simple queue for limiting p2p

RouterOS General
1

Hi,

I tried to make some rules for limiting p2p,http,and other protocols,and i messed up all.
Now i want only to limit p2p in the simpliest way:
i added simple queue
set target upload and download to 256k
P2P=all p2p
interface=interface where accepting pppoe and pptp connections

i didn’t set target address,queue type,packet mark,parent,dst address…because i don’t know what to put there :slight_smile:

…and it is not working :frowning: not limiting nothing :frowning:

so i need someone to write me how to limit p2p and what i doing wrong in this setting.

thanks!

2

There is quite a few ways of doing this. Hit up a MT Consultant. MT has a list here http://www.mikrotik.com/consultants.html..

3

P2P can create alot of connections. I’m not a big fan of allowing any P2P because of this on a wireless network. Also what version of router OS are you running?

4

Here’s the approach that I learned….

  1. mark the P2P connection in pre-routing
  2. mark the P2P packets in pre-routing.
  3. set up a simple queue to limit the flow of those packets….


    / ip firewall mangle
    add chain=prerouting p2p=all-p2p action=mark-connection new-connection-mark=p2p-conn passthrough=yes
    comment=“Mark p2p connections” disabled=no
    add chain=prerouting connection-mark=p2p-conn action=mark-packet new-packet-mark=P2P passthrough=no
    comment=“Mark Packets as P2P” disabled=no

Then, set up a queue (in the #1 position of all your simple queue’s) to limit the packets with the P2P packet mark.


However, as I understand it there are work arounds that P2P users can employ to avoid these efforts….


Then separately you can also limit the total number of connections that each user is allowed to sustain.

5

I’m using routeros 2.9.27, how can i limit p2p connections by user?

6

First…. I would advise upgrading to 2.9.51


/ ip firewall mangle
add chain=forward protocol=tcp connection-limit=130,32 action=log
log-prefix=“Ex-Con” comment=“Log and add-src-addr Too Many Connections” disabled=no

add chain=forward protocol=tcp connection-limit=130,32
action=add-src-to-address-list address-list= Ex-Connections address-list-timeout=20s comment=“”
disabled=no

—And you would need to add a forward chain firewall rule in the appropriate rule order to drop the attempts to create new connections:

add chain=forward src-address-list=Ex-Connections action=drop comment=“Drop too many connections list” disabled=no

7






Thanks a lot to everyone,

This p2p is killing my wireless network!

\

  1. Can i somehow make some rule on mikrotik that will do the following thing:
    let’s say i want only 2 mbps of the entire network to go to p2p,and the rest to other protocols?
  2. [admin@concentrator] > queue simple add name=“user” interface=pppoe-nick packe
    t-marks=p2p limit-at=64/64 disabled=no

i use this queue to limit p2p by username,but when that user reconnect, queue for that user say: “interface=all not pppoe-username” and i always must create new queue for that user to limit his/her p2p traffic again and again…Can i somehow bind limit to dynamic queues?
all my queues are dynamic assigned by radius server on linux expect p2p filter.
i don’t know what i’m doing wrong?
Thanks!

8

I’m using routeros 2.9.27

Upgrade your ROS, stop using an illegal copy.