mark ip address which one use port of torrents

mxfull · December 17, 2010, 7:48pm

I put in firewall block “6881-6999” tcp port… because I think bit-torrents use that port., and someone on my network use that port.. and all p2p ports also… is there some kind of marking address which IP use that port ?.. so I can be sure who use torrents

Feklar · December 18, 2010, 1:14am

The p2p matcher in MikroTik is out of date, and really doesn’t match nearly all that is out there. You can try to do stuff with the layer7 matcher but this is extremely CPU intensive. Fighting p2p directly is basically a loosing battle, because they can always change something on the client that will throw you off until you can identify it yourself. The best practice to deal with p2p is to identify the things that you like or want (HTTP, SMTP, HTTPS, DNS, etc.) and then assume that everything else is something you don’t want. Then with queues assign the stuff you like with higher priority and more guaranteed bandwidth and everything else with a low priority.

mxfull · December 18, 2010, 2:40am

I noticed.,that cant block p2p., but, I put option in firewall just to know if anyone start use, there will be some numbers . And now, when see numbers on p2p, just need to know who is that person on my lan , so I can tell him to stop do that ..
I looked some tutorial long time ago, and they put some command in firewall ,when someone use “some” port ,that IP address will be marked in "address list " ,but dont know what to put to find torrent user
also, there can be timeout to that ip address like " 1 min disconnected " to internet ?
it passed long time when I looked all that on internet, so now I really dont know anything anymore

ok., I think I resolved first problem .,
general - forward
p2p - all p2p
Action - add src to adress list ( list -test - )
on adress list created “-test-” 0.0.0.0

and, now how to timeout from internet someone on 1 min when use torrents ? (^L^) ., or I must go to him and tell "stop using torrents we have hotfile to download " LOL

Feklar · December 18, 2010, 4:09am

You can set a timeout option on the address list, and then add in a filter rule that will drop them. If you want to document the ones that you have found, just make a duplicate rule with a different address list, one of them will have a timeout of whatever to combine with the drop rule, and the other will hold the addresses that get added to the list until you remove it yourself.

FYI, you don’t need to specify any addresses to the list once you have an action to make it. The router will handle that for you.

mxfull · December 21, 2010, 8:15am

that sound good… ill try to play with that., maybe I manage to configure that

thanks