How can i block these connections?? (see included image)

kolorasta · August 30, 2011, 12:12am

i have a 100% bridged network.
i want to block the connections shown in the torch screen capture.

those connections have two things in common.
1: dst.address belong to a 172.16.0.0/21 network
2: RxRate is always 0bps

how can i block those connections?
any suggestions?

sorry for my poor english.

fewi · August 30, 2011, 12:50am

Are those legitimate destination IPs, and can you drop just by IP?

kolorasta · August 30, 2011, 1:14am

Thosr are the ip of my clients. Connections must meet both conditions to be dropped

fewi · August 30, 2011, 2:23am

How are they making it to your client? The source IP is a public address, so it’s initiated by that side. Since the destination IP address is a private IP, you’re specifically NATing that connection through.

kolorasta · August 30, 2011, 2:51am

I’m natting. DstIP is the private ip of the client and SrcIP is the ip of the website or whatever he is visiting. In this example i’m torching a bridge interface. If i torch another interface source ip could become destiny ip and dst ip become src ip. I nat in another routerboard.
I don’t know if i’m clear enough.
I want to drop connections with 0bps data transfer in one way and from (or to) certain network addresses (in this case 172.16.0.0/21)

fewi · August 30, 2011, 3:37am

Yes. You cannot do that. The firewall ruleset doesn’t support the concept of a one way rate on a connection. So I’m trying to figure out alternative ways to accomplish that. I am out of ideas though. Good luck.

Chupaka · September 3, 2011, 10:15pm

actually, those are packets from your users to the Internet addresses, without an answer. if you select your LAN interface instead of P2P, src and dst addresses will be swapped, and Tx Rate will be zero

kolorasta · September 3, 2011, 10:36pm

What i want to do is to eliminate innecesary traffic in my 100% bridged network. I see traffic (via torch) from clients that are in the other point of my network and those packets shouldn’t be there.
That is why one way is X bps and the other 0 bps. 0 bps because no client with that ip is in that part of the network. So i want to block those connections to avoid innecesary traffic. I have about 1200 clients and there are lot of that kind of traffic. I DON’T WANT TO ROUTE. I want to find out a painless solution.

maximan · September 5, 2011, 5:59pm

Are you balancing?

M.

kolorasta · September 5, 2011, 6:02pm

PCC

why u ask that?