some programs like internet download manager make connections with the download server like media fire till 16 connections
that equal 16 clients make download
that is affecting badly on the network
i want here : how to control these connections
i want the internet download manager cant make more than one download connection per one client
any ideas?
You cannot tell whether a user is downloading two different files from a server, or downloading the same file via two connections.
That said, just rate limit per user based on IP addressing. What do you care if he’s filling his 1 Mbps with 2 or 2,000 connections?
i want to limit the number of download connections
i want the download programs cant make more than one download or two (as i limit) at the same time
i dont want to limit the rate
Again, you cannot tell if someone is downloading two different files from the same server (like happens when you open a web page and it has multiple images and CSS files) or the same file via two connections.
You can limit the total number of connections a user has, but limiting every user to one total connection against a unique destination IP is completely unreasonable. It would make websites load incredibly slow.
/ip firewall filter
add action=drop chain=forward comment=“2 connection exe” connection-limit=2,30
content=.exe disabled=no protocol=tcp
like this mr fewi that works well
but i want this connection limit be for all downloads not for a specific extension
is there an idea like if the size of the downloaded file is more than …
make connection limit …
ok any idea about
the port that internet download manager program use???
i want to tell mikrotik
if this program (idm) download ,make connection limit = 2 subnet = 30
any idea please help me iam in a problem
thanks in advance
any idea???
Fewi has given you the answer many times. This is not possible the way you are asking about it with a layer3 device. A router does not know or care about what application an end user is using, it does what a router does and routes traffic. The router does not know the difference of an end user downloading a web page, an ISO, an MP3, or any other kind of file over HTTP. It is all the same protocol and the same thing to a router.
Content inspection is happening at layer7 and the router is inspecting each packet that goes through it for the specific word “.exe” in your example. This means that any HTTP web page that has that string in it, the firewall rule will hit. Doing layer7 functions on a router can be very resource intensive and should be used very sparingly. Your rule will also do nothing for an encrypted page as then the packets will no longer be in plain text.
So unless you are willing to spend tens of thousands of dollars on a dedicated piece of hardware that will do layer7 deep packet inspection, applying a hard rate limit per user and/or implementing basic QoS on the router is the way to go.
In http download I also have the same confusion, not long ago I know
connection-bytes=500000-0
Can be distinguished from browse and download, and very useful, so you can try. My MSN is jq1018@live.cn,
if there are problems can send message to me, my friend.
You may want to incorporate some form at dst-limit in your match. If you want to ensure it is a download, you’ll want to be certain to include a packet-size matcher. You can find documentation for dst-limit here: http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter (the others are there, too). dst-limit is really not exactly what you are wanting, but it will give you the ability to group packets based on a pair of addresses/ports. Good luck and post your results when you are done.
can u explaine more sir? i need this to control latency of game when someone is downloading using Internet download manager. big thanks for your reply