how to block p2p

zain · June 26, 2010, 6:45pm

hi guys if i use this command do i tend to block p2p for all users

ip firewall filter add chain=forward p2p=all-p2p action=drop

and is it possible to give certian users access to p2p?

please advise

regards

zain

thanks in advance

fewi · June 26, 2010, 7:27pm

Accept traffic for/from those users before that drop rule.

zain · June 26, 2010, 7:36pm

what do you mean by that am not good at mikrotik could you ssh in and see how to go round it ?

fewi · June 26, 2010, 8:29pm

ip firewall filter 
add chain=forward src-address=192.168.1.100 action=accept
add chain=forward dst-address=192.168.1.100 action=accept
add chain=forward p2p=all-p2p action=drop

The firewall will stop looking once a packet matches a rule (unless passthrough=yes is set). So with the above, any traffic from and to 192.168.1.100 will be accepted before the packet hits the p2p filter further down.

zain · June 26, 2010, 8:52pm

ok thanks for the help i wil juz get some to physical explain it to me i will understand better thanks alot

zain · June 27, 2010, 5:29pm

please advise which address do i put their the public ip or the dhcp gateway?

fewi · June 27, 2010, 6:06pm

The real IP of the client. I don’t understand how the DHCP gateway would play into this.

zain · June 27, 2010, 9:09pm

Well i have a routerboard rb750g eth1 has internet pumping into it with its public ips then i have made a dhcp linking to eth2 to eth5 giving my ap’s dhcp to clients now i want to block all dhcp released to clients to not download any p2p accept from browse msn and direct download and i just want one anntenna of mine which is mine to bypass the p2p and download torrents.

please advise

or add me on skype zainmw91

or google n1ghtwalk3r786@googlemail.com if their is onther messenger you have please let me know i could give you my id mayb you can ssh through the public ip and check it out thanks.

zain · June 27, 2010, 9:10pm

Well i have a routerboard rb750g eth1 has internet pumping into it with its public ips then i have made a dhcp linking to eth2 to eth5 giving my ap’s dhcp to clients now i want to block all dhcp released to clients to not download any p2p accept from browse msn and direct download and i just want one anntenna of mine which is mine to bypass the p2p and download torrents.

please advise

or add me on skype zainmw91

or google n1ghtwalk3r786@googlemail.com if their is onther messenger you have please let me know i could give you my id mayb you can ssh through the public ip and check it out thanks.

fewi · June 27, 2010, 9:39pm

Like I said, use the real IP. Whatever IP is configured on the device itself is the IP you should refer to in the firewall rule.

zain · June 27, 2010, 9:54pm

so you mean the internet ip right? like my ip and the internet gateway ip like example 45.331.99.209 255.255.255.0 45.331.99.208 so
ip firewall filter
one firewall rule:-different
add chain=forward src-address=45.331.99.209 action=accept
add chain=forward dst-address=45.331.99.208 action=accept

Seperate firewall:- if am right different
add chain=forward p2p=all-p2p action=drop

its like making two firewalls one with the src and dst and then one juz to block p2p and all users going to the net should be blocked then to unblock myself i just make a new firewall put my dhcp ip 192.168.88.5 as src and dst 192.168.88.1 which is my gate way and accept all and accept p2p right?

please advise

fewi · June 27, 2010, 11:18pm

Scenario: you want to block all P2P except for traffic from a computer that has 192.168.88.5 as its IP address.

/ip firewall filter
add chain=forward action=accept src-address=192.168.88.5
add chain=forward action=accept dst-address=192.168.88.5
add chain=forward action=drop p2p=all-p2p

I don’t know how to explain this any more clearly.

zain · June 27, 2010, 11:29pm

understood that sir sorry am abit slow at catching the scenrio you gave was to enable the certian computer to be allowed to get p2p but first i need to block all clients from using p2p which i havent done and need your assitance in how to do it.

please advise

i have allrdi added a firewall for 192.168.88.5 to access p2p the one you gave me now i wana block the rest from using p2p so they don t slow down my network.

fewi · June 28, 2010, 12:32am

The last line does that.

zain · June 28, 2010, 7:00pm

ok but i have onther issue now my internet works fine for all day till 2-3 am in the moring and the rb750g just off’s its self then i have to go remove the internet cable which goes to the eth1 and it goes back on then i have to wait for all links to be stable and re-put the internet link it works for couple of hours and goes back off i have tried two different rb750g’s and it does the same issue? any suggestion why

fewi · June 28, 2010, 7:08pm

Turn on debug logging and look what the logs say.

zain · June 28, 2010, 8:22pm

well the logging is enabled please guide on how to enable debugg logging when i check the logging in the next moring their’s no logs.

fewi · June 28, 2010, 8:28pm

http://wiki.mikrotik.com/wiki/Manual:System/Log
Enable the ‘debug’ topic and put it into a file so that it doesn’t get emptied out in case the router reboots.

http://wiki.mikrotik.com/wiki/Manual:System/Watchdog
You can also enable the software watchdog and have it automatically create supouts on crash that you can then send to support.

zain · June 28, 2010, 8:36pm

thanks man i will read it and get back to you

zain · June 28, 2010, 9:05pm

this is what i have done please advise by click on the image links