Hello.
We have 3 High speed lines, and currently we are blocking P2P on RB600a V3.10, but since we have installed a 3rd line would would like to open p2p to our customers.
Currently we are using the /ip firewall rule all p2p drop.
Is there any way to redirectl all p2p traffic to a specific gateway setup in the firewall rule? Tired using the output interface option but still went though the wrong route?
Can someone give me a pointer on what i am missing.
Thanks
Darren
no. p2p traffic is detected after connection was already established. so you cannot redirect it to another interface
You can do this using layer 7 to mark, mangle, then route.
I would like to try it, is there any links you know of to be able to show me how to do this? Had a quick look at the Wiki, but just about to go up a mountain installing.
Any advice would be very gratefully received.
Regards
Darren
It is really unchartered waters. There is an article in the wiki about setting traffic priority in the wiki using layer 7. You can start there and see where it takes you.
Thank you
I have done it this way:
/ip firewall mangle add p2p=all-p2p action=mark-routing packet-mark=p2ppacketmark
Then I setup a static route to route the P2P in whichever direction.
I also have a dedicated P2P line using “cheaper” bandwidth to help save costs, but more importantly, give higher throughput to other traffic.
I’m 100% certain that at least 98% of all P2P is picked up and routed the correct way in my network. There are however the odd packet which will slip through, but the same apply for your previous “block all p2p” rule.
hope it helps!
Actually the traditional P2P rules pick up less than 40% of P2P traffic (TCP) and pick up no UDP P2P traffic. Layer 7 is the only way to effectively control P2P.
That is rather interesting…
I’m actively monitoring users I know use ShareAZA and other edonkey etc applications. I have never picked up any loose traffic (ie random ports) on my higher priority lines. On the other hand, as a fail safe, I do block P2P on the higher dedicated lines. (I have a MT on each incoming line connected to a main CORE router where P2P is routed away).
I have added the L7 lists I found on the wiki, but I mainly use it to route VoIP, Skype and other higher priority traffic, have not tried it for P2P yet, as I didn’t have to.
I recommend to my clients to rather use torrent sites, and for that to work I have to forward them a static port. This gives me better control over that aspect. We charge per GB, so in actual fact the more GB’s I can sell, the better! 
I was always under the impression that the built-in P2P filter does make use of L7 protocols, just put in a easier place with less options. I was actually looking for info on it before but couldn’t find definate answers, and as it worked for me, I never reinvestigated it.
Thanks for the tip, will get into that again when I have some time!
You can not use layer7 for routing, because you can’t re routing an estableshied conection AND layer7 work with flow on estableshied conection.
M.