connection limit question

Gareth · Fri Dec 10, 2010 7:55 am

My wireless network is connected to the Internet via a 4Mbps ADSL line (D/L limit of 4Mbps and an U/L of only 0.4Mbps).

P2P is a big problem for me, because too many users uploading at the same time can cause problems with time sensitive things like Skype. Too many users downloading at the same time uses all of the available bandwidth and web browsing speeds slow down.

I didn't want to kill torrents, I just wanted to keep them in check so that they wouldn't affect speeds for my other users. To solve the problem I created mangle rules to identify P2P users and mark any connections and packets by those users that was not HTTP, HTTPS, DNS, DHCP, Email etc.

I then created a queue to limit upload speeds of the P2P packets 24hours a day and a queue to limit download speeds between 6am and midnight.

Mangle:

;;; Identify P2P users.
     chain=prerouting action=add-src-to-address-list p2p=all-p2p 
     src-address=172.23.0.0/24 address-list=p2p-user address-list-timeout=1m 

;;; Mark P2P Connections (anything on P2P users' UDP ports that is suspect).
     chain=prerouting action=mark-connection new-connection-mark=p2p-conn 
     passthrough=yes protocol=udp src-address-list=p2p-user 
     port=!53,67,68,80,143,220,593 

;;; Mark P2P Connections (anything on P2P users' TCP ports that is suspect).
     chain=prerouting action=mark-connection new-connection-mark=p2p-conn 
     passthrough=yes protocol=tcp src-address-list=p2p-user 
     port=!25,53,80,110,143,220,443,465,593,993,1863

;;; Mark packets on those connections
     chain=prerouting action=mark-packet new-packet-mark=p2p-packet 
     passthrough=yes connection-mark=p2p-conn

Queue:

;;; P2P Speed Limit - Restricts receiving rates between 6am and 12pm
      name="p2p-receiving-rate" dst-address=0.0.0.0/0 interface=all 
      parent=none packet-marks=p2p-packet direction=both priority=7 
      queue=default-small/default-small limit-at=512k/0 max-limit=512k/0 
      burst-limit=0/0 burst-threshold=0/0 burst-time=1s/1s 
      total-queue=default-small time=6h-23h59m,sun,mon,tue,wed,thu,fri,sat 

;;; P2P Speed Limit - Restricts sending rates
      name="p2p-sending-rate" dst-address=0.0.0.0/0 interface=all parent=none 
      packet-marks=p2p-packet direction=both priority=6 
      queue=default-small/default-small limit-at=0/28k max-limit=0/28k 
      burst-limit=0/0 burst-threshold=0/0 burst-time=1s/1s 
      total-queue=default-small

This all works very well, but the volume of TCP and UDP connections is still very high. To fix this, I tried implementing some connection limiting in the Firewall Filter:

     chain=forward action=drop protocol=tcp connection-mark=p2p-conn 
     connection-limit=30,32 time=6h-23h59m,sun,mon,tue,wed,thu,fri,sat 

     chain=forward action=drop protocol=udp src-address-list=p2p-user 
     connection-mark=p2p-conn limit=8,5 
     time=6h-23h59m,sun,mon,tue,wed,thu,fri,sat

But this it is slowing torrents down to a crawl (less than 2 KBps when downloading). The other thing I noticed, is that the TCP connection limit of 30 P2P TCP connections per user does not work. Instead, the number of Established P2P TCP connections per user averages around 50.

My question is: Why are the connection limiting rules [above] slowing down P2P and how do I limit each P2P user to 30 P2P TCP connections each?

A couple drawbacks with the method I have used, are:
1.) the bandwidth limit can be defeated by engaging in P2P on one of the excluded ports
2.) A user cannot Skype while doing P2P, but I'm not really worried about that.

Any suggestions regarding this, would also be very much appreciated!

connection limit question

connection limit question

Who is online