On Friday 08 August 2008 17:37:12 Bogdan Cehan wrote:
[...]
> Fratilor , scuzati-ma ca ma bag si eu in seama
> dar eu nu prea inteleg ce vrea omul asta aici
> el vrea ssh (port 22 tcp ) , firefox (80,443 tcp) si evolution
> (25,110,143,465,993,995) sa le scoata prin alta parte ???
> sau aici vorbim la nivel de layer 7 ? si doar aplicatiile alea sa
> iasa prin alta parte ? daca vrea prima o face extraordinar de rpd din
> iptables MARK si iproute2
"Our intent is for l7-filter to be used in conjunction with Linux QoS to do
bandwith arbitration ("packet shaping") or traffic accounting."
http://l7-filter.sourceforge.net/FAQ
Q: How can I use l7-filter to redirect some of my traffic (to a proxy, etc.)?
A: You pretty much can't, at least not in any straightforward way. L7-filter
can't possibly identifiy what protocol a connection is using until it sees a
packet with data in it. For TCP, this is the third packet, far too late to
start redirecting anything. (Convoluted schemes involving duplicating all
your packets until you get a match may be possible, but we don't recommend
it.) For UDP, it could work, providing that l7-filter gets enough data in the
first packet to make a decision. Making sure this works is not our focus,
however..
This can be done if you match on some quality that every packet has (such as
port or IP number) rather than using l7-filter.
--
Serghei.
--
This mail was scanned by BitDefender
For more informations please visit http://www.bitdefender.com
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug
