Community discussions

MikroTik App
 
shielder
Member Candidate
Member Candidate
Topic Author
Posts: 221
Joined: Wed Feb 09, 2005 7:09 pm
Location: Indonesia

P2P still goes through

Mon Sep 18, 2006 3:43 pm

Hi, i have set these rules on my network

2 chain=forward p2p=all-p2p action=mark-connection
new-connection-mark=P2P passthrough=yes

3 chain=forward connection-mark=P2P action=mark-packet
new-packet-mark=Flow-P2P passthrough=no


and filter

0 ;;; Blok P2P
chain=forward packet-mark=Flow-P2P action=drop

But i found out that my client could still use P2P from some program like morpheus and imesh. Is there any way to completely block all the P2P traffic?

Thank you. :wink:
 
User avatar
sergejs
MikroTik Support
MikroTik Support
Posts: 6621
Joined: Thu Mar 31, 2005 3:33 pm
Location: Riga, Latvia
Contact:

Mon Sep 18, 2006 3:46 pm

RouterOS doesn't detect/filter/limit all p2p protocols,
detected protocols are listed here:
http://www.mikrotik.com/docs/ros/2.9/ip/flow

Probably, firewall filter will help you, but there are not special matchers for all known p2p protocols. You can allow only specific services (HTTP, Mail, FTP, DNS, etc.) and drop all others.
 
jo2jo
Forum Veteran
Forum Veteran
Posts: 971
Joined: Fri May 26, 2006 1:25 am

Tue Sep 19, 2006 10:12 pm

eeekk..dont drop everything..i hate isps that do that...its a good solution to your problem, but if you have alot of ppl it can be trouble..

but do figure out what range the p2p is using and drop that...i've found alot of times you can just block a big chunk of ports on the few ppl / IPs that use p2p. otherwise, blocking at the main router FW i always get ppl complaing things dont work..
 
Stryker777
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jul 07, 2006 11:40 pm
Contact:

Wed Sep 20, 2006 4:37 am

You have to do your connection mark in prerouting not forward.
 
shielder
Member Candidate
Member Candidate
Topic Author
Posts: 221
Joined: Wed Feb 09, 2005 7:09 pm
Location: Indonesia

Wed Sep 20, 2006 5:16 am

Thank you for your advice. I have told my users that my internet line could not pass through P2P traffic (P2P really sucks) :lol: and they could understand why i am doing so.

For Stryker777, thank you for your advice, i shall try that.
 
Stryker777
Frequent Visitor
Frequent Visitor
Posts: 71
Joined: Fri Jul 07, 2006 11:40 pm
Contact:

Wed Sep 20, 2006 6:15 am

Any time Shielder. I do agree with jojo though. I do not block all P2P I queue it with a max upload of 512k so it can not over run my network and the priority is 8 so it is below eveyrthing. Even unknown gets a higher priority.

The point behind this is...
If you block all p2p you end up with users on port 80 and 25. While it can still be detected it gets messier, slower, and less effective. If you leave the ports open for p2p but queue it, the user does not know you are doing anything and they stay in the normal p2p ranges.
Just a thought for you. Sometimes p2p is handy also. Even microcrap uses p2p for the windblows updates. People just dont know their computer is a drone feeding updates to other users.

Good luck
 
Dryanta
newbie
Posts: 46
Joined: Mon Jan 30, 2006 7:39 pm

Thu Sep 21, 2006 9:06 am

My problem is not with the total amount of traffic, so much as it going out over the wireless links with the users acting as a server. This creates much more traffic announcing their torrents and all than just uploading or downloading by ftp, and stresses out the tiny little routerboard. This problem is only exacerbated when you have per user/per ip accounting and firewalling. My solution to my users that want to run bittorrent is to continue to disallow p2p on my wireless network and give them an option of a cheap colo or vps at my noc to do p2p sharing out of. I have no moral objection to the content, I just don't want it going over the air constantly hitting the ap and slowing down my normal occasional light usage customers.

Who is online

Users browsing this forum: fabiandr, LeoMagus, martinclaro and 68 guests