Re: [WISPA] p2p blocking, throttling, mikrotik
I really like the mangle and queue tree idea, too. My template is a bit different (as is everyones =) but the principle remains. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 Those who don't understand UNIX are condemned to reinvent it, poorly. --- Henry Spencer On Wed, Nov 5, 2008 at 1:52 AM, RickG <[EMAIL PROTECTED]> wrote: > IMO, the best thing I've done to my network is switch to a Mikrotik > firewall and prioritize traffic. I friend of mine offered a sample > script whcih I have attached. Obviously, you need to tweak it to fit > your needs. > -RickG > > On Mon, Nov 3, 2008 at 10:24 AM, RC <[EMAIL PROTECTED]> wrote: > > When I try and block ptp traffic through my mikrotik router > > customers call in telling us some web pages load some don't. > > Myspace, yahoo, etc. > > > > Anyone know how to block or throttle p2p without affecting > > regular web traffic? > > > > > > > > > > > WISPA Wants You! Join today! > > http://signup.wispa.org/ > > > > > > > WISPA Wireless List: wireless@wispa.org > > > > Subscribe/Unsubscribe: > > http://lists.wispa.org/mailman/listinfo/wireless > > > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] p2p blocking, throttling, mikrotik
IMO, the best thing I've done to my network is switch to a Mikrotik firewall and prioritize traffic. I friend of mine offered a sample script whcih I have attached. Obviously, you need to tweak it to fit your needs. -RickG On Mon, Nov 3, 2008 at 10:24 AM, RC <[EMAIL PROTECTED]> wrote: > When I try and block ptp traffic through my mikrotik router > customers call in telling us some web pages load some don't. > Myspace, yahoo, etc. > > Anyone know how to block or throttle p2p without affecting > regular web traffic? > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > /ip firewall mangle add action=mark-packet chain=prerouting comment=icmp disabled=no in-interface=wan0 new-packet-mark=icmp_in \ passthrough=no protocol=icmp add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=icmp_out out-interface=wan0 \ passthrough=no protocol=icmp add action=mark-packet chain=prerouting comment=SNMP disabled=no in-interface=wan0 new-packet-mark=SNMP-IN \ passthrough=no protocol=udp src-port=161 add action=mark-packet chain=postrouting comment="" disabled=no dst-port=161 new-packet-mark=SNMP-OUT \ out-interface=wan0 passthrough=no protocol=udp add action=mark-packet chain=prerouting comment=p2p disabled=no in-interface=wan0 new-packet-mark=p2p_in \ p2p=all-p2p passthrough=no add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=p2p_out out-interface=wan0 \ p2p=all-p2p passthrough=no add action=mark-packet chain=prerouting comment=Game disabled=no in-interface=wan0 new-packet-mark=Game-IN \ passthrough=no protocol=tcp src-port=27020-27039 add action=mark-packet chain=prerouting comment="" disabled=no in-interface=wan0 new-packet-mark=Game-IN \ passthrough=no protocol=udp src-port=1200,27000-27100 add action=mark-packet chain=postrouting comment="" disabled=no dst-port=27020-27039 new-packet-mark=\ Game-OUT out-interface=wan0 passthrough=no protocol=tcp add action=mark-packet chain=postrouting comment="" disabled=no dst-port=1200,27000-27100 new-packet-mark=\ Game-OUT out-interface=wan0 passthrough=no protocol=udp add action=mark-packet chain=prerouting comment=pop3 disabled=no in-interface=wan0 new-packet-mark=pop3_in \ passthrough=no protocol=tcp src-port=110 add action=mark-packet chain=postrouting comment="" disabled=no dst-port=110 new-packet-mark=pop3_out \ out-interface=wan0 passthrough=no protocol=tcp add action=mark-packet chain=prerouting comment=smtp disabled=no in-interface=wan0 new-packet-mark=smtp_in \ passthrough=no protocol=tcp src-port=25 add action=mark-packet chain=postrouting comment="" disabled=no dst-port=25 new-packet-mark=smtp_out \ out-interface=wan0 passthrough=no protocol=tcp add action=mark-packet chain=prerouting comment=winbox disabled=no dst-port=8291 in-interface=wan0 \ new-packet-mark=winbox_in passthrough=no protocol=tcp add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=winbox_out out-interface=\ wan0 passthrough=no protocol=tcp src-port=8291 add action=mark-packet chain=prerouting comment=dns disabled=no in-interface=wan0 new-packet-mark=dns_in \ passthrough=no protocol=udp src-port=53 add action=mark-packet chain=postrouting comment="" disabled=no dst-port=53 new-packet-mark=dns_out \ out-interface=wan0 passthrough=no protocol=udp add action=mark-packet chain=prerouting comment=www disabled=no in-interface=wan0 new-packet-mark=www_in \ passthrough=no protocol=tcp src-port=80 add action=mark-packet chain=postrouting comment="" disabled=no dst-port=80 new-packet-mark=www_out \ out-interface=wan0 passthrough=no protocol=tcp add action=mark-packet chain=prerouting comment=ssl disabled=no in-interface=wan0 new-packet-mark=ssl_in \ passthrough=no protocol=tcp src-port=443 add action=mark-packet chain=postrouting comment="" disabled=no dst-port=443 new-packet-mark=ssl_out \ out-interface=wan0 passthrough=no protocol=tcp add action=mark-packet chain=prerouting comment=udp disabled=no in-interface=wan0 new-packet-mark=udp_in \ passthrough=no protocol=udp add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=udp_out out-interface=wan0 \ passthrough=no protocol=udp add action=mark-packet chain=prerouting comment=tcp disabled=no in-interface=wan0 new-packet-mark=tcp_in \ passthrough=no protocol=tcp add action=mark-packet chain=postrouting comment="" disabled=no new-packet-mark=tcp_out out-interface=wan0 \ passthrough=no protocol=tcp add action=mark-packet chain=prerouting comment=other disabled=no in-interface=wan0
Re: [WISPA] p2p blocking, throttling, mikrotik
Problem is that there is no way to do that if they use the encryption offered by most of the ptp clients. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, November 03, 2008 1:36 PM To: WISPA General List Subject: Re: [WISPA] p2p blocking, throttling, mikrotik Don't block p2p unless you do disclose it up front and straight out to your customers. That what was Comcast got in big problems with FCC a year ago because they throttled it to point of unusable and they got slapped on the fingers big time. But if you do and you are masquerading you traffic you have to create mangle rules to catch properly the p2p traffic. If you don't then many p2p apps will swap to use port 80 for traffic and if you do QoS on port 80 then you are effectively helping it out instead of hindering it and would be why you see this problem with port 80 traffic. /Eje --Original Message-- From: RC Sender: [EMAIL PROTECTED] To: wireless@wispa.org ReplyTo: WISPA General List Sent: Nov 3, 2008 09:24 Subject: [WISPA] p2p blocking, throttling, mikrotik When I try and block ptp traffic through my mikrotik router customers call in telling us some web pages load some don't. Myspace, yahoo, etc. Anyone know how to block or throttle p2p without affecting regular web traffic? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ Sent via BlackBerry from T-Mobile WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] p2p blocking, throttling, mikrotik
Don't block p2p unless you do disclose it up front and straight out to your customers. That what was Comcast got in big problems with FCC a year ago because they throttled it to point of unusable and they got slapped on the fingers big time. But if you do and you are masquerading you traffic you have to create mangle rules to catch properly the p2p traffic. If you don't then many p2p apps will swap to use port 80 for traffic and if you do QoS on port 80 then you are effectively helping it out instead of hindering it and would be why you see this problem with port 80 traffic. /Eje --Original Message-- From: RC Sender: [EMAIL PROTECTED] To: wireless@wispa.org ReplyTo: WISPA General List Sent: Nov 3, 2008 09:24 Subject: [WISPA] p2p blocking, throttling, mikrotik When I try and block ptp traffic through my mikrotik router customers call in telling us some web pages load some don't. Myspace, yahoo, etc. Anyone know how to block or throttle p2p without affecting regular web traffic? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ Sent via BlackBerry from T-Mobile WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
Re: [WISPA] p2p blocking, throttling, mikrotik
Did you use the built-in P2P filtering, or something else? RC wrote: > When I try and block ptp traffic through my mikrotik router > customers call in telling us some web pages load some don't. > Myspace, yahoo, etc. > > Anyone know how to block or throttle p2p without affecting > regular web traffic? > > > > > WISPA Wants You! Join today! > http://signup.wispa.org/ > > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > > > > No virus found in this incoming message. > Checked by AVG - http://www.avg.com > Version: 8.0.175 / Virus Database: 270.8.5/1763 - Release Date: 11/2/2008 > 7:08 PM > > -- Scott Reed Owner NewWays Networking, LLC Wireless Networking Network Design, Installation and Administration Mikrotik Advanced Certified www.nwwnet.net (765) 855-1060 WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
[WISPA] p2p blocking, throttling, mikrotik
When I try and block ptp traffic through my mikrotik router customers call in telling us some web pages load some don't. Myspace, yahoo, etc. Anyone know how to block or throttle p2p without affecting regular web traffic? WISPA Wants You! Join today! http://signup.wispa.org/ WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/