Community discussions

MikroTik App
 
Gradius
just joined
Topic Author
Posts: 23
Joined: Tue Aug 09, 2005 6:06 pm
Location: Dallas, Texas

Throttling Bit-Torrent

Tue Aug 09, 2005 6:37 pm

I'm sure there have been numerous posts on this topic but none of the solutions seem to work. I have several Bit-Torrent users on my network and the bandwidth really isnt the problem. I have frame-relay T1 lines and the number of connections that these p2p programs use are what is killing my network. I've tried setting up firewall rules to limit the number of connections per client to 10 but this doesnt seem to work. It's like I can't control the number of connections per user. Is there something that I'm missing?

Bit-Torrent seems to be the biggest problem on my network however, other p2p applications seems to cause similar problems just on a smaller scale. The only thing I can think of is maybe I'm entering the firewall rules incorrectly.. Does anyone out thre have a working configuration? Right now I'm running MT 2.8.27.

Thanks alot
 
spire2z
Long time Member
Long time Member
Posts: 516
Joined: Mon Feb 14, 2005 2:48 am

Tue Aug 09, 2005 8:03 pm

I think you must be entering it wrong because it works for me!

Check you have the rules in the forward chain of the firewall filter. Thats an easy mistake to make.

Remember though it wont limit UDP connections.

I wish MT would add the UDP connlimit patch as I said before ;)

hmm - Gradius, is that a reference to the classic Konami game... You must be a fan? I am :)
 
Gradius
just joined
Topic Author
Posts: 23
Joined: Tue Aug 09, 2005 6:06 pm
Location: Dallas, Texas

Tue Aug 09, 2005 8:30 pm

haha actually yes it is :) I used to play it all the time. Great game.

Aright, i looked at the router settings and it seems that I am catching several packets, but nowhere near all of them. I set the connection time limit to 1 hour to filter out all the older, non-active connections.. Hopefully that will clear things up.
 
UniKyrn
Member Candidate
Member Candidate
Posts: 245
Joined: Fri Dec 24, 2004 9:27 pm
Location: Spokane, WA

Tue Aug 09, 2005 11:10 pm

Are you throttling both directions? Keep in mind that there are going to be hundreds of incoming connections attempts from people trying to get file segments from your customer and connection tracking is going to have to deal with them as well.
 
nikhil
Member Candidate
Member Candidate
Posts: 262
Joined: Wed Dec 22, 2004 5:04 pm
Location: US

Fri Aug 19, 2005 4:45 am

can someone post some sample rules here which can be implemented for this ?
 
tlkhorses
Frequent Visitor
Frequent Visitor
Posts: 82
Joined: Wed Jun 22, 2005 11:06 pm

Mon Aug 22, 2005 7:14 am

A sample of rules would be most helpful reference bittorrent

tk
 
Gradius
just joined
Topic Author
Posts: 23
Joined: Tue Aug 09, 2005 6:06 pm
Location: Dallas, Texas

Mon Sep 19, 2005 7:38 pm

Still having issues with bittorrent here. Would it be possible for someone to post a fix for this. I want to limit/block ALL torrent traffic through my network, udp/tcp, everything. It causes too much of a problem and I've tried everything I know. Any help would be nice :)

Thanks
 
spire2z
Long time Member
Long time Member
Posts: 516
Joined: Mon Feb 14, 2005 2:48 am

Tue Sep 20, 2005 7:42 pm

I don't think that is truely possible yet. p2p is a mother to manage fully!

The problem with p2p matching engine is that it does detect established connections after a while but alot of the p2p traffic escapes it too. I have thought of many ways like using the known ports to connection limit the traffic as with the p2p matching module and that does work but can also makes the p2p behave funny and some other apps can be affected if incoming ports conflict and I find incoming ports for apps vary so much you cant mess with that. I find it a balance of making it work enough to keep the users happy but throttle it so it dosent cause much problem to your network but it is very difficult.

Are your connection limits showing up dropped packets? If so then you can assume they are working and that it's not possible to control by TCP.

What do you think is slowing down as a result of these connections?

Is it the MT router slowing down? Is the winbox or command prompt slow to respond? It could be some other device down the line with not enough proccessor to take that many connections.

If the MT is slow an upgrade of memory and processor would help. I would think the T1 lines should take almost unlimited ammount of tcp connections bandwidth overhead allowing of course, so long as the hardware providing connectivity can take the load?

Do some more tests and see? I had a similar problem and it was teh hardware used for MT was not up to the job.

PS - playing Gradius arcade game in my youth too, brings back happy memories :)
 
blueskies
just joined
Posts: 14
Joined: Wed Jul 20, 2005 8:53 pm

example?

Wed Sep 21, 2005 11:29 am

Hi Spirez,

It would be really useful if you could give some examples of your rules to limit port connections per IP. I remember in an earlier post you suggested 4. Examples would be a start for some of us who have limited MT experience. In my case I want to block P2P on school LAN with MT configured as transparent bridge but MT cannot drop latest version of Ares. So I want to try port limiting.

thanx

Peter
 
spire2z
Long time Member
Long time Member
Posts: 516
Joined: Mon Feb 14, 2005 2:48 am

Wed Sep 21, 2005 1:45 pm

2 out-interface=ether3 protocol=tcp tcp-options=syn-only action=drop
connection-limit=50

3 out-interface=ether4 protocol=tcp tcp-options=syn-only action=drop
connection-limit=80


These just limit users to 50 on ether3 and 80 on ether4 which are my two connections. Most p2p goes through ether3

You can block ports known by p2p but make sure you only drop dst ports on the WAN interface because it can cause problems with other apps.
 
blueskies
just joined
Posts: 14
Joined: Wed Jul 20, 2005 8:53 pm

thnx spire2z

Thu Sep 22, 2005 11:32 am

thnx spire2z. I will give it a try.

Who is online

Users browsing this forum: DanMos79 and 54 guests