Hello, I have been testing the 2.9.5 version of MT, I am trying to block all p2p traffic but this version does not work at all. Here is how I set it up:
0 chain=forward p2p=all-p2p action=drop
I am not sure if I am missing something here. I looked at the 2.9 manual but I could not find anything on p2p.
Also I am still having lots of problems with signal and users not connecting, I setup the 2.9.5 last night and I noticed this morning that lots of my users were not connected, I started to ping their radios and I would get timeouts, I then restarted the MT and some of the users started to connect. Still some are not. This is getting frustrating, the only reason why I want to move up to 2.9 is because I can use the burst feature with pppoe profiles. I have asked mt support to send me something on how to set it up on 2.8.28 but still no answer.
can someone help me on how to setup brust for my pppoe clients on 2.8?
I am giving up 2.9 version.
thanks
Re: P2P Blocking not working at all, and many other things
That rules actually work for me on a test router I installed yesterday. I run a client for the edonkey network and this rules works. It will not drop every packets, but it will be impossible to connect and download anything.Hello, I have been testing the 2.9.5 version of MT, I am trying to block all p2p traffic but this version does not work at all. Here is how I set it up:
0 chain=forward p2p=all-p2p action=drop
I am not sure if I am missing something here. I looked at the 2.9 manual but I could not find anything on p2p.
How do you know that it's traffic from p2p clients? I've set up an edonkey server and a few clients in my test network and I found out that if I drop edonkey p2p traffics, not every packets is dropped. For example UDP packets on port 4672 and some other TCP packets on port 4662 which the clients are using. However, this data is around 50 MiB after running the test in 24 hours. That is not much comparing to if I disable the drop chain and I let 3 clients upload and download with the speed of 50 kB/s i.e. 25920 MiB.
Am I the only one that does not have a problem with it?
Am I the only one that does not have a problem with it?
thank you both for the input, but I still think 2.9.5 is not ready for action, I try to drop all p2p and I see no traffic being drop at all. I downloaded limewire and tested it myself and I could download music. Once I connected the 2.8.28 back I was blocked.
Another thing, do any of you can help setup burst for my pppoe clients on 2.8.28? See pppoe has profiles and I would like to set busrt limit for them. but when I use the profile I can only make limit at for download and upload.
thanks
Another thing, do any of you can help setup burst for my pppoe clients on 2.8.28? See pppoe has profiles and I would like to set busrt limit for them. but when I use the profile I can only make limit at for download and upload.
thanks
With the drop rules enabled for gnutella, I could not search and download. When I disabled the rule, all downloads instantly continued and I could search. I don't know why it does not work for you, maybe a different infrastructure. I tried this in my home with a nated connection to the internet because of that it is weekend and I do not have access to a routed network to internet. Maybe you should tell us a little bit more about your router setup.
-
-
wildbill442
Forum Guru
- Posts: 1055
- Joined:
- Location: Sacramento, CA
I'm using 2.9.5 on multiple routers with no problems. That could be attributed to my experience with networks and mikrotik. I find some users on this forum who have problems with Router OS have no basic understanding of networks, or any real experience with Network Operating Systems. This isn't Linksys SOHO grade equipment, That said...thank you both for the input, but I still think 2.9.5 is not ready for action, I try to drop all p2p and I see no traffic being drop at all. I downloaded limewire and tested it myself and I could download music. Once I connected the 2.8.28 back I was blocked.
Another thing, do any of you can help setup burst for my pppoe clients on 2.8.28? See pppoe has profiles and I would like to set busrt limit for them. but when I use the profile I can only make limit at for download and upload.
thanks
If you are trying to use the P2P firewall option within MT RouterOS you MUST have Connection Tracking enabled. RouterOS will not drop any traffic related to P2P because it relies on Connection Tracking.
Code: Select all
/ip firewall connection tracking set enabled=yesThanks wildbill442,
I am glad all is wotking for you, for some reason 2.9.5 is giving me lots of problems with signal and connections. I have decided to stick with 2.8.28. The problem with 2.9.X is that for some of you guys it works great and some it does not. I am not blaming anyone, I just think since we all use different equipment thats where the different problems come out.
my setup is:
AMD VIA board with 1.4ghz processor and 256ram. For ether interfaces I have divacom PCI ethernet cards and for wlan I have the mikrotik 200mw card.
Network is a simple pppoe server, only p2p blocking with set times and one profile set to have a 256k limit to the users.
I dont think its much, but 2.9.5 just gives me problems.
examples of problems are
p2p bocking "I will try what you said"
some clients radios cant even see the signal, like the hide ssid was enable, but the client next to him works fine.
You cant tell me this is an experience issue, to me this is a software issue that has not been resolved completely yet. 2.9.X is just not ready.
At this time I will stick to 2.8.28, maybe later on when I see nomore issues on the forum I will upgrade and test again.
thanks for the info.
I am glad all is wotking for you, for some reason 2.9.5 is giving me lots of problems with signal and connections. I have decided to stick with 2.8.28. The problem with 2.9.X is that for some of you guys it works great and some it does not. I am not blaming anyone, I just think since we all use different equipment thats where the different problems come out.
my setup is:
AMD VIA board with 1.4ghz processor and 256ram. For ether interfaces I have divacom PCI ethernet cards and for wlan I have the mikrotik 200mw card.
Network is a simple pppoe server, only p2p blocking with set times and one profile set to have a 256k limit to the users.
I dont think its much, but 2.9.5 just gives me problems.
examples of problems are
p2p bocking "I will try what you said"
some clients radios cant even see the signal, like the hide ssid was enable, but the client next to him works fine.
You cant tell me this is an experience issue, to me this is a software issue that has not been resolved completely yet. 2.9.X is just not ready.
At this time I will stick to 2.8.28, maybe later on when I see nomore issues on the forum I will upgrade and test again.
thanks for the info.
how to test?
What is the best method to test that P2P is being blocked?
I went through the whole firewall chain, even added the traffic monitoring...but still I have a client that has every port from 1000 - 6900...and they are all active...
Throttling only pisses him off. Let me know how I can limit the ammount of P2P traffic he can do daily or something. Thanks!!
Dustin Springman
Ocean Lan Ltd.
http://www.oceanlan.com
springman<at>oceanlan.com
I went through the whole firewall chain, even added the traffic monitoring...but still I have a client that has every port from 1000 - 6900...and they are all active...
Throttling only pisses him off. Let me know how I can limit the ammount of P2P traffic he can do daily or something. Thanks!!
Dustin Springman
Ocean Lan Ltd.
http://www.oceanlan.com
springman<at>oceanlan.com
@dannyboy i've done this and its work:
rule forward:
add src-address=10.x.x.x/16
protocol=tcp
dst-port=80!
action=drop/reject
it means that all port except port 80 will be drop/reject......
i think blocking the port is more effesiens more than have to block by the name of the p2p because more p2p program will
rule forward:
add src-address=10.x.x.x/16
protocol=tcp
dst-port=80!
action=drop/reject
it means that all port except port 80 will be drop/reject......
i think blocking the port is more effesiens more than have to block by the name of the p2p because more p2p program will
@dannyboy i've done this and its work:
rule forward:
add src-address=10.x.x.x/16
protocol=tcp
dst-port=80!
action=drop/reject
it means that all port except port 80 will be drop/reject......
i think blocking the port is more effesiens more than have to block by the name of the p2p because more p2p program will
You're completely nuts. This way you block absolutely everythinng, including some websites that don't use port 80. This is no "INTERNET" being delivered to the users, this is some websites only. Internet is NOT JUST WEB, people use all kindsa services on the network. Furhtermore why the hell would anybody want to drop p2p ?!? Just lower it's priority beanath all other or something. Why be an ISP and cut off your own services to the users? You want to be half of ISP or a third of ISP ? You are trying to catch monkeys with bran??!? 
@dannyboy i've done this and its work:
rule forward:
add src-address=10.x.x.x/16
protocol=tcp
dst-port=80!
action=drop/reject
it means that all port except port 80 will be drop/reject......
i think blocking the port is more effesiens more than have to block by the name of the p2p because more p2p program will
actually he's not completely nut's, i'm agree with dannyboy that block ports r more effisiens than p2p it self (but not like the way he do
), we just need to know what kind of port r running at p2p aplication than drop it at firewall rules
I didn't have time to read every post in this thread, but I must say that p2p blocking is working perfectly!
Issue is that when you do p2p blocking it will block only new connections, not the ones that are allready established!
So if you have rule to enable and disable p2p you MUST reboot the router so p2p blocking can take effect!
Cheers...
Issue is that when you do p2p blocking it will block only new connections, not the ones that are allready established!
So if you have rule to enable and disable p2p you MUST reboot the router so p2p blocking can take effect!
Cheers...
-
-
telephone29
just joined
- Posts: 24
- Joined:
guys, do you now understand the difference? See what wildbill442 said?
"I'm using 2.9.5 on multiple routers with no problems. That could be attributed to my experience with networks and mikrotik. I find some users on this forum who have problems with Router OS have no basic understanding of networks, or any real experience with Network Operating Systems. This isn't Linksys SOHO grade equipment"
let me put accent on "that could be attributed to my experience with networks and mikrotik". EXPERIENCE !!!!!
then, see what another networking / internet "specialist" has done:
---------
i've done this and its work:
rule forward:
add src-address=10.x.x.x/16
protocol=tcp
dst-port=80!
action=drop/reject
it means that all port except port 80 will be drop/reject......
i think blocking the port is more effesiens more than have to block by the name of the p2p because more p2p program will
---------
in order to block p2p. Would you like to be customer of the later one? I'm really wondering how could his business still exist, not to offend anyone. Once again : blocking everything except port 80 is definitely not the way how to stop p2p, but this is the way to loosing customers and digging own grave.
[/u]
"I'm using 2.9.5 on multiple routers with no problems. That could be attributed to my experience with networks and mikrotik. I find some users on this forum who have problems with Router OS have no basic understanding of networks, or any real experience with Network Operating Systems. This isn't Linksys SOHO grade equipment"
let me put accent on "that could be attributed to my experience with networks and mikrotik". EXPERIENCE !!!!!
then, see what another networking / internet "specialist" has done:
---------
i've done this and its work:
rule forward:
add src-address=10.x.x.x/16
protocol=tcp
dst-port=80!
action=drop/reject
it means that all port except port 80 will be drop/reject......
i think blocking the port is more effesiens more than have to block by the name of the p2p because more p2p program will
---------
in order to block p2p. Would you like to be customer of the later one? I'm really wondering how could his business still exist, not to offend anyone. Once again : blocking everything except port 80 is definitely not the way how to stop p2p, but this is the way to loosing customers and digging own grave.
[/u]
Hm, I am afraid you are right. Several posts here are based on same schema:
1. Somebody tries to use MT
2. He founds it is not so straightforward to configure MT without basic knowledge of networks, TCP/IP etc.
3. He even does not try to understand what MT can do for him.
4. He writes post to this forum. Most of these posts contain words like: "HEELP" or "PLEEEEASE".
5. He is dissapointed that others do not give him step by step solution of his probem in 10 minutes after he wrote his post.
I think it is common problem visible not only in this forum: how to find simple solution of my problem without my own effort.
1. Somebody tries to use MT
2. He founds it is not so straightforward to configure MT without basic knowledge of networks, TCP/IP etc.
3. He even does not try to understand what MT can do for him.
4. He writes post to this forum. Most of these posts contain words like: "HEELP" or "PLEEEEASE".
5. He is dissapointed that others do not give him step by step solution of his probem in 10 minutes after he wrote his post.
I think it is common problem visible not only in this forum: how to find simple solution of my problem without my own effort.
guys, there is no point of looking at it so black and white. While reading this topic I expected someone will finally explain how p2p filering is used on MT and guess what, instead of that I jus saw people waiting to piss on people who do not know.
I agree we had chance to see some ridicoluous ignorance here, but not form the one who started the thread. I gues he deservers help, and just two or three well said sentecnes would help him to see hot thing works.
Problem is that quite large number of people is here just to show off and be able to say someone to read the manual. most of the topics here stay unanswered. People do not get help, and often, just a little effort is enough to help someone to clear confusion or understand something.
I undesrtand ignorance is bothering you. It bother me to, but I saw quite large number of questions here posted by people who do try to understand, learn and solve problems, but you treat them as lower kind which does not deserve to be helped at all.
People do come here to get help, and that means they do not know how to solve problems, and if you are here just to wait to tell anyone who knows less than you that he is ignorant, you are missing the point. There is much noble way, if you do not want to spend your time then ignore "ignorants", or at least show them soem URL where they can lear, or, finally, try to explain them what they do not know, or at least show them the hints.
Look at the http://forum.mikrotik.com//viewtopic.ph ... torder=asc that is an fine example of someone who has will and patience to spend as much time as other spend on showing off to really help someone to understand problem, learn and solve it.
I agree we had chance to see some ridicoluous ignorance here, but not form the one who started the thread. I gues he deservers help, and just two or three well said sentecnes would help him to see hot thing works.
Problem is that quite large number of people is here just to show off and be able to say someone to read the manual. most of the topics here stay unanswered. People do not get help, and often, just a little effort is enough to help someone to clear confusion or understand something.
I undesrtand ignorance is bothering you. It bother me to, but I saw quite large number of questions here posted by people who do try to understand, learn and solve problems, but you treat them as lower kind which does not deserve to be helped at all.
People do come here to get help, and that means they do not know how to solve problems, and if you are here just to wait to tell anyone who knows less than you that he is ignorant, you are missing the point. There is much noble way, if you do not want to spend your time then ignore "ignorants", or at least show them soem URL where they can lear, or, finally, try to explain them what they do not know, or at least show them the hints.
Look at the http://forum.mikrotik.com//viewtopic.ph ... torder=asc that is an fine example of someone who has will and patience to spend as much time as other spend on showing off to really help someone to understand problem, learn and solve it.
-
-
telephone29
just joined
- Posts: 24
- Joined:
> While reading this topic I expected someone will finally explain how p2p
> filering is used on MT and guess what, instead of that I jus saw people
> waiting to piss on people who do not know.
there are two basic things used for filtering, read here: http://ipp2p.org/ and http://l7-filter.sourceforge.net/. This is usual stuff for any experienced network admin. They are free, easy to implement, working.
> filering is used on MT and guess what, instead of that I jus saw people
> waiting to piss on people who do not know.
there are two basic things used for filtering, read here: http://ipp2p.org/ and http://l7-filter.sourceforge.net/. This is usual stuff for any experienced network admin. They are free, easy to implement, working.
Well this forum is not "Networking for dummies forum" it's called Mikrotik Forum.
I am not heartless, I am sorry when I see people having problem, but personally I didn't cry on MT forum but rather started reading everything I could find on google etc.
There are many other forums and mailing lists regarding Networking basics.
No offense
I am not heartless, I am sorry when I see people having problem, but personally I didn't cry on MT forum but rather started reading everything I could find on google etc.
There are many other forums and mailing lists regarding Networking basics.
No offense
P2P works for me
I am using rb532 2.9.7 with hotspot on lan interface. I copied the rule from above "chain=forward p2p=all-p2p action=drop" into firewall and it worked perfectly. I had to remove the existing p2p connections in firewall connections and it took a few minutes but it did and is working for me. Guess I will see how the customers feel about it in a bit. :)
As for the people who arent happy with the questions being stupid, I am one of those who are NOT a network engineer. I am simply tech support who got the netadmin dropped on me. Do or die. For a while I died. I had to take some crash courses in networking and ip. Normis and Uldis and some others on this forum helped me immensely. I wouldnt still be in business without their help. !!
Thanks to all who helped
Cindy
As for the people who arent happy with the questions being stupid, I am one of those who are NOT a network engineer. I am simply tech support who got the netadmin dropped on me. Do or die. For a while I died. I had to take some crash courses in networking and ip. Normis and Uldis and some others on this forum helped me immensely. I wouldnt still be in business without their help. !!
Thanks to all who helped
Cindy
Finally someone with a good actitude!! THANKS pedja!!!!!
I have actualy stopped trying to do things with MT just because of all the arrogant people that just come in here to piss on us that dont know much... Is the day and still no answer to many posts I have created... This is what I think of all this arrogants, you guys had a shit for childhood, probably a bunch of ashamed nerds that were picked on all the way through college graduation. They still feel like they are nothing and the only way for them to feel like they are worth something is by pissing on others... Grow up!!!
To Mikrotik: I hope you take a look at this, I am a customer that used to buy and promote MT. To this point I have been looking for other products that are similar to yours... I hope I am not the only one running away from your product because of the issues with tech help. All your programmers deserve better!!!!
Lets see something: I want to limit all p2p traffic on my network to use 128k upload and download. I know I have to use mangle and queues. I tried it with the example on the manual but does not seem to work like I want it. So if you are so kind to show me the code I need to make for the mangle and queues it would realy help me. Rigth now I have p2p blocked the whole day, and unblocked during the night. I dont want to limit my users to much so I would like the let them have p2p but limit the bandwidth to 128 for the whole netwrok during the day and just open it up at night.
daniel
I have actualy stopped trying to do things with MT just because of all the arrogant people that just come in here to piss on us that dont know much... Is the day and still no answer to many posts I have created... This is what I think of all this arrogants, you guys had a shit for childhood, probably a bunch of ashamed nerds that were picked on all the way through college graduation. They still feel like they are nothing and the only way for them to feel like they are worth something is by pissing on others... Grow up!!!
To Mikrotik: I hope you take a look at this, I am a customer that used to buy and promote MT. To this point I have been looking for other products that are similar to yours... I hope I am not the only one running away from your product because of the issues with tech help. All your programmers deserve better!!!!
Lets see something: I want to limit all p2p traffic on my network to use 128k upload and download. I know I have to use mangle and queues. I tried it with the example on the manual but does not seem to work like I want it. So if you are so kind to show me the code I need to make for the mangle and queues it would realy help me. Rigth now I have p2p blocked the whole day, and unblocked during the night. I dont want to limit my users to much so I would like the let them have p2p but limit the bandwidth to 128 for the whole netwrok during the day and just open it up at night.
daniel
One note to previous posts: My mother would say to you: Do not cry and try to improve your networking skills. I try to help in this forum the best I can, but lot of my posts MUST contain explanation of networking basics, simply because people without appropriate knowledge are trying to do things, that are from networking point of view impossible or almost impossible (it is sometimes like to scratch my left ear by right hand). I think djape expressed it very precisely. Mikrotik is not intended for home users without networking knowledge, such users should buy other products that are configurable with few mouse clicks...
You wrote:
use 128k upload and download. I know I have to use mangle and queues. I tried it with the example on the manual but does not seem to work like I want it.
Can you please exactly describe, how do you want your p2p to be shaped?
You wrote:
use 128k upload and download. I know I have to use mangle and queues. I tried it with the example on the manual but does not seem to work like I want it.
Can you please exactly describe, how do you want your p2p to be shaped?
thanks for the quick response Tonda.. I will explain better what I want to do:
I have a small ISP of 47 users in Nicaragua Central America. Right now I have p2p blocked from 7 am to 10 pm after 10 pm is unblocked. What I want to do is instead of completly blocking p2p from the network is to have it unblocked but to put a total limit of 128k to the whole network.
"I want people to share the 128k for p2p use only"
I hope I explain what I wanted to do more clear, I realy thank you for the quick response.
daniel
I have a small ISP of 47 users in Nicaragua Central America. Right now I have p2p blocked from 7 am to 10 pm after 10 pm is unblocked. What I want to do is instead of completly blocking p2p from the network is to have it unblocked but to put a total limit of 128k to the whole network.
"I want people to share the 128k for p2p use only"
I hope I explain what I wanted to do more clear, I realy thank you for the quick response.
daniel
Add a simple queue:thanks for the quick response Tonda.. I will explain better what I want to do:
I have a small ISP of 47 users in Nicaragua Central America. Right now I have p2p blocked from 7 am to 10 pm after 10 pm is unblocked. What I want to do is instead of completly blocking p2p from the network is to have it unblocked but to put a total limit of 128k to the whole network.
"I want people to share the 128k for p2p use only"
I hope I explain what I wanted to do more clear, I realy thank you for the quick response.
daniel
Code: Select all
add name="Peer to Peer" target-addresses=0.0.0.0/0 dst-address=0.0.0.0/0 interface=all parent=none direction=both priority=8 queue=default/default limit-at=0/0 max-limit=128000/128000 total-queue=default p2p=all-p2p