Topic: how to block the torrent program & porst to dfl-800 (Read 12418 times)

lezde716 · « **on:** July 05, 2010, 08:15:29 PM »

we have dfl-800 firewall in the office apparently we are experiencing a slow connection maybe because of some staff using torrent programs to download movies. Anyone can help me to block torrent application and port in the dfl-800 firewall.

Hoping for your answer about this concern. Thank you.

danilovav · « **Reply #1 on:** July 06, 2010, 05:23:03 AM »

1. You can buy a subscription for IDP and block P2P traffic on signature base.

2. You can allow for clients only HTTP (with ALG, including blocking of websites) and other required services, but don't allow any other.

3. You can limit bandwidth for users by pipes.

4. You can fire top downloaders

chechito · « **Reply #2 on:** July 06, 2010, 12:19:03 PM »

using opendns category blocking to block p2p related dns queries helps a lot too.

lezde716 · « **Reply #3 on:** July 06, 2010, 07:05:05 PM »

Quote from: danilovav on July 06, 2010, 05:23:03 AM

1. You can buy a subscription for IDP and block P2P traffic on signature base.

2. You can allow for clients only HTTP (with ALG, including blocking of websites) and other required services, but don't allow any other.

3. You can limit bandwidth for users by pipes.

4. You can fire top downloaders

Thanks dan.

On the 4 suggestion I like the no. 3, but I'm new to this machine for this reason i don't have any idea how to this. Can you please gave me a little guide or refer me some site to guide me how to do this thing.

Thanks a lot.

danilovav · « **Reply #4 on:** July 07, 2010, 06:00:13 AM »

It's simple

1. Traffic management > Traffic shaping > Pipes
Make two pipes (ex, lan_up and lan_down) with grouping by source IP, total limit equal to wan speed, group limit = your limit for users.
Two pipes are required because you will have possibility to control bandwidth of both directions separately.

2. Traffic management > Traffic shaping > Pipe rules
Add rule lan/lannet wan1/all-nets, forward chain = lan_up, return chain = lan_down

lezde716 · « **Reply #5 on:** July 07, 2010, 08:17:50 PM »

Quote from: danilovav on July 07, 2010, 06:00:13 AM

It's simple

1. Traffic management > Traffic shaping > Pipes
Make two pipes (ex, lan_up and lan_down) with grouping by source IP, total limit equal to wan speed, group limit = your limit for users.
Two pipes are required because you will have possibility to control bandwidth of both directions separately.

2. Traffic management > Traffic shaping > Pipe rules
Add rule lan/lannet wan1/all-nets, forward chain = lan_up, return chain = lan_down

Thanks again.

So with this rules all users connected to this firewall has a limited connection on internet? or can I do this to a specific port/s or computer/s?

lezde716 · « **Reply #6 on:** July 07, 2010, 08:24:53 PM »

Quote from: chechito on July 06, 2010, 12:19:03 PM

using opendns category blocking to block p2p related dns queries helps a lot too.

this is good idea too. thank you.

but I don't have any idea what you are talking. I'm new to this machine. Can you teach me how do your recommendation. a little guide for this please.

Thank you.

danilovav · « **Reply #7 on:** July 07, 2010, 08:34:39 PM »

Quote from: lezde716 on July 07, 2010, 08:17:50 PM

Thanks again.

So with this rules all users connected to this firewall has a limited connection on internet? or can I do this to a specific port/s or computer/s?

Yes, you can. On PBR, you can set source network (group with clients in lan) and/or service (ports).

Using of OpenDNS is not a panacea because it will block only DNS queries, but IP-based requests will still work.

lezde716 · « **Reply #8 on:** July 08, 2010, 11:48:50 PM »

Quote from: danilovav on July 07, 2010, 06:00:13 AM

It's simple

1. Traffic management > Traffic shaping > Pipes
Make two pipes (ex, lan_up and lan_down) with grouping by source IP, total limit equal to wan speed, group limit = your limit for users.
Two pipes are required because you will have possibility to control bandwidth of both directions separately.

2. Traffic management > Traffic shaping > Pipe rules
Add rule lan/lannet wan1/all-nets, forward chain = lan_up, return chain = lan_down

Thanks for the help Dan but sorry if I have a lot of queries.

Configuration:      Version 25
Firmware Version: 2.26.00.06-12649
Sep 23 2009

Our Internet speed are:
1st ISP is up to 2mbps static IP
2nd ISP is up to 2mbps dynamic IP

General >Precedences:    Minimum=0    Default=0    Maximum=7

Pipe Limit >Precedences:    Kilobits per second    Packets per second.
there's 7 boxes to input

Group Limit >Precedences:    Kilobits per second    Packets per second
also 7 boxes to input

What would I input here?

In the Pipe rule what will be the services I'm going to put here?

danilovav · « **Reply #9 on:** July 09, 2010, 04:37:32 AM »

1) Use "total" input. Numbered fields are for guaranteed bandwidth

2) To limit everything, use all_services

D-Link Forums

News:

Author Topic: how to block the torrent program & porst to dfl-800 (Read 12418 times)

lezde716

how to block the torrent program & porst to dfl-800

danilovav

Re: how to block the torrent program & porst to dfl-800

chechito

Re: how to block the torrent program & porst to dfl-800

lezde716

Re: how to block the torrent program & porst to dfl-800

danilovav

Re: how to block the torrent program & porst to dfl-800

lezde716

Re: how to block the torrent program & porst to dfl-800

lezde716

Re: how to block the torrent program & porst to dfl-800

danilovav

Re: how to block the torrent program & porst to dfl-800

lezde716

Re: how to block the torrent program & porst to dfl-800

danilovav

Re: how to block the torrent program & porst to dfl-800