Hello, I have been testing the 2.9.5 version of MT, I am trying to block all p2p traffic but this version does not work at all. Here is how I set it up:
0 chain=forward p2p=all-p2p action=drop
I am not sure if I am missing something here. I looked at the 2.9 manual but I could not find anything on p2p.
Also I am still having lots of problems with signal and users not connecting, I setup the 2.9.5 last night and I noticed this morning that lots of my users were not connected, I started to ping their radios and I would get timeouts, I then restarted the MT and some of the users started to connect. Still some are not. This is getting frustrating, the only reason why I want to move up to 2.9 is because I can use the burst feature with pppoe profiles. I have asked mt support to send me something on how to set it up on 2.8.28 but still no answer.
can someone help me on how to setup brust for my pppoe clients on 2.8?
That rules actually work for me on a test router I installed yesterday. I run a client for the edonkey network and this rules works. It will not drop every packets, but it will be impossible to connect and download anything.
How do you know that it’s traffic from p2p clients? I’ve set up an edonkey server and a few clients in my test network and I found out that if I drop edonkey p2p traffics, not every packets is dropped. For example UDP packets on port 4672 and some other TCP packets on port 4662 which the clients are using. However, this data is around 50 MiB after running the test in 24 hours. That is not much comparing to if I disable the drop chain and I let 3 clients upload and download with the speed of 50 kB/s i.e. 25920 MiB.
Am I the only one that does not have a problem with it?
thank you both for the input, but I still think 2.9.5 is not ready for action, I try to drop all p2p and I see no traffic being drop at all. I downloaded limewire and tested it myself and I could download music. Once I connected the 2.8.28 back I was blocked.
Another thing, do any of you can help setup burst for my pppoe clients on 2.8.28? See pppoe has profiles and I would like to set busrt limit for them. but when I use the profile I can only make limit at for download and upload.
Okey, the Gnutella network, that is a little bit more specifik information. I have not tried any such client. I may try it with my 2.9.x router and tell you about it.
With the drop rules enabled for gnutella, I could not search and download. When I disabled the rule, all downloads instantly continued and I could search. I don’t know why it does not work for you, maybe a different infrastructure. I tried this in my home with a nated connection to the internet because of that it is weekend and I do not have access to a routed network to internet. Maybe you should tell us a little bit more about your router setup.
I’m using 2.9.5 on multiple routers with no problems. That could be attributed to my experience with networks and mikrotik. I find some users on this forum who have problems with Router OS have no basic understanding of networks, or any real experience with Network Operating Systems. This isn’t Linksys SOHO grade equipment, That said…
If you are trying to use the P2P firewall option within MT RouterOS you MUST have Connection Tracking enabled. RouterOS will not drop any traffic related to P2P because it relies on Connection Tracking.
I am glad all is wotking for you, for some reason 2.9.5 is giving me lots of problems with signal and connections. I have decided to stick with 2.8.28. The problem with 2.9.X is that for some of you guys it works great and some it does not. I am not blaming anyone, I just think since we all use different equipment thats where the different problems come out.
my setup is:
AMD VIA board with 1.4ghz processor and 256ram. For ether interfaces I have divacom PCI ethernet cards and for wlan I have the mikrotik 200mw card.
Network is a simple pppoe server, only p2p blocking with set times and one profile set to have a 256k limit to the users.
I dont think its much, but 2.9.5 just gives me problems.
examples of problems are
p2p bocking “I will try what you said”
some clients radios cant even see the signal, like the hide ssid was enable, but the client next to him works fine.
You cant tell me this is an experience issue, to me this is a software issue that has not been resolved completely yet. 2.9.X is just not ready.
At this time I will stick to 2.8.28, maybe later on when I see nomore issues on the forum I will upgrade and test again.
mmmhhhhh…is p2p can be block…?
there are many p2p program that can change their port right…!
such as imesh,lime wire,etc…
but if the p2p use port 80 how to block them…?
does mikrotik have all the list of p2p program.?
The port number for the traffic does not matter. Mikrotik analyzes the packet headers to see weather or not the traffic is p2p based. Clients that change their port to 80 will still be blocked as p2p packets are marked and dropped.
What is the best method to test that P2P is being blocked?
I went through the whole firewall chain, even added the traffic monitoring…but still I have a client that has every port from 1000 - 6900…and they are all active…
Throttling only pisses him off. Let me know how I can limit the ammount of P2P traffic he can do daily or something. Thanks!!
You’re completely nuts. This way you block absolutely everythinng, including some websites that don’t use port 80. This is no “INTERNET” being delivered to the users, this is some websites only. Internet is NOT JUST WEB, people use all kindsa services on the network. Furhtermore why the hell would anybody want to drop p2p ?!? Just lower it’s priority beanath all other or something. Why be an ISP and cut off your own services to the users? You want to be half of ISP or a third of ISP ? You are trying to catch monkeys with bran??!?
actually he’s not completely nut’s, i’m agree with dannyboy that block ports r more effisiens than p2p it self (but not like the way he do ), we just need to know what kind of port r running at p2p aplication than drop it at firewall rules
each P2P program uses different ports, and the ports can change. therefore you have to filter by the P2P setting (in mangle setting p2p=all-p2p) and not by port. there are probably hundreds of P2P programs out there. I think larmaid better get a specialist to help you or visit some IP training
You’re completely nuts. This way you block absolutely everythinng, including some websites that don’t use port 80. This is no “INTERNET” being delivered to the users, this is some websites only. Internet is NOT JUST WEB, people use all kindsa services on the network. Furhtermore why the hell would anybody want to drop p2p ?!? Just lower it’s priority beanath all other or something. Why be an ISP and cut off your own services to the users? You want to be half of ISP or a third of ISP ? You are trying to catch monkeys with bran??!? 
), we just need to know what kind of port r running at p2p aplication than drop it at firewall rules