hi guys if i use this command do i tend to block p2p for all users

ip firewall filter add chain=forward p2p=all-p2p action=drop

and is it possible to give certian users access to p2p?


please advise


regards

zain

thanks in advance

Accept traffic for/from those users before that drop rule.

what do you mean by that am not good at mikrotik could you ssh in and see how to go round it ?

The firewall will stop looking once a packet matches a rule (unless passthrough=yes is set). So with the above, any traffic from and to 192.168.1.100 will be accepted before the packet hits the p2p filter further down.

ok thanks for the help i wil juz get some to physical explain it to me i will understand better thanks alot

please advise which address do i put their the public ip or the dhcp gateway?

The real IP of the client. I don't understand how the DHCP gateway would play into this.

Well i have a routerboard rb750g eth1 has internet pumping into it with its public ips then i have made a dhcp linking to eth2 to eth5 giving my ap's dhcp to clients now i want to block all dhcp released to clients to not download any p2p accept from browse msn and direct download and i just want one anntenna of mine which is mine to bypass the p2p and download torrents.


please advise


or add me on skype zainmw91

or google n1ghtwalk3r786@googlemail.com if their is onther messenger you have please let me know i could give you my id mayb you can ssh through the public ip and check it out thanks.

Well i have a routerboard rb750g eth1 has internet pumping into it with its public ips then i have made a dhcp linking to eth2 to eth5 giving my ap's dhcp to clients now i want to block all dhcp released to clients to not download any p2p accept from browse msn and direct download and i just want one anntenna of mine which is mine to bypass the p2p and download torrents.


please advise


or add me on skype zainmw91

or google n1ghtwalk3r786@googlemail.com if their is onther messenger you have please let me know i could give you my id mayb you can ssh through the public ip and check it out thanks.

Like I said, use the real IP. Whatever IP is configured on the device itself is the IP you should refer to in the firewall rule.

so you mean the internet ip right? like my ip and the internet gateway ip like example 45.331.99.209 255.255.255.0 45.331.99.208 so
ip firewall filter
one firewall rule:-different
add chain=forward src-address=45.331.99.209 action=accept
add chain=forward dst-address=45.331.99.208 action=accept

Seperate firewall:- if am right different
add chain=forward p2p=all-p2p action=drop

its like making two firewalls one with the src and dst and then one juz to block p2p and all users going to the net should be blocked then to unblock myself i just make a new firewall put my dhcp ip 192.168.88.5 as src and dst 192.168.88.1 which is my gate way and accept all and accept p2p right?

please advise

Scenario: you want to block all P2P except for traffic from a computer that has 192.168.88.5 as its IP address.
I don't know how to explain this any more clearly.

understood that sir sorry am abit slow at catching the scenrio you gave was to enable the certian computer to be allowed to get p2p but first i need to block all clients from using p2p which i havent done and need your assitance in how to do it.


please advise

i have allrdi added a firewall for 192.168.88.5 to access p2p the one you gave me now i wana block the rest from using p2p so they don t slow down my network.

The last line does that.

ok but i have onther issue now my internet works fine for all day till 2-3 am in the moring and the rb750g just off's its self then i have to go remove the internet cable which goes to the eth1 and it goes back on then i have to wait for all links to be stable and re-put the internet link it works for couple of hours and goes back off i have tried two different rb750g's and it does the same issue? any suggestion why

Turn on debug logging and look what the logs say.

well the logging is enabled please guide on how to enable debugg logging when i check the logging in the next moring their's no logs.

http://wiki.mikrotik.com/wiki/Manual:System/Log
Enable the 'debug' topic and put it into a file so that it doesn't get emptied out in case the router reboots.

http://wiki.mikrotik.com/wiki/Manual:System/Watchdog
You can also enable the software watchdog and have it automatically create supouts on crash that you can then send to support.

thanks man i will read it and get back to you

this is what i have done please advise by click on the image links

one more thing fewi what if the lan port is on connecting a lan cable almost 70 meters data cable and it show's connected on the mikrotik and the internet switch below what if i can t ping the ip could it be the cable has a issue even tho the lan lights are on the mikrotik board? because i just put a rb433 todai connected to new secotrs and the internet cable is connected to eth1 and i can t ping any of the public internet ip's could it be the cable has some connection issue ?


am asking this cause i am only sending tx no rx coming through the cable?


please advise

hi guys i have got the link working i can ping the public ips dns etc google etc on the mikrotik without ping time outs but when i try to browse its very slow the net? my singal strenght of connection is -76 dBm p throughoutput 4441 kbps tx/rx singal strenght 76dbm and singal strenght 86dbm could it be cause my singal strenght is ver low my browsing is slow?

hey fewi i managed to block torrents p2p by blocking torrents wwws and dns in firewall but now i blocked all p2p's how do i juz unblock my mac to download p2p please advise

Scenario: you want to block all P2P except for traffic from a computer that has 192.168.88.5 as its IP address.

Code: Select all

/ip firewall filter
add chain=forward action=accept src-address=192.168.88.5
add chain=forward action=accept dst-address=192.168.88.5
add chain=forward action=drop p2p=all-p2p

I don't know how to explain this any more clearly.

Replace 192.168.88.5 with the IP address of the device you want to be able to pass p2p traffic.

seems to be working thanks alot how do i giv that certian ip unlimited traffic like unlimited speed also please adivse is tx download or upload and rx upload or download cause tx always showing high traffic lik 150kbps 90 kbps etc when the link am pumping is juz 128kbps for now

Read up on QoS. The wiki has many examples and manuals.

RX and TX are from the router's point of view. So RX is traffic received by the router, that is upload from the client. TX is traffic sent by the router, so download from the client.

ok cool