Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[eko]

Hello, in first sorry for my english, my problem is that in a LAN with 50 PCīs  i have configured DFL-800 in transparent mode and works fine but i want to block the p2p because the connection is too slow , Which is better? ,ip bandwidth manager or block all ports and allow only ftp http mail etc,

[Fatman]

Both?

Though if I was only going to use one I would worry more about getting my port controls and ALGs right.

[danilovav]

You can use IDP signatures to determine P2P traffic and block it

or

You can make pipes, but rule for selecting of pipe should be based on P2P IDP too

or

You can allow only ALG managed traffic (HTTP, FTP, etc)

Your choise.

[eko]

Hey Fatman, i need your help, my LAn is still slow, because i canīt drop the p2p packets, I have 12 mb/down 600kb/up, and i have created 2  pipe rules:



wan-http with 2 pipes http-in  total limit 8000,
                                http-out total limit 400
high precedence 7

wan-all with             std-in total limit 4000 ,
                                  std-out total limit 200
 low precedence 2

but this donīt guarantee 8000kb for http traffic?

how can i make rule for selecting of pipe  based on P2P IDP?
how can i use IDP signatures to determine P2P traffic and block it?

I want to stay 8 mb to navigate and the rest for other applications, but i canīt.
In ALG http-outbound I blacklist some urls, but i canīt make much more.

Fatman . i need your help please!

[eko]

Can i assign IP bandwith?

greetings

[Fatman]

I would need to see your pipes and pipe rules to know exactly what is going wrong.  600kb up is absolutely anaemic on 12mb down though.

[eko]

Hello Fatman, I take some pics form my firewall,  http://yfrog.com/0wpipesruleshttpchainsj.

the pics are from pipes, pipe-rules, ip-rules and interfaces-adreses,

Yes my ISP is ONO and i live in SPAIN and here  is the normal connection , itīs a s*** i know,.

thank you Fatman, for your help, We will stop all these P2P downloads!!

I also want stop the  direct downloads from servers like Megaupload, rapidshare, megavideo etc, and the Jdownloaders, can i specify to stop downloads with size greater than 200 MB, for example??, or assign IP-bandwith?

One more time sorry for my very bad english man! Greetings;

[eko]

OR banned a determinate MAC addres for a specific time?
thanks.

[Fatman]

Threshold Rules will allow you to slow or shut down abusers once we have reasonable pipes made.  It will also assist you in limiting the number of connections open, which can be important.

As for your pipes, ensure that your HTTP traffic is as a higher precedence.

Take the total bandwidth on your HTTP pipe off and put a precedence level limit on it's precedence.  Ensure the HTTP pipe and the std pipe have the same limits at the HTTP precedence level.

You might not need the all pipes, you should just ensure your rule puts other traffic at priority 0.

There is a lot of fiddling to get pipes right, just keep plugging away.