > #iptables -m ipp2p -help > > you get > > iptables v1.4.2: Couldn't load match `ipp2p':File not found this is due to the missing ipp2p iptables module is missing. not the kernel module. > > Try `iptables -h' or 'iptables --help' for more information. ok. i think i finally got it right. (sorry for the confusion). ... IPP2P was intended for TCP only. Due to increasing usage of UDP we needed to change this. You can now use -p udp to search UDP packets only or without -p switch to search UDP and TCP packets. See README included with this package for more details or visit http://www.ipp2p.org Examples: iptables -A FORWARD -m ipp2p --ipp2p -j MARK --set-mark 0x01 iptables -A FORWARD -p udp -m ipp2p --kazaa --bit -j DROP iptables -A FORWARD -p tcp -m ipp2p --edk --soul -j DROP well the example is wrong but i think the module loads and iptables works. There was an another annoying bug in 1.7.28 (both alpine-conf-1.8 and 1.8.1 was installed) and 2 packages was missing (acf-tcpproxy, acf-iptables). So I think I just push out alpine-1.7.28.1. while I was there I alos did the simple fix of shorewall so I think that ipp2p should just work with shorewall now. If you have a chance, could you please find the 1.7.28.1 release here : http://dev.alpinelinux.org/~ncopa/alpine/ (mind the slow download, 2Mbit) and please verify that: 1. xt_ipp2p kernel module is there and works. 2. xtables-addons is there and works with iptables. 3. shorewall is able to detect ipp2p and is able to use it. If everythign is ok i will upload it. Thank you! -nc --- Unsubscribe: alpine-devel+unsubscribe@lists.alpinelinux.org Help: alpine-devel+help@lists.alpinelinux.org ---