P2P to Default Gateway

RouterOS General
1

Hi all,
currently I’m identifying P2P by means of mangle on all other type of traffic (ports < 1024), that is mangle as “known”. All other type of traffic is mangled unknown (with both connection and packet mark) and routed on default gateway. I would like to add also a “unknown” mark routing to this type of traffic, so I can route it to other routers different from default gateway:

p2p —>mark connection(unknown)—>mark packet(unknown)---->mark routing(unknown)

P2P traffic shares a simple queue.

Mark routing rule is matched on firewall/mangle, but traffic does not enter into simple queue…

Any advice?

Rgds

2

The idea is fine but implementation is not.

Get a list of the regular ports used and allow those and mark the rest.

1863 - msn msngr
1701 - VPN
3389 - rdc
5000-1 - yahoo voice
5050 - yahoo mnsgr
5100 - yahoo webcam
5190- aol
6112 - gaming
6665-6669 IRC
6891-6900 - msn msngr file transfer
6901- msn msngr voice
8080- common http
11999 - yahoo games
28800-29100- msn gaming

There will be other custom ports which you will need to remove.
This is how i have done it to, you could also mark unneeded ports from 0 to 1024 also.


Cheers
Kev

3

Yes,
but there are many other ports needed (msn video, custom VPN, …).
Actually the system is working pretty good: all P2P is routed to default gateway where it is queued and all other traffic (known) is directed to other connections. The only problem I have is that I’m not able to apply a mark routing to unknown traffic (p2p) and route this to a dedicated route (not default gateway).

4

Yes, this is a problem. It’s been written about here in forum, and the only thing one can do for p2p to keep working is NOT to mark routing - just leave it to “go” thru your DEFAULT gateway…

So, lets say, you have two links, “main” link that you pay for really much and “aux” (some adsl line) that is cheap(er).. Make ADSL default gateway, and then mark route all other (important) trafic thru the MAIN link… I’ve been doing that last night - it works … still have some ports to “catch” so voice, video and some other stuff go thru “main” link too :slight_smile:

Good luck,
Dejan

5

HI jdejansb,
it seems that I’ve solve the problem, may be this might be useful to others… :sunglasses:

I’ve simply applied a mark routing (unknown) to all unknown traffic, as described in my post. The mikstake was that mark routing needs IP address to work, so I’ve done an address list (PPPoE users) where are stored all subnets that I use for customers and apply a mark routing to all unknown traffic (mark connection != known) whose source IP address belongs to address list “PPPoE users”.

Now it works, so I can use a gateway for p2p traffic different from Default Gateway

Unknown Traffic

chain=prerouting action=mark-routing new-routing-mark=unknown
passthrough=no connection-mark=!known src-address-list=PPPoE_users

Rgds

6

WOW!!!

This would be great if works… I will try to find some time tonight and test :slight_smile:

(I am having BIG problems since I changed default gateway … on-line games work very bad, FTP is working sometimes :open_mouth:, etc…)

Dejan!

7

It takes a few packets to recognise P2P , so if you try and mark it and send it any other way , it won’t perform so well

8

well… guess that’s right. And what if we send ALL packets other then some known to specific gateway??? huh… keep trying :confused:

Dejan.

9

I’m using it in last four days, and it seems ok… :slight_smile:
Now my DG does not receive P2P any more

Rgds

10

I’m starting to think that I’m stupido :open_mouth: When I do as you suggested, p2p traffic really does not go thru default gateway … but, also, it goes nowhere :laughing: (not working)…

What am I missing? Does address have to be in a address list or could I just put 10.10.0.0/16 ?? (pppoe users get 10.10.10.xxx, 11.xxx, 12.xxx and 14.xxx)??

Dejan

11

Did you use a connection mark in your Unknown traffic mark routing rule?

Unknown Traffic

chain=prerouting action=mark-routing new-routing-mark=unknown
passthrough=no connection-mark=!known src-address-list=PPPoE_users

If your PPPoE address are
10.10.0.0/16
10.11.0.0/16
10.12.0.0/16
10.14.0.0/16
then you need to add all the above networks into PPPoE address list or the whole subnet 10.0.0.0/8. Did you remove the “Passthrough” from mark routing mangle?
Try with a single IP as test (e.g. the one on your PC) and check if mangle rule is matched:

Unknown Traffic

chain=prerouting action=mark-routing new-routing-mark=unknown
passthrough=no connection-mark=!known src-address-list=

12

… I had some problems with WiFi - didn’t have time for p2p :frowning: But, I’ll try in next few days to make it work … (I have to mark ALL the “stuff” that my clients use before sending “!known” to non-default gateway :slight_smile:)

Regards,
Dejan

13

it looks like WORKING!!!

Nevertheless - I MANGLEd almost all known nonp2p traffic and ACCEPTed it (when someone complains I look for ports his app. is using and add it to mangle/accept), and whatever left I MARKed connection, packet, and MARKed ROUTING :slight_smile:

p2p goes thru cheep line, and the rest of trafic is on my primary line :open_mouth: :smiley:

Regards,
Dejan

14

I’m glad it helps…
Rgds,
Carlo