Community discussions

MikroTik App
 
heleopless
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Mon Jan 03, 2011 3:03 pm

problem : how to control connections for one download?

Sun Jan 23, 2011 3:28 pm

some programs like internet download manager make connections with the download server like media fire till 16 connections
that equal 16 clients make download
that is affecting badly on the network

i want here : how to control these connections
i want the internet download manager cant make more than one download connection per one client

any ideas?
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: problem : how to control connections for one download?

Sun Jan 23, 2011 5:29 pm

You cannot tell whether a user is downloading two different files from a server, or downloading the same file via two connections.

That said, just rate limit per user based on IP addressing. What do you care if he's filling his 1 Mbps with 2 or 2,000 connections?
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
heleopless
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Mon Jan 03, 2011 3:03 pm

Re: problem : how to control connections for one download?

Sun Jan 23, 2011 10:22 pm

i want to limit the number of download connections

i want the download programs cant make more than one download or two (as i limit) at the same time
i dont want to limit the rate
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am

Re: problem : how to control connections for one download?

Sun Jan 23, 2011 10:29 pm

Again, you cannot tell if someone is downloading two different files from the same server (like happens when you open a web page and it has multiple images and CSS files) or the same file via two connections.

You can limit the total number of connections a user has, but limiting every user to one total connection against a unique destination IP is completely unreasonable. It would make websites load incredibly slow.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
heleopless
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Mon Jan 03, 2011 3:03 pm

Re: problem : how to control connections for one download?

Sun Jan 23, 2011 10:39 pm

/ip firewall filter
add action=drop chain=forward comment="2 connection exe" connection-limit=2,30 \
content=.exe disabled=no protocol=tcp


like this mr fewi that works well
but i want this connection limit be for all downloads not for a specific extension

is there an idea like if the size of the downloaded file is more than .......
make connection limit ........
 
heleopless
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Mon Jan 03, 2011 3:03 pm

Re: problem : how to control connections for one download?

Mon Jan 24, 2011 9:20 am

ok any idea about
the port that internet download manager program use?????
 
heleopless
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Mon Jan 03, 2011 3:03 pm

Re: problem : how to control connections for one download?

Mon Jan 24, 2011 9:36 am

i want to tell mikrotik
if this program (idm) download ,make connection limit = 2 subnet = 30

any idea please help me iam in a problem
thanks in advance
 
heleopless
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Mon Jan 03, 2011 3:03 pm

Re: problem : how to control connections for one download?

Mon Jan 24, 2011 5:40 pm

any idea??????
 
Feklar
Forum Guru
Forum Guru
Posts: 1726
Joined: Tue Dec 01, 2009 11:46 pm

Re: problem : how to control connections for one download?

Mon Jan 24, 2011 5:58 pm

Fewi has given you the answer many times. This is not possible the way you are asking about it with a layer3 device. A router does not know or care about what application an end user is using, it does what a router does and routes traffic. The router does not know the difference of an end user downloading a web page, an ISO, an MP3, or any other kind of file over HTTP. It is all the same protocol and the same thing to a router.

Content inspection is happening at layer7 and the router is inspecting each packet that goes through it for the specific word ".exe" in your example. This means that any HTTP web page that has that string in it, the firewall rule will hit. Doing layer7 functions on a router can be very resource intensive and should be used very sparingly. Your rule will also do nothing for an encrypted page as then the packets will no longer be in plain text.

So unless you are willing to spend tens of thousands of dollars on a dedicated piece of hardware that will do layer7 deep packet inspection, applying a hard rate limit per user and/or implementing basic QoS on the router is the way to go.
 
prince90s
just joined
Posts: 22
Joined: Sun Jan 23, 2011 9:44 pm

Re: problem : how to control connections for one download?

Sat Jan 29, 2011 8:53 pm

In http download I also have the same confusion, not long ago I know
 connection-bytes=500000-0
Can be distinguished from browse and download, and very useful, so you can try. My MSN is jq1018@live.cn,
if there are problems can send message to me, my friend.
 
User avatar
butche
Trainer
Trainer
Posts: 428
Joined: Fri May 28, 2004 6:14 pm
Location: Missouri, USA
Contact:

Re: problem : how to control connections for one download?

Mon Jan 31, 2011 12:43 am

You may want to incorporate some form at dst-limit in your match. If you want to ensure it is a download, you'll want to be certain to include a packet-size matcher. You can find documentation for dst-limit here: http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/Filter (the others are there, too). dst-limit is really not exactly what you are wanting, but it will give you the ability to group packets based on a pair of addresses/ports. Good luck and post your results when you are done.
--
Butch Evans
Mikrotik Certified Trainer
Mikrotik Certified Consultant
BLOG: blog.butchevans.com
http://store.wispgear.net/

Who is online

Users browsing this forum: al3xeezer, Baidu [Spider], Bing [Bot], mozerd, yancho, yarda and 87 guests