Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

How to slow down torrent?

Locked
 
User avatar
dareru
newbie
Topic Author
Posts: 39
Joined: Wed Dec 16, 2015 6:43 pm

How to slow down torrent?

Mon Feb 22, 2016 8:21 pm

I have already placed all possible torrent connection-markings in the mangle with L7, but still some of it are passing in the no-mark rule or default route. I want to completely gain control of this one. Please help me. :(
Top
 
Arcee
Member Candidate
Member Candidate
Posts: 272
Joined: Fri Jun 27, 2014 2:33 pm

Tue Feb 23, 2016 12:33 am

I would like to see the answer for this also.

I'm thinking there is no way to capture it all as users have an option to encrypt the traffic. Encrypted looks the same for all applications.

Sent from my SM-G920I using Tapatalk
Top
 
luidoltp
newbie
Posts: 31
Joined: Mon Feb 22, 2016 6:27 am
Location: Graz, Austria

Re: How to slow down torrent?

Tue Feb 23, 2016 1:06 am

Hi dareru,

I came up with the following solution. It's far from perfect but it works for me :)

I also noticed - as you said - that one only manages to mark part of the p2p traffic no matter what rules you apply. So I used a "soft" approach.

Whenever I manage to identify a connection as p2p, the source IP gets added to a list p2p_user for 5 minutes. Even if the user uses encrypted connections ... you will most likely identify one p2p connection within those 5 minutes, resetting his timeout again to 5 minutes. This means: as long as a user is file-sharing, his IP address is stuck on the list p2p_user.
Code: Select all
add action=add-src-to-address-list address-list=p2p_user \
    address-list-timeout=5m chain=forward comment=\
    "P2P Traffic - Bittorrent and others" connection-state=new out-interface=\
    br-WAN p2p=all-p2p
Then I noticed that most P2P traffic uses destination ports > 1000. So I decided ... when someone is on my p2p_user address list and he makes connections to a high port, he is probably downloading a torrent.
Code: Select all
add action=mark-connection chain=forward connection-state=new dst-port=\
    1000-65000 new-connection-mark=con_p2p out-interface=br-WAN protocol=tcp \
    src-address-list=p2p_user
add action=mark-connection chain=forward connection-state=new dst-port=\
    1000-65000 new-connection-mark=con_p2p out-interface=br-WAN protocol=udp \
    src-address-list=p2p_user
add action=mark-packet chain=forward connection-mark=con_p2p new-packet-mark=\
    mark_out_p2p out-interface=br-WAN passthrough=no src-address-list=\
    p2p_user
add action=mark-packet chain=forward connection-mark=con_p2p in-interface=\
    br-WAN new-packet-mark=mark_in_p2p passthrough=no src-address-list=\
    p2p_user
Now I have all those packets marked with mark_out_p2p and mark_in_p2p. The speed limitation can then be done quite easily using Queue-Tree or Simple Queues.

As you see, my limitation is no exact science and probably there are some connections that will be false positive. But hey, file sharing users are not my highest priority anyway :wink:

Best regards,
Lui
Top
 
jarda
Forum Guru
Forum Guru
Posts: 7756
Joined: Mon Oct 22, 2012 4:46 pm

Tue Feb 23, 2016 7:57 am

I go in the opposite way. I am sending the torrent connections by the fasttrack in order not to bother the firewall and get speedy downloads. Sorry for off-topic. Enjoy the never ending story of the user limitation.
Top
 
User avatar
docmarius
Forum Guru
Forum Guru
Posts: 1222
Joined: Sat Nov 06, 2010 12:04 pm
Location: Timisoara, Romania
Contact:
Contact docmarius

Re: How to slow down torrent?

Tue Feb 23, 2016 4:06 pm

...
Then I noticed that most P2P traffic uses destination ports > 1000. So I decided ... when someone is on my p2p_user address list and he makes connections to a high port, he is probably downloading a torrent.
...
You will notice the same if the user watches his home security system, listens to a radio station, uses shoutcast, or does a FTP download in non-passive mode. Basically everything else except web browsing, e-mail reading and remote console.
Not to talk about gaming...
I would say it is a perfect way to reduce your customer base to the networking impaired.
Top
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3007
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:
Contact chechito

Re: How to slow down torrent?

Tue Feb 23, 2016 5:48 pm

in my case i prioritize other traffic leaving other traffic with the lower priority

indirectly achieving torrent gets the lower priority

in may case i prioritize first icmp, ack, dude, dns, voip, snmp, vpns, http, http-big, mail, other tcp udp connections moving few traffic.

that leaves me with other connections moving big traffic matching all torrent traffic

i know im not identifying directly the traffic but it works

i think for specific implementation you have to identify some other important traffic to prioritize accordingly
Top
 
freemannnn
Forum Veteran
Forum Veteran
Posts: 700
Joined: Sun Oct 13, 2013 7:29 pm

Re: How to slow down torrent?

Tue Feb 23, 2016 6:50 pm

in my case i prioritize other traffic leaving other traffic with the lower priority

indirectly achieving torrent gets the lower priority

in may case i prioritize first icmp, ack, dude, dns, voip, snmp, vpns, http, http-big, mail, other tcp udp connections moving few traffic.
can u give us the code for this?
Top
 
kivimart
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Thu Oct 10, 2013 3:06 pm

Re: How to slow down torrent?

Tue Feb 23, 2016 7:00 pm

Me to would like to see those Mangles and queue three. :D
Top
 
freemannnn
Forum Veteran
Forum Veteran
Posts: 700
Joined: Sun Oct 13, 2013 7:29 pm

Re: How to slow down torrent?

Tue Feb 23, 2016 7:08 pm

lol me i would like to see these mangles rules with simples queues!
Top
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3007
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:
Contact chechito

Re: How to slow down torrent?

Tue Feb 23, 2016 8:18 pm

http://forum.mikrotik.com/viewtopic.php ... 50#p511339

tonight i will post the mangle and queue tree

the configuration is for a DOCSIS connection with real bandwidth of 11000kbps download and 2200kbps upload
Last edited by chechito on Wed Feb 24, 2016 10:11 pm, edited 1 time in total.
Top
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3007
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:
Contact chechito

Re: How to slow down torrent?

Wed Feb 24, 2016 9:57 pm

Code: Select all

/queue type

#CREATING RED QUEUES FOR OTHER BIG TRAFFIC RED WORKS BETTER TO CONTAIN BIG RUSH OF TORRENT CONNECTIONS#
add kind=red name=red_download red-avg-packet=1500 red-burst=10 red-limit=40 red-max-threshold=40
add kind=red name=red_upload red-avg-packet=1500 red-burst=5 red-limit=20 red-max-threshold=20 red-min-threshold=5

#MODIFYING DEFAULT PCQ QUEUES FOR BALANCING PER CONNECTION THIS CAN BE TUNED IF YOU WANT TO BALANCE PER IP#
set 10 pcq-classifier=src-address,src-port pcq-total-limit=50000KiB
set 11 pcq-classifier=dst-address,dst-port pcq-total-limit=50000KiB


/queue tree
add max-limit=1800k name=TOTAL_U parent=global queue=default
add max-limit=8250k name=TOTAL_D parent=global queue=default
add limit-at=1500k max-limit=1800k name=1_ACK_U packet-mark=ACK_U parent=TOTAL_U priority=1 queue=default
add limit-at=4M max-limit=8250k name=1_ACK_D packet-mark=ACK_D parent=TOTAL_D priority=1 queue=default
add limit-at=1500k max-limit=1800k name=1_DNS_U packet-mark=DNS_U parent=TOTAL_U priority=1 queue=default
add limit-at=4M max-limit=8250k name=1_DNS_D packet-mark=DNS_D parent=TOTAL_D priority=1 queue=default
add limit-at=1500k max-limit=1800k name=4_DUDE_U packet-mark=DUDE_U parent=TOTAL_U priority=4 queue=pcq-upload-default
add limit-at=4M max-limit=8250k name=4_DUDE_D packet-mark=DUDE_D parent=TOTAL_D priority=4 queue=pcq-download-default
add limit-at=1500k max-limit=1800k name=1_ICMP_U packet-mark=ICMP_U parent=TOTAL_U priority=1 queue=default
add limit-at=4M max-limit=8250k name=1_ICMP_D packet-mark=ICMP_D parent=TOTAL_D priority=1 queue=default
add limit-at=100k max-limit=1800k name=5_HTTP_U packet-mark=HTTP_U parent=TOTAL_U priority=5 queue=pcq-upload-default
add limit-at=250k max-limit=8250k name=5_HTTP_D packet-mark=HTTP_D parent=TOTAL_D priority=5 queue=pcq-download-default
add limit-at=100k max-limit=1800k name=6_HTTP_U_BIG packet-mark=HTTP_BIG_U parent=TOTAL_U priority=6 queue=pcq-upload-default
add limit-at=250k max-limit=8250k name=6_HTTP_D_BIG packet-mark=HTTP_BIG_D parent=TOTAL_D priority=6 queue=pcq-download-default
add limit-at=100k max-limit=1800k name=5_OTHER_U packet-mark=OTHER_U parent=TOTAL_U priority=5 queue=pcq-upload-default
add limit-at=250k max-limit=8250k name=5_OTHER_D packet-mark=OTHER_D parent=TOTAL_D priority=5 queue=pcq-download-default
add limit-at=4M max-limit=8250k name=4_IPSEC_D packet-mark=IPSEC_D parent=TOTAL_D priority=4 queue=pcq-download-default
add limit-at=1500k max-limit=1800k name=4_IPSEC_U packet-mark=IPSEC_U parent=TOTAL_U priority=4 queue=pcq-upload-default
add limit-at=4M max-limit=8250k name=2_VOIP_D packet-mark=VOIP_D parent=TOTAL_D priority=2 queue=default
add limit-at=1500k max-limit=1800k name=2_VOIP_U packet-mark=VOIP_U parent=TOTAL_U priority=2 queue=default
add limit-at=250k max-limit=8250k name=6_MAIL_D packet-mark=MAIL_D parent=TOTAL_D priority=6 queue=pcq-download-default
add limit-at=100k max-limit=1800k name=6_MAIL_U packet-mark=MAIL_U parent=TOTAL_U priority=6 queue=pcq-upload-default
add limit-at=100k max-limit=1800k name=7_OTHER_BIG_U packet-mark=OTHER_BIG_U parent=TOTAL_U priority=7 queue=red_upload
add limit-at=250k max-limit=8250k name=7_OTHER_D_BIG packet-mark=OTHER_BIG_D parent=TOTAL_D priority=7 queue=red_download
add limit-at=250k max-limit=8250k name=4_RDP_D packet-mark=RDP_D parent=TOTAL_D priority=4 queue=pcq-download-default
add limit-at=100k max-limit=1800k name=4_RDP_U packet-mark=RDP_U parent=TOTAL_U priority=4 queue=pcq-upload-default



/ip firewall mangle

#LAYER 2 PRIORITY MARKING FOR SOME LAYER 3 MARKED TRAFFIC#
add action=set-priority chain=postrouting comment="dscp 46" dscp=46 new-priority=6
add action=set-priority chain=postrouting comment="dscp 48" dscp=48 new-priority=6

#MARKING INTERNAL TUNNELS AND INTERNAL VPNS TRAFFIC TO AVOID DOUBLE QUEUING THIS TRAFFIC WILL BE NOT QUEUED# 
add action=mark-connection chain=postrouting comment=TUNELS dst-address=192.168.0.0/16 new-connection-mark=VPN out-interface=ether5 passthrough=no
add action=mark-connection chain=postrouting dst-address=192.168.0.0/16 new-connection-mark=VPN out-interface=ipip-tunnel-1 passthrough=no
add action=mark-connection chain=forward dst-address=192.168.0.0/16 new-connection-mark=VPN out-interface=ether5 passthrough=no
add action=mark-connection chain=forward dst-address=192.168.0.0/16 new-connection-mark=VPN out-interface=ipip-tunnel-1 passthrough=no
add action=mark-connection chain=output dst-address=192.168.0.0/16 new-connection-mark=VPN out-interface=ether5 passthrough=no
add action=mark-connection chain=output dst-address=192.168.0.0/16 new-connection-mark=VPN out-interface=ipip-tunnel-1 passthrough=no
add action=mark-connection chain=postrouting new-connection-mark=VPN out-interface=ether5 passthrough=no protocol=ipencap
add action=mark-connection chain=forward new-connection-mark=VPN out-interface=ether5 passthrough=no protocol=ipencap
add action=mark-connection chain=output new-connection-mark=VPN out-interface=ether5 passthrough=no protocol=ipencap
add action=mark-connection chain=prerouting in-interface=ether5 new-connection-mark=VPN passthrough=no src-address=192.168.0.0/16
add action=mark-connection chain=prerouting in-interface=ipip-tunnel-1 new-connection-mark=VPN passthrough=no src-address=192.168.0.0/16
add action=mark-connection chain=forward in-interface=ether5 new-connection-mark=VPN passthrough=no src-address=192.168.0.0/16
add action=mark-connection chain=forward in-interface=ipip-tunnel-1 new-connection-mark=VPN passthrough=no src-address=192.168.0.0/16
add action=mark-connection chain=input in-interface=ether5 new-connection-mark=VPN passthrough=no src-address=192.168.0.0/16
add action=mark-connection chain=input in-interface=ipip-tunnel-1 new-connection-mark=VPN passthrough=no src-address=192.168.0.0/16
add action=mark-connection chain=forward in-interface=ether5 new-connection-mark=VPN passthrough=no protocol=ipencap
add action=mark-connection chain=prerouting in-interface=ether5 new-connection-mark=VPN passthrough=no protocol=ipencap
add action=mark-connection chain=input in-interface=ether5 new-connection-mark=VPN passthrough=no protocol=ipencap

#MARKING DNS TRAFFIC#
add action=mark-connection chain=output comment=DNS connection-mark=no-mark connection-state=new new-connection-mark=DNS out-interface=ether5 passthrough=no port=53 protocol=udp
add action=mark-connection chain=postrouting connection-mark=no-mark connection-state=new new-connection-mark=DNS out-interface=ether5 passthrough=no port=53 protocol=udp
add action=mark-connection chain=input connection-state=new in-interface=ether5 new-connection-mark=DNS passthrough=no port=53 protocol=udp
add action=set-priority chain=postrouting connection-mark=DNS new-priority=6
add action=change-dscp chain=postrouting connection-mark=DNS new-dscp=48
add action=mark-packet chain=postrouting connection-mark=DNS new-packet-mark=DNS_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=DNS in-interface=ether5 new-packet-mark=DNS_D passthrough=no

#MARKING ICMP TRAFFIC#
add action=mark-connection chain=postrouting comment=ICMP connection-state=new new-connection-mark=ICMP passthrough=no protocol=icmp
add action=mark-connection chain=prerouting connection-state=new new-connection-mark=ICMP passthrough=no protocol=icmp
add action=change-dscp chain=postrouting connection-mark=ICMP new-dscp=48
add action=set-priority chain=postrouting connection-mark=ICMP new-priority=6
add action=change-dscp chain=output connection-mark=ICMP new-dscp=48
add action=set-priority chain=output connection-mark=ICMP new-priority=6
add action=mark-packet chain=postrouting connection-mark=ICMP new-packet-mark=ICMP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=ICMP new-packet-mark=ICMP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=ICMP new-packet-mark=ICMP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=ICMP in-interface=ether5 new-packet-mark=ICMP_D passthrough=no
add action=mark-packet chain=forward connection-mark=ICMP in-interface=ether5 new-packet-mark=ICMP_D passthrough=no
add action=mark-packet chain=input connection-mark=ICMP in-interface=ether5 new-packet-mark=ICMP_D passthrough=no

#MARKING TCP ACK TRAFFIC#
add action=change-dscp chain=postrouting comment=ACK new-dscp=48 packet-size=0-123 protocol=tcp tcp-flags=ack
add action=set-priority chain=postrouting new-priority=6 packet-size=0-123 protocol=tcp tcp-flags=ack
add action=mark-packet chain=postrouting new-packet-mark=ACK_U out-interface=ether5 packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=forward new-packet-mark=ACK_U out-interface=ether5 packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=output new-packet-mark=ACK_U out-interface=ether5 packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=prerouting in-interface=ether5 new-packet-mark=ACK_D packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=forward in-interface=ether5 new-packet-mark=ACK_D packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack
add action=mark-packet chain=input in-interface=ether5 new-packet-mark=ACK_D packet-size=0-123 passthrough=no protocol=tcp tcp-flags=ack

#MARKING HTTP TRAFFIC#
add action=mark-connection chain=prerouting comment=HTTP connection-mark=!HTTP_BIG connection-state=new dst-port=80,443,8080,554,8000,81,444,8409 new-connection-mark=HTTP protocol=tcp
add action=mark-connection chain=prerouting connection-mark=!HTTP_BIG connection-state=new dst-port=80,443,8080,554,8000,81,444,8409 new-connection-mark=HTTP protocol=udp
add action=mark-connection chain=prerouting connection-bytes=2000000-0 connection-mark=HTTP new-connection-mark=HTTP_BIG passthrough=no protocol=tcp
add action=mark-connection chain=postrouting connection-bytes=2000000-0 connection-mark=HTTP new-connection-mark=HTTP_BIG passthrough=no protocol=tcp
add action=mark-connection chain=prerouting connection-bytes=2000000-0 connection-mark=HTTP new-connection-mark=HTTP_BIG passthrough=no protocol=udp
add action=mark-connection chain=postrouting connection-bytes=2000000-0 connection-mark=HTTP new-connection-mark=HTTP_BIG passthrough=no protocol=udp
add action=mark-packet chain=postrouting connection-mark=HTTP_BIG new-packet-mark=HTTP_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=HTTP_BIG new-packet-mark=HTTP_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=HTTP_BIG new-packet-mark=HTTP_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=HTTP_BIG in-interface=ether5 new-packet-mark=HTTP_BIG_D passthrough=no
add action=mark-packet chain=forward connection-mark=HTTP_BIG in-interface=ether5 new-packet-mark=HTTP_BIG_D passthrough=no
add action=mark-packet chain=input connection-mark=HTTP_BIG in-interface=ether5 new-packet-mark=HTTP_BIG_D passthrough=no
add action=mark-packet chain=postrouting connection-mark=HTTP new-packet-mark=HTTP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=HTTP new-packet-mark=HTTP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=HTTP new-packet-mark=HTTP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=HTTP in-interface=ether5 new-packet-mark=HTTP_D passthrough=no
add action=mark-packet chain=forward connection-mark=HTTP in-interface=ether5 new-packet-mark=HTTP_D passthrough=no
add action=mark-packet chain=input connection-mark=HTTP in-interface=ether5 new-packet-mark=HTTP_D passthrough=no

#MARKING DUDE WINBOX AND OTHER NETWORK MANAGEMENT TRAFFIC#
add action=mark-connection chain=prerouting comment=DUDE connection-state=new dst-port=2210,8291,10008,22,23,222 new-connection-mark=DUDE passthrough=no protocol=tcp
add action=mark-packet chain=postrouting connection-mark=DUDE new-packet-mark=DUDE_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=DUDE new-packet-mark=DUDE_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=DUDE new-packet-mark=DUDE_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=DUDE in-interface=ether5 new-packet-mark=DUDE_D passthrough=no
add action=mark-packet chain=forward connection-mark=DUDE in-interface=ether5 new-packet-mark=DUDE_D passthrough=no
add action=mark-packet chain=input connection-mark=DUDE in-interface=ether5 new-packet-mark=DUDE_D passthrough=no

#MARKING RDP TRAFFIC#
add action=mark-connection chain=prerouting comment=RDP connection-state=new dst-port=3389 new-connection-mark=RDP passthrough=no protocol=tcp
add action=mark-packet chain=postrouting connection-mark=RDP new-packet-mark=RDP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=RDP new-packet-mark=RDP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=RDP new-packet-mark=RDP_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=RDP in-interface=ether5 new-packet-mark=RDP_D passthrough=no
add action=mark-packet chain=forward connection-mark=RDP in-interface=ether5 new-packet-mark=RDP_D passthrough=no
add action=mark-packet chain=input connection-mark=RDP in-interface=ether5 new-packet-mark=RDP_D passthrough=no

#MARKING MAIL TRAFFIC#
add action=mark-connection chain=prerouting comment=MAIL connection-state=new dst-port=25,110,143,465,585,993,995 new-connection-mark=MAIL passthrough=no protocol=tcp
add action=mark-packet chain=postrouting connection-mark=MAIL new-packet-mark=MAIL_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=MAIL new-packet-mark=MAIL_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=MAIL new-packet-mark=MAIL_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=MAIL in-interface=ether5 new-packet-mark=MAIL_D passthrough=no
add action=mark-packet chain=forward connection-mark=MAIL in-interface=ether5 new-packet-mark=MAIL_D passthrough=no
add action=mark-packet chain=input connection-mark=MAIL in-interface=ether5 new-packet-mark=MAIL_D passthrough=no

#MARKING IPSEC (VPN) AFTER ENCAPSULATION TRAFFIC TO DO MARKING TAKING IN COUNT ENCAPSULATION OVERHEAD#
add action=mark-connection chain=prerouting comment=IPSEC connection-state=new new-connection-mark=IPSEC passthrough=no protocol=ipsec-esp
add action=mark-connection chain=postrouting connection-state=new new-connection-mark=IPSEC passthrough=no protocol=ipsec-esp
add action=mark-connection chain=forward connection-state=new new-connection-mark=IPSEC passthrough=no protocol=ipsec-esp
add action=mark-connection chain=input connection-state=new new-connection-mark=IPSEC passthrough=no protocol=ipsec-esp
add action=mark-connection chain=output connection-state=new new-connection-mark=IPSEC passthrough=no protocol=ipsec-esp
add action=mark-connection chain=prerouting connection-state=new dst-port=500,4500 new-connection-mark=IPSEC passthrough=no protocol=udp
add action=mark-connection chain=postrouting connection-state=new dst-port=500,4500 new-connection-mark=IPSEC passthrough=no protocol=udp
add action=mark-connection chain=forward connection-state=new dst-port=500,4500 new-connection-mark=IPSEC passthrough=no protocol=udp
add action=mark-connection chain=input connection-state=new dst-port=500,4500 new-connection-mark=IPSEC passthrough=no protocol=udp
add action=mark-connection chain=output connection-state=new dst-port=500,4500 new-connection-mark=IPSEC passthrough=no protocol=udp
add action=mark-packet chain=postrouting connection-mark=IPSEC new-packet-mark=IPSEC_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=IPSEC new-packet-mark=IPSEC_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=IPSEC new-packet-mark=IPSEC_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=IPSEC in-interface=ether5 new-packet-mark=IPSEC_D passthrough=no
add action=mark-packet chain=forward connection-mark=IPSEC in-interface=ether5 new-packet-mark=IPSEC_D passthrough=no
add action=mark-packet chain=input connection-mark=IPSEC in-interface=ether5 new-packet-mark=IPSEC_D passthrough=no

#MARKING VOIP AND VOIP LIKE TRAFFIC#
add action=mark-connection chain=prerouting comment=VOIP connection-mark=no-mark connection-rate=0-250k new-connection-mark=VOIP passthrough=no protocol=udp
add action=mark-packet chain=postrouting connection-mark=VOIP new-packet-mark=VOIP_U out-interface=ether5 packet-size=0-260
add action=mark-packet chain=forward connection-mark=VOIP new-packet-mark=VOIP_U out-interface=ether5 packet-size=0-260 passthrough=no
add action=mark-packet chain=output connection-mark=VOIP new-packet-mark=VOIP_U out-interface=ether5 packet-size=0-260 passthrough=no
add action=change-dscp chain=postrouting new-dscp=48 packet-mark=VOIP_U
add action=set-priority chain=postrouting new-priority=6 packet-mark=VOIP_U passthrough=no
add action=mark-packet chain=prerouting connection-mark=VOIP in-interface=ether5 new-packet-mark=VOIP_D packet-size=0-260 passthrough=no
add action=mark-packet chain=forward connection-mark=VOIP in-interface=ether5 new-packet-mark=VOIP_D packet-size=0-260 passthrough=no
add action=mark-packet chain=input connection-mark=VOIP in-interface=ether5 new-packet-mark=VOIP_D packet-size=0-260 passthrough=no
add action=change-dscp chain=postrouting new-dscp=48 packet-mark=VOIP_D
add action=set-priority chain=postrouting new-priority=6 packet-mark=VOIP_D passthrough=no

#MARKING NO VOIP UDP TRAFFIC#
add action=mark-packet chain=postrouting comment="NO VOIP" connection-mark=VOIP new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=VOIP new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=VOIP new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=VOIP in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no
add action=mark-packet chain=forward connection-mark=VOIP in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no
add action=mark-packet chain=input connection-mark=VOIP in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no

#MARKING OTHER TCP TRAFFIC#
add action=mark-connection chain=prerouting comment="OTHER TCP" connection-mark=!OTHER_BIG connection-state=new dst-port=!80,443,8080,554,8000,81,444,8409,10008 new-connection-mark=OTHER protocol=tcp
add action=mark-connection chain=prerouting connection-bytes=1000000-0 connection-mark=OTHER dst-port=!80,443,8080,554,8000,81,444,8409,10008 new-connection-mark=OTHER_BIG passthrough=no protocol=tcp
add action=mark-packet chain=postrouting connection-mark=OTHER new-packet-mark=OTHER_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=OTHER new-packet-mark=OTHER_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=OTHER new-packet-mark=OTHER_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=OTHER in-interface=ether5 new-packet-mark=OTHER_D passthrough=no
add action=mark-packet chain=forward connection-mark=OTHER in-interface=ether5 new-packet-mark=OTHER_D passthrough=no
add action=mark-packet chain=input connection-mark=OTHER in-interface=ether5 new-packet-mark=OTHER_D passthrough=no

#MARKING OTHER TRAFFIC BIG CONNECTIONS#
add action=mark-packet chain=postrouting connection-mark=OTHER_BIG new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=forward connection-mark=OTHER_BIG new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=output connection-mark=OTHER_BIG new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting connection-mark=OTHER_BIG in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no
add action=mark-packet chain=forward connection-mark=OTHER_BIG in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no
add action=mark-packet chain=input connection-mark=OTHER_BIG in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no
add action=mark-packet chain=postrouting new-packet-mark=OTHER_BIG_U out-interface=ether5 packet-mark=no-mark passthrough=no
add action=mark-packet chain=forward new-packet-mark=OTHER_BIG_U out-interface=ether5 packet-mark=no-mark passthrough=no
add action=mark-packet chain=output new-packet-mark=OTHER_BIG_U out-interface=ether5 packet-mark=no-mark passthrough=no
add action=mark-packet chain=postrouting new-packet-mark=OTHER_BIG_U out-interface=ether5 passthrough=no
add action=mark-packet chain=prerouting in-interface=ether5 new-packet-mark=OTHER_BIG_D packet-mark=no-mark passthrough=no
add action=mark-packet chain=forward in-interface=ether5 new-packet-mark=OTHER_BIG_D packet-mark=no-mark passthrough=no
add action=mark-packet chain=input in-interface=ether5 new-packet-mark=OTHER_BIG_D packet-mark=no-mark passthrough=no
add action=mark-packet chain=prerouting in-interface=ether5 new-packet-mark=OTHER_BIG_D passthrough=no
Top
 
User avatar
chechito
Forum Guru
Forum Guru
Posts: 3007
Joined: Sun Aug 24, 2014 3:14 am
Location: Bogota Colombia
Contact:
Contact chechito

Re: How to slow down torrent?

Sat Mar 05, 2016 2:26 am

i have updated the first line of VOIP traffic rules changing connection rate from 25k to 250k
Top
Locked

Who is online

Users browsing this forum: almdandi, Innoce, trmns and 67 guests
  4. RouterOS
  5. Beginner Basics