"found p2p signatures"

RouterOS General
1

hello ALL

i put 1,5 Gb RAM and set the web-proxy (transparent) to cache ALL pages. 4 hours after my routerOS stops routing http traffic (port 80).
ping tests from client > ISP = ok
ping tests from ISP > external IP = ok
ping tests from ISP > domain names = ok
ping tests from client > domain names = ok

just Internet navigation DOWN.

i have (a lot) of the following messages from console:

found p2p signature - edonkey

is impossible to log in via winbox or console.

force reboot (power down) and the system restart and work´s fine.

anybody have an idea about “p2p signatures” on log???

crazy…

thanx.

2

what do you have in your mangle and in your firewall?

3

well,

in mangle table i just have a p2p control (i follow the mikrotik doc´s to set this),

in chain forward:
mark connection (p2p - all)
mark packet (p2p - all)

and in queue tree i just limit this p2p connections to 200k (max).

in simple queues i set the p2p in advanced tab to limit each client in 64k.

my firewall rules is filtering things like MyDoom, beagle (and some others), WebServer IN, Some Game servers, netbios, packets invalid, ftp IN, some trojans.

the only thing i put in there is limit connections per host (30).

4

I suggest you to not use the p2p feature. becouse not all p2p are identified also mirc packet.

I have used the following procedure:
mark packet HTTP / no passtrought
mark packet FTP / no passtrought

mark packet REST (all packet) / no passtrougt

after on the queue take in care that REST contain also the p2p connection.

5

Ok. i got it.

how do you limit the p2p traffic marked in REST?
and why do you use the no “passtrought feature” in that rules?

thanx.

6

REST is comprensive of p2p traffic. so there it is not necessary to create a rule for P2P. Take in care that before the REST you need to mark the packet that you want provide more bandwith. This means you need to mark, http, https, ftp, msn, chats and other you ctm use.
P2p are inglobated on REST togheter all other protocols you have not mangled before.
pass trought means that packet are market and the flow is stopped.
better with an example with passttrought

  1. mark http traffic as HTTP1/ with passt.
  2. mark http traffic as HTTP2/ with passt.

You will see the packet count increase on both rules, and http traffic is marked as HTTP1 and HTTP2.
While if you do not want to remark HTTP

  1. mark http traffic as HTTP1/ withOUT passt.
  2. mark http traffic as HTTP2/ withOUT passt.
    … you will see packet increase only the rule 1 and not for rule 2.

so in the scenario of

  1. mark http traffic as HTTP1/ withOUT passt.
  2. mark all traffic as REST/ withOUT passt.

You will mark HTTP correctly, and REST is the other protocols.
also you can add before the mange REST others you want to mangle

  1. mark http traffic as HTTP1/ withOUT passt.
  2. mark FTP traffic as FTP/ withOUT passt.

  3. mark all traffic as REST/ withOUT passt.

Ciao