Re: [Mldonkey-users] Idea: limiting the port rnage mldonkey uses

[Goswin Brederlow]

Wyvern <address@hidden> writes:

> On 20 Feb 2003 03:00:24 +0100
> Goswin Brederlow <address@hidden> wrote:
> 
> > Hi,
> > 
> > I'm trying to find a optimal way to account traffic for mldonkey and
> > to shape it.
> > 
> > My best general solution is to restrict mldonkey so a certain port
> > range and keep everyone else out of that range. Currently I'm doing
> > that with iptables SNAT/DNAT but I think I'm confusing some clients
> > with that. I also can't seperate donkey and overnet traffic reliable.
> > 
> > It would be good if one could give mldonkey two port ranges to be used
> > for donkey and overnet connects, say 3000-3999 for overnet and
> > 4000-4999 for donkey. This would allow reliable traffic accounting
> > with a simple iptables rule, allow a smaller window in the
> > firewall/port forwarding and easier shaping on routers.
> > 
> > MfG
> >         Goswin
> > 
> 
> You can do it 100% accuratly by patching Your kernel to support -m owner 
> match (in iptables), this way all packets from mldonkey are matched. This 
> wouldn't help you to identify which connections are from overnet, and which 
> are from edonkey... (unless you will run seperate mldonkey's, one connected 
> to overnet network, other to edonkey :))
> Hope that helps.
> 
> Oh and btw. "-m owner" will only work for localy generated packets, so you 
> can't use it if your firewall is on another machine than your mldonkey.
> 
> If you are intrested in more info on that, let me know.

I'm using -m owner to DNAT mldonkey to a limited port range, but that
only works for localy generated packets. That also means only for
outgoing traffic.

MfG
        Goswin