MikroTik

Posted: **Fri Jan 25, 2008 8:00 pm**

I want to limit my client`s number of connections and I understand I can do that in Queues. My problem is that I have big latency whenever a client uses a p2p software like DC++. I tryed to put queues but I can seem to succeed. Can anyone help me with the line I need to enter? I've tryed "queue simple add p2p=all-p2p target-addresses=10.100.12.24" and other variations and I seem to get is a headache

Posted: **Fri Jan 25, 2008 11:52 pm**

Good luck, I have tried the sam with enabling p2p and it is a headache, You have to mark your p2p connections in mangle and setup queue tree (which i do not like because i like to see my exact useres upload/download/uptime/rx/tx etc etc) I have marked my packets and tried to setup a queeue tree, but It didnt really work. ALthough i was testing it with ares, Much more testing to do on this. I just wish it was much more simpler than this.

Every time i enable P2P in simple queu, all the queueing goes away and user has full bandwidth... I have to keep searching and looking at this to try and figure it out...

I know you can drop p2p In firewall filter rules.. search wikie for details if thats what you wish to do.... -Jordan

Posted: **Sat Jan 26, 2008 3:22 am**

OK i figured out how to queue p2p traffic, i used the following site to figure it out http://wiki.mikrotik.com/wiki/TransparentTrafficShaper The only problem is i cant seem to get other_conntion to work. it queus all data not the P2p data... However the P2P connection make does actually queue all p2p such as DC++ Kazzaa etc etc. Just not ares yet..... I will keep working on it..

Posted: **Sat Feb 23, 2008 8:02 pm**

I know how to do this... i suffered the same problem and finally i got a solution!!!

In Mangle you need to mark "connection" and select P2P traffic and enable passtrough, then just after this rule you make another rule using the connection mark you created above and marking this one as "packet" and disable passtrough option in this rule! With this done you sucessfully marked the P2P traffic and only it.

Now you make your QoS tree and select the "packet" mark to use on it. Another problem i was suffering was with a lot of udp connections from the same client. You need to make a rule on firewall filters to limit tcp connections and for udp you need to go to the clients house and limit the upload rate and if possible disable the udp protocol on the p2p program he is using. This solved my problem. Pings now are 3 - 4ms no packet loss. I hope it was usefull, good luck!

Posted: **Sat Dec 18, 2010 11:10 pm**

@nitrium please can you write down these rules as i'm new in mikrotik and suffering a lot from one user uses huge and huge number of udp connections please..

Posted: **Fri Jan 14, 2011 9:48 am**

Mr Zero, here is what I use.

First we set a mangle rule which adds P2P users to an address list. If you have added the L7 protocols, you can also create mangle rule to add results to the address list. the list is a dynamic list, entries expire after 1 hour.

/ip firewall mangle
add action=add-src-to-address-list address-list=p2pclient address-list-timeout=1h chain=forward comment=\
    "List P2P client" disabled=no p2p=all-p2p

Next you set a drop filter rule to drop most TCP ports and UDP ports on the listed IP addresses. These rules do not affect average browsing/e-mail.

/ip firewall filter
add action=drop chain=forward comment="Drop Hi TCP on P2P Clients" disabled=no dst-port=200-65535 \
    protocol=tcp src-address-list=p2pclient src-port=200-65535
add action=drop chain=forward comment="Drop UDP on P2P Clients" disabled=no dst-port=200-65535 \
    protocol=udp src-address-list=p2pclient src-port=200-65535 \

This then seriously limits the P2p activity.

MikroTik

Connection limit

Connection limit

Re: Connection limit

Re: Connection limit

Re: Connection limit

Re: Connection limit

Re: Connection limit