Hi all,
currently I'm identifying P2P by means of mangle on all other type of traffic (ports < 1024), that is mangle as "known". All other type of traffic is mangled unknown (with both connection and packet mark) and routed on default gateway. I would like to add also a "unknown" mark routing to this type of traffic, so I can route it to other routers different from default gateway:
p2p --->mark connection(unknown)--->mark packet(unknown)---->mark routing(unknown)
P2P traffic shares a simple queue.
Mark routing rule is matched on firewall/mangle, but traffic does not enter into simple queue...
Any advice?
Rgds
Re: P2P to Default Gateway
The idea is fine but implementation is not.
Get a list of the regular ports used and allow those and mark the rest.
1863 - msn msngr
1701 - VPN
3389 - rdc
5000-1 - yahoo voice
5050 - yahoo mnsgr
5100 - yahoo webcam
5190- aol
6112 - gaming
6665-6669 IRC
6891-6900 - msn msngr file transfer
6901- msn msngr voice
8080- common http
11999 - yahoo games
28800-29100- msn gaming
There will be other custom ports which you will need to remove.
This is how i have done it to, you could also mark unneeded ports from 0 to 1024 also.
Cheers
Kev
Get a list of the regular ports used and allow those and mark the rest.
1863 - msn msngr
1701 - VPN
3389 - rdc
5000-1 - yahoo voice
5050 - yahoo mnsgr
5100 - yahoo webcam
5190- aol
6112 - gaming
6665-6669 IRC
6891-6900 - msn msngr file transfer
6901- msn msngr voice
8080- common http
11999 - yahoo games
28800-29100- msn gaming
There will be other custom ports which you will need to remove.
This is how i have done it to, you could also mark unneeded ports from 0 to 1024 also.
Cheers
Kev
Re: P2P to Default Gateway
Yes,
but there are many other ports needed (msn video, custom VPN, ....).
Actually the system is working pretty good: all P2P is routed to default gateway where it is queued and all other traffic (known) is directed to other connections. The only problem I have is that I'm not able to apply a mark routing to unknown traffic (p2p) and route this to a dedicated route (not default gateway).
but there are many other ports needed (msn video, custom VPN, ....).
Actually the system is working pretty good: all P2P is routed to default gateway where it is queued and all other traffic (known) is directed to other connections. The only problem I have is that I'm not able to apply a mark routing to unknown traffic (p2p) and route this to a dedicated route (not default gateway).
Re: P2P to Default Gateway
Yes, this is a problem. It's been written about here in forum, and the only thing one can do for p2p to keep working is NOT to mark routing - just leave it to "go" thru your DEFAULT gateway...Yes,
but there are many other ports needed (msn video, custom VPN, ....).
Actually the system is working pretty good: all P2P is routed to default gateway where it is queued and all other traffic (known) is directed to other connections. The only problem I have is that I'm not able to apply a mark routing to unknown traffic (p2p) and route this to a dedicated route (not default gateway).
So, lets say, you have two links, "main" link that you pay for really much and "aux" (some adsl line) that is cheap(er).. Make ADSL default gateway, and then mark route all other (important) trafic thru the MAIN link... I've been doing that last night - it works ... still have some ports to "catch" so voice, video and some other stuff go thru "main" link too
Good luck,
Dejan
Re: P2P to Default Gateway
HI jdejansb,
it seems that I've solve the problem, may be this might be useful to others...
I've simply applied a mark routing (unknown) to all unknown traffic, as described in my post. The mikstake was that mark routing needs IP address to work, so I've done an address list (PPPoE users) where are stored all subnets that I use for customers and apply a mark routing to all unknown traffic (mark connection != known) whose source IP address belongs to address list "PPPoE users".
Now it works, so I can use a gateway for p2p traffic different from Default Gateway
### Unknown Traffic
chain=prerouting action=mark-routing new-routing-mark=unknown
passthrough=no connection-mark=!known src-address-list=PPPoE_users
Rgds
it seems that I've solve the problem, may be this might be useful to others...
I've simply applied a mark routing (unknown) to all unknown traffic, as described in my post. The mikstake was that mark routing needs IP address to work, so I've done an address list (PPPoE users) where are stored all subnets that I use for customers and apply a mark routing to all unknown traffic (mark connection != known) whose source IP address belongs to address list "PPPoE users".
Now it works, so I can use a gateway for p2p traffic different from Default Gateway
### Unknown Traffic
chain=prerouting action=mark-routing new-routing-mark=unknown
passthrough=no connection-mark=!known src-address-list=PPPoE_users
Rgds
Re: P2P to Default Gateway
WOW!!!HI jdejansb,
it seems that I've solve the problem, may be this might be useful to others...
I've simply applied a mark routing (unknown) to all unknown traffic, as described in my post. The mikstake was that mark routing needs IP address to work, so I've done an address list (PPPoE users) where are stored all subnets that I use for customers and apply a mark routing to all unknown traffic (mark connection != known) whose source IP address belongs to address list "PPPoE users".
Now it works, so I can use a gateway for p2p traffic different from Default Gateway
### Unknown Traffic
chain=prerouting action=mark-routing new-routing-mark=unknown
passthrough=no connection-mark=!known src-address-list=PPPoE_users
Rgds
This would be great if works... I will try to find some time tonight and test
(I am having BIG problems since I changed default gateway ... on-line games work very bad, FTP is working sometimes
, etc.....)Dejan!
Re: P2P to Default Gateway
It takes a few packets to recognise P2P , so if you try and mark it and send it any other way , it won't perform so well
Re: P2P to Default Gateway
well... guess that's right. And what if we send ALL packets other then some known to specific gateway??? huh... keep tryingIt takes a few packets to recognise P2P , so if you try and mark it and send it any other way , it won't perform so well
Dejan.
Re: P2P to Default Gateway
I'm using it in last four days, and it seems ok...
Now my DG does not receive P2P any more
Rgds
Now my DG does not receive P2P any more
Rgds
Re: P2P to Default Gateway
I'm starting to think that I'm stupidoI'm using it in last four days, and it seems ok...
Now my DG does not receive P2P any more
Rgds
When I do as you suggested, p2p traffic really does not go thru default gateway ... but, also, it goes nowhere 
(not working)...What am I missing? Does address have to be in a address list or could I just put 10.10.0.0/16 ?? (pppoe users get 10.10.10.xxx, 11.xxx, 12.xxx and 14.xxx)??
Dejan
Re: P2P to Default Gateway
Did you use a connection mark in your Unknown traffic mark routing rule?
### Unknown Traffic
chain=prerouting action=mark-routing new-routing-mark=unknown
passthrough=no connection-mark=!known src-address-list=PPPoE_users
If your PPPoE address are
10.10.0.0/16
10.11.0.0/16
10.12.0.0/16
10.14.0.0/16
then you need to add all the above networks into PPPoE address list or the whole subnet 10.0.0.0/8. Did you remove the "Passthrough" from mark routing mangle?
Try with a single IP as test (e.g. the one on your PC) and check if mangle rule is matched:
### Unknown Traffic
chain=prerouting action=mark-routing new-routing-mark=unknown
passthrough=no connection-mark=!known src-address-list=<your IP address>
### Unknown Traffic
chain=prerouting action=mark-routing new-routing-mark=unknown
passthrough=no connection-mark=!known src-address-list=PPPoE_users
If your PPPoE address are
10.10.0.0/16
10.11.0.0/16
10.12.0.0/16
10.14.0.0/16
then you need to add all the above networks into PPPoE address list or the whole subnet 10.0.0.0/8. Did you remove the "Passthrough" from mark routing mangle?
Try with a single IP as test (e.g. the one on your PC) and check if mangle rule is matched:
### Unknown Traffic
chain=prerouting action=mark-routing new-routing-mark=unknown
passthrough=no connection-mark=!known src-address-list=<your IP address>
Re: P2P to Default Gateway
... I had some problems with WiFi - didn't have time for p2p 
But, I'll try in next few days to make it work ..... (I have to mark ALL the "stuff" that my clients use before sending "!known" to non-default gateway )
Regards,
Dejan
But, I'll try in next few days to make it work ..... (I have to mark ALL the "stuff" that my clients use before sending "!known" to non-default gateway )Regards,
Dejan
Re: P2P to Default Gateway
it looks like WORKING!!!
Nevertheless - I MANGLEd almost all known nonp2p traffic and ACCEPTed it (when someone complains I look for ports his app. is using and add it to mangle/accept), and whatever left I MARKed connection, packet, and MARKed ROUTING ...
p2p goes thru cheep line, and the rest of trafic is on my primary line 
Regards,
Dejan
Nevertheless - I MANGLEd almost all known nonp2p traffic and ACCEPTed it (when someone complains I look for ports his app. is using and add it to mangle/accept), and whatever left I MARKed connection, packet, and MARKed ROUTING
...p2p goes thru cheep line, and the rest of trafic is on my primary line
Regards,
Dejan
Re: P2P to Default Gateway
I'm glad it helps...
Rgds,
Carlo
Rgds,
Carlo