I recently bought a level 6 license to do hotspot in a apartment complex, paid someone to setup usermanager for me and now I see that this POS 3.14 is not working properly… I am trying to do p2p blocking, I know it wont do all applications but I know for a fact that it does block limewire!!! Now I do the rule and ir does not work… any ideas???
Now I am affraid to downgrade since I have the user manager working right… You know that sometimes when you downgrade it messes everything up…
I also tried to make a support.rif and the router just gets frozen!!!
Firstly, calm down. If mikrotik really was a POS we wouldn’t be here now would we.
Secondly, for us to help we need to see how you’ve got the rule setup, post a portion of your firewall rules if you can, perhaps theres a mistake in the way and place you’ve added the rule.
Also, when you say its not blocking p2p, please explain how have you tested and confirmed this perhaps there is an issue with the way you are testing that bypasses the rule?
Lastly if it freezes when you’re trying to generate a supout.rif I would check the files on the device and ensure that you have sufficient space to create the file (leave around 4mb minimum)
You are right! I already count back from 100!! This is the way I setup the rule p2p;
ip firewall rule add chain=forward p2p=all-p2p action=drop
I have tried putting this as the first rule on the list and as the last rule on the list but for some reason its not working.
The before I updated to this version I was able to block limewire using the same rule, the only dif is that I was not using hotspot.
On the support.rif issue I have a desktop with plenty of memory and disk space, what I did was reinstall the software and its now fine.
I give access to an apartment complex of 225 units, most of this are students and I need to some how block or control bandwidth for p2p applications. I was upset yesterday because I have 25 megs connection and because I cant control p2p my 25 megs were hugged..
You can’t block all p2p, it’s impossible. Even the big ISP can’t do it. What you need to do is mark all your known traffic, http, pop3, imap, smtp, https, etc etc, and then limit or block all of the unknown traffic.
ip firewall rule add chain=forward p2p=all-p2p action=drop
The before I updated to this version I was able to block limewire using the same rule, the only dif is that I was not using hotspot.
I give access to an apartment complex of 225 units, most of this are students and I need to some how block or control bandwidth for p2p applications. I was upset yesterday because I have 25 megs connection and because I cant control p2p my 25 megs were hugged..
As noted by netrat, not all p2p can be tracked by the p2p filter as (specifically bittorrent) some allow the use of encrypted connections, which can’t easily be tracked (You’d pay in excess of $10,000 to get the hardware required to identify encrypted p2p traffic)
Best bets are either:
a) what netrat said
b) set a speed limit per user on your hotspot user profile, this way you can allow them (for example) speed like 2mb/512k with bursting up to 4mb/1mb or similar.
Thanks to both of you, I will try both suggestions… Net where can I find some examples of what you are doing? Sounds like this way I can set surfing the internet for the fastest and limit all others.
thanks,
I had the same issues with P2P but I use Zeroshell to limit p2p using L7. It is simple to use and highly effective and runs on a 2.8Ghz P4 desktop PC. I have setup P2P L7 filter to restrict p2p traffic to 64k and it works on 95% of p2p including limewire.
Hello, I did what Netrat said and at first it was working but once I rebooted my router it stppoed working. I think its doing this because I am using hotspot and I have rates set on user profiles. I noticed that if I delete all the simple queues MT creates for my users and only leave the ones that I created it works… But what good is that!!? I need to have my users bandwidth controled too but I also want to create my own simple queues. Any idea on how I can fix this…? I also seen other softwares out there that claim they control any p2p application, dont know if this is true but if its true, its MT getting lazy? they were for me the fisrt to win the battle against p2p, this is why I got the MT!! Now its imposible to use their p2p feature?
The other software is most definatley lying.. if there was a cheap way to filter all p2p including encrypted then it would be integrated into the mikrotik system.
As it stands, no there isn’t and the devices that do require large amounts of processing power to handle the traffic on the fly.