D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: lezde716 on July 05, 2010, 08:15:29 PM

Title: how to block the torrent program & porst to dfl-800
Post by: lezde716 on July 05, 2010, 08:15:29 PM
we have dfl-800 firewall in the office apparently we are experiencing a slow connection maybe because of some staff using torrent programs to download movies. Anyone can help me to block torrent application and port in the dfl-800 firewall.

Hoping for your answer about this concern. Thank you.
Title: Re: how to block the torrent program & porst to dfl-800
Post by: danilovav on July 06, 2010, 05:23:03 AM
1. You can buy a subscription for IDP and block P2P traffic on signature base.

2. You can allow for clients only HTTP (with ALG, including blocking of websites) and other required services, but don't allow any other.

3. You can limit bandwidth for users by pipes.

4. You can fire top downloaders :D
Title: Re: how to block the torrent program & porst to dfl-800
Post by: chechito on July 06, 2010, 12:19:03 PM
using opendns category blocking to block p2p related dns queries helps a lot too.
Title: Re: how to block the torrent program & porst to dfl-800
Post by: lezde716 on July 06, 2010, 07:05:05 PM
1. You can buy a subscription for IDP and block P2P traffic on signature base.

2. You can allow for clients only HTTP (with ALG, including blocking of websites) and other required services, but don't allow any other.

3. You can limit bandwidth for users by pipes.

4. You can fire top downloaders :D

Thanks dan.

On the 4 suggestion I like the no. 3, but I'm new to this machine for this reason i don't have any idea how to this. Can you please gave me a little guide or refer me some site to guide me how to do this thing.

Thanks a lot.
Title: Re: how to block the torrent program & porst to dfl-800
Post by: danilovav on July 07, 2010, 06:00:13 AM
It's simple

1. Traffic management > Traffic shaping > Pipes
Make two pipes (ex, lan_up and lan_down) with grouping by source IP, total limit equal to wan speed, group limit = your limit for users.
Two pipes are required because you will have possibility to control bandwidth of both directions separately.

2. Traffic management > Traffic shaping > Pipe rules
Add rule lan/lannet wan1/all-nets, forward chain = lan_up, return chain = lan_down
Title: Re: how to block the torrent program & porst to dfl-800
Post by: lezde716 on July 07, 2010, 08:17:50 PM
It's simple

1. Traffic management > Traffic shaping > Pipes
Make two pipes (ex, lan_up and lan_down) with grouping by source IP, total limit equal to wan speed, group limit = your limit for users.
Two pipes are required because you will have possibility to control bandwidth of both directions separately.

2. Traffic management > Traffic shaping > Pipe rules
Add rule lan/lannet wan1/all-nets, forward chain = lan_up, return chain = lan_down

Thanks again.

So with this rules all users connected to this firewall has a limited connection on internet? or can I do this to a specific port/s or computer/s?
Title: Re: how to block the torrent program & porst to dfl-800
Post by: lezde716 on July 07, 2010, 08:24:53 PM
using opendns category blocking to block p2p related dns queries helps a lot too.

this is good idea too. thank you.

but I don't have any idea what you are talking. I'm new to this machine. Can you teach me how do your recommendation. a little guide for this please.

Thank you.
Title: Re: how to block the torrent program & porst to dfl-800
Post by: danilovav on July 07, 2010, 08:34:39 PM
Thanks again.

So with this rules all users connected to this firewall has a limited connection on internet? or can I do this to a specific port/s or computer/s?
Yes, you can. On PBR, you can set source network (group with clients in lan) and/or service (ports).

Using of OpenDNS is not a panacea because it will block only DNS queries, but IP-based requests will still work.
Title: Re: how to block the torrent program & porst to dfl-800
Post by: lezde716 on July 08, 2010, 11:48:50 PM
It's simple

1. Traffic management > Traffic shaping > Pipes
Make two pipes (ex, lan_up and lan_down) with grouping by source IP, total limit equal to wan speed, group limit = your limit for users.
Two pipes are required because you will have possibility to control bandwidth of both directions separately.

2. Traffic management > Traffic shaping > Pipe rules
Add rule lan/lannet wan1/all-nets, forward chain = lan_up, return chain = lan_down

Thanks for the help Dan but sorry if I have a lot of queries.

Configuration:          Version 25
Firmware Version:     2.26.00.06-12649
                             Sep 23 2009

Our Internet speed are:
1st ISP is up to 2mbps static IP
2nd ISP is up to 2mbps dynamic IP

General >Precedences:     Minimum=0     Default=0     Maximum=7

Pipe Limit >Precedences:     Kilobits per second     Packets per second.
there's 7 boxes to input

Group Limit >Precedences:     Kilobits per second     Packets per second
also 7 boxes to input

What would I input here?

In the Pipe rule what will be the services I'm going to put here?


Title: Re: how to block the torrent program & porst to dfl-800
Post by: danilovav on July 09, 2010, 04:37:32 AM
1) Use "total" input. Numbered fields are for guaranteed bandwidth

2) To limit everything, use all_services