Hi all,
I have two gateways on my Mikrotik box, and I wish to route all peer-to-peer traffic out one gateway, and the rest of the traffic out the other.
I am using policy routing and mangle to mark p2p traffic. But I am not able to download using e-donkey. I have not tried downloading with any other p2p software. All other traffic seems fine.
Here are my configs:
/ ip policy-routing rule
add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 flow=p2p interface=all
action=lookup table=cox comment=“” disabled=no
add src-address=0.0.0.0/0 dst-address=0.0.0.0/0 flow=“” interface=all
action=lookup table=main comment=“” disabled=no
/ ip firewall mangle
add src-address=10.1.0.0/16 in-interface=ether2-local p2p=all-p2p
action=accept mark-flow=p2p comment=“” disabled=no
/ ip firewall src-nat
add out-interface=ether3-cox action=masquerade comment=“” disabled=no
Anybody else trying to do this??
Thanks,
Robert
I also tried this but was unable to make it work. (the way you describe)
I have had more luck making the connection I want the P2P to use the main route. Then use mangle to route web/DNS/FTP/mail traffic out the other connection. This it is a pain, due to the number of mangle rules needed to mark all the types of traffic.
Joe
In the mean time I have setup the mangle rules to mark all packets destined for tcp ports 1025-65535 and then to route these out my p2p connection. This seems to work, but it obviously gets more than just p2p traffic.
The reason of this is very simple, yet it seems that the understanding of this may has avoided many readers (and especially not readers) of the manual. The P2P connections are not marked from the first packet, but rather are determined later on during the already established connection. Once a connecting has been determined as P2P, in your configuration it changes its source IP address, which result naturally in breaking the connection (which was observed as inability to download anything with edonkey)
The solution/workaround of this is to leave all the traffic, including the P2P, on one of the gateways and explicitly route known non-P2P traffic through another gateway.