P2p limiting

berlyn · March 14, 2013, 7:39am

I will pay anyone who can help me limiting p2p on my network.
I have posted a few times for someone to help me but no one seem to be able too???

dotnet · March 14, 2013, 8:22am

yes you can limiting p2p
pls follow the rules :

/queue simple
add name=“main” target-addresses=192.168.0.0/24 max-limit=512000/512000
add name=“http” parent=main packet-marks=http max-limit=256000/256000 priority=1
add name=“p2p” parent=main packet-marks=p2p max-limit=56000/56000 priority=8
add name=“other” parent=main packet-marks=other max-limit=200000/200000 priority=5

/ip firewall mangle
add chain=prerouting protocol=tcp dst-port=80 action=mark-connection new-connection-mark=http_conn passthrough=yes
add chain=prerouting connection-mark=http_conn action=mark-packet new-packet-mark=http passthrough=no

add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p_conn passthrough=yes
add chain=prerouting connection-mark=p2p_conn action=mark-packet new-packet-mark=p2p passthrough=no

add chain=prerouting action=mark-connection new-connection-mark=other_conn passthrough=yes
add chain=prerouting connection-mark=other_conn action=mark-packet new-packet-mark=other passthrough=no

*** Pls don’t copy-paste, just use the rules ***

Best regards

berlyn · March 14, 2013, 8:41am

is this working? and what should my target address be?

dotnet · March 14, 2013, 9:23am

your user’s network address

berlyn · March 14, 2013, 9:47am

if i have 3 , 4 meg lines what should max limits be? And does this work?

dotnet · March 14, 2013, 10:09am

yes it will be work.
if your line is 1 mb
*** 1mb = 1024000
*** 2mb = 2048000
just change your requirement

/queue simple
add name=“main” target-addresses=192.168.0.0/24 max-limit=2048000/2048000

*** you can specific also your ssl connections.
/queue simple
add name=“ssl” parent=main packet-marks=htt max-limit=128000/128000 priority=3

/ip firewall mangle
add chain=prerouting protocol=tcp dst-port=443 action=mark-connection new-connection-mark=ssl_conn passthrough=yes
add chain=prerouting connection-mark=ssl_conn action=mark-packet new-packet-mark=ssl passthrough=no

**** Pls don’t copy-paste, just follow the rules ***

Best regards

berlyn · March 14, 2013, 10:39am

Thanks, should this be done every routrboard on my netwprk or only the main, and if i have 3 10 meg lines that is load balanced by linux server what should the max be for the queues.

help is appreciated

dotnet · March 14, 2013, 10:49am

already i told that 1mb = 1024000
so you will multiply your acutual bandwidth quantity.
*** just for example
50 mb = (1024000 x 50)= 51200000 (Max Limit for Main)

Now try yourself. I hope you will success …

you have to setup Bridge in your Router for Better performances.
just follow the rules

/ interface bridge
add name=“bridge1”
/ interface bridge port
add interface=WAN bridge=bridge1
add interface=LAN bridge=bridge1
/ interface bridge settings
set use-ip-firewall=yes

*** Please don’t copy-paste, just follow the rules ***

Best regards

berlyn · March 14, 2013, 11:24am

Its not working

berlyn · March 14, 2013, 5:29pm

any other ideas

ditonet · March 14, 2013, 7:18pm

There is topic about P2P blocking: http://forum.mikrotik.com/t/how-block-connection-of-p2p/18495/1

HTH,

berlyn · March 15, 2013, 5:22am

dont want to block want to limit

berlyn · March 19, 2013, 4:40pm

anyone else

dotnet · June 22, 2013, 7:13am

To configure 10k for p2p traffic.

/queue simple
add target-address=<network_address_of_your_local_network> max-limit=10k/10k p2p=all-p2p

It limits widely used p2p protocols, except encrypted p2p.

best regards

deejayq · July 1, 2013, 8:53am

the idea is to add to address-list addresses that open, let’s say, more than 4 udp connections and 8 tcp connections to ports 1024-65535
then with this address list you can do whatever you want, like mark the packets going to 1024-65535 and then use a queue to limit the speed.

jandafields · July 2, 2013, 3:14am

Most p2p is encrypted now, and on port 80. The built-in “p2p” marker is useless.