P2P is a big problem for me, because too many users uploading at the same time can cause problems with time sensitive things like Skype. Too many users downloading at the same time uses all of the available bandwidth and web browsing speeds slow down.
I didn't want to kill torrents, I just wanted to keep them in check so that they wouldn't affect speeds for my other users. To solve the problem I created mangle rules to identify P2P users and mark any connections and packets by those users that was not HTTP, HTTPS, DNS, DHCP, Email etc.
I then created a queue to limit upload speeds of the P2P packets 24hours a day and a queue to limit download speeds between 6am and midnight.
Mangle:
Code: Select all
;;; Identify P2P users.
chain=prerouting action=add-src-to-address-list p2p=all-p2p
src-address=172.23.0.0/24 address-list=p2p-user address-list-timeout=1m
;;; Mark P2P Connections (anything on P2P users' UDP ports that is suspect).
chain=prerouting action=mark-connection new-connection-mark=p2p-conn
passthrough=yes protocol=udp src-address-list=p2p-user
port=!53,67,68,80,143,220,593
;;; Mark P2P Connections (anything on P2P users' TCP ports that is suspect).
chain=prerouting action=mark-connection new-connection-mark=p2p-conn
passthrough=yes protocol=tcp src-address-list=p2p-user
port=!25,53,80,110,143,220,443,465,593,993,1863
;;; Mark packets on those connections
chain=prerouting action=mark-packet new-packet-mark=p2p-packet
passthrough=yes connection-mark=p2p-conn
Code: Select all
;;; P2P Speed Limit - Restricts receiving rates between 6am and 12pm
name="p2p-receiving-rate" dst-address=0.0.0.0/0 interface=all
parent=none packet-marks=p2p-packet direction=both priority=7
queue=default-small/default-small limit-at=512k/0 max-limit=512k/0
burst-limit=0/0 burst-threshold=0/0 burst-time=1s/1s
total-queue=default-small time=6h-23h59m,sun,mon,tue,wed,thu,fri,sat
;;; P2P Speed Limit - Restricts sending rates
name="p2p-sending-rate" dst-address=0.0.0.0/0 interface=all parent=none
packet-marks=p2p-packet direction=both priority=6
queue=default-small/default-small limit-at=0/28k max-limit=0/28k
burst-limit=0/0 burst-threshold=0/0 burst-time=1s/1s
total-queue=default-small
Code: Select all
chain=forward action=drop protocol=tcp connection-mark=p2p-conn
connection-limit=30,32 time=6h-23h59m,sun,mon,tue,wed,thu,fri,sat
chain=forward action=drop protocol=udp src-address-list=p2p-user
connection-mark=p2p-conn limit=8,5
time=6h-23h59m,sun,mon,tue,wed,thu,fri,sat
My question is: Why are the connection limiting rules [above] slowing down P2P and how do I limit each P2P user to 30 P2P TCP connections each?
A couple drawbacks with the method I have used, are:
1.) the bandwidth limit can be defeated by engaging in P2P on one of the excluded ports
2.) A user cannot Skype while doing P2P, but I'm not really worried about that.
Any suggestions regarding this, would also be very much appreciated!