+ Responder ao Tópico



  1. #1

    Padrão Controle p2p limitando web cam msn.......??

    Pessoal fiz as seguintes regras para p2p:

    / queue tree
    add name="limitar p2p1" parent=global-in packet-mark=p2p limit-at=0 \
    queue=default priority=8 max-limit=200000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no
    add name="limitar p2p2" parent=global-out packet-mark=p2p limit-at=0 \
    queue=default priority=8 max-limit=200000 burst-limit=0 burst-threshold=0 \
    burst-time=0s disabled=no

    E quando tento usar web cam no msn fica travando e trancando toda hora, se desbilito a regra funciona blz... tem alguma maneira de tratar o trafego p2p sem afetar o trafego das webs no msn??? Help!!!

  2. #2

    Padrão

    ola amigo,
    a principio a regra do controle p2p não interfere no uso da webcam, mas de toda sorte, como vc fez a marcação dos pacotes2p (packet-mark=p2p).
    talvez por esse caminho possamos desvendar o misterio.
    post ae a regra e veremos o que podemos fazer.
    abraços

  3. #3

    Padrão

    Amigo Josevaldo, desde muit grato pela atenção.

    Vamos lá...

    / ip firewall mangle
    add chain=prerouting p2p=all-p2p action=mark-connection \
    new-connection-mark=p2p passthrough=yes comment="bloquear p2p" \
    disabled=no
    add chain=prerouting connection-mark=p2p action=mark-packet \
    new-packet-mark=p2p2 passthrough=yes comment="" disabled=no

    add chain=forward src-address=192.168.201.0/26 protocol=tcp dst-port=21 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes \
    comment="Marcando Pacotes Sem Limite Conexao Rede 192.168.201.x" \
    disabled=no
    add chain=forward src-address=192.168.201.0/26 protocol=tcp dst-port=22 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.201.0/26 protocol=tcp dst-port=23 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.201.0/26 protocol=tcp dst-port=25 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=yes
    add chain=forward src-address=192.168.201.0/26 protocol=tcp dst-port=53 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.201.0/26 protocol=tcp dst-port=80 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=yes
    add chain=forward src-address=192.168.201.0/26 protocol=tcp dst-port=110 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.201.0/26 protocol=tcp dst-port=443 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.201.0/26 protocol=tcp dst-port=8080 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.201.0/26 protocol=tcp dst-port=6891-6901 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.202.0/26 protocol=tcp dst-port=21 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes \
    comment="Marcando Pacotes Sem Limite Conexao rede 192.168.202.x" \
    disabled=no
    add chain=forward src-address=192.168.202.0/26 protocol=tcp dst-port=22 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.202.0/26 protocol=tcp dst-port=23 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.202.0/26 protocol=tcp dst-port=25 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.202.0/26 protocol=tcp dst-port=53 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.202.0/26 protocol=tcp dst-port=80 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=yes
    add chain=forward src-address=192.168.202.0/26 protocol=tcp dst-port=110 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.202.0/26 protocol=tcp dst-port=443 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=yes
    add chain=forward src-address=192.168.202.0/26 protocol=tcp dst-port=8080 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.202.0/26 protocol=tcp dst-port=6891-6901 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.203.0/26 protocol=tcp dst-port=21 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes \
    comment="Marcando Pacotes Sem Limite Conexao rede 192.168.203.x" \
    disabled=no
    add chain=forward src-address=192.168.203.0/26 protocol=tcp dst-port=22 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.203.0/26 protocol=tcp dst-port=23 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.203.0/26 protocol=tcp dst-port=25 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=yes
    add chain=forward src-address=192.168.203.0/26 protocol=tcp dst-port=53 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.203.0/26 protocol=tcp dst-port=80 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=yes
    add chain=forward src-address=192.168.203.0/26 protocol=tcp dst-port=110 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.203.0/26 protocol=tcp dst-port=443 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=yes
    add chain=forward src-address=192.168.203.0/26 protocol=tcp dst-port=8080 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.203.0/26 protocol=tcp dst-port=6891-6901 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.204.0/26 protocol=tcp dst-port=21 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes \
    comment="Marcando Pacotes Sem Limite Conexao rede 192.168.204.x" \
    disabled=no
    add chain=forward src-address=192.168.204.0/26 protocol=tcp dst-port=22 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.204.0/26 protocol=tcp dst-port=23 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.204.0/26 protocol=tcp dst-port=25 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=yes
    add chain=forward src-address=192.168.204.0/26 protocol=tcp dst-port=53 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.204.0/26 protocol=tcp dst-port=80 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=yes
    add chain=forward src-address=192.168.204.0/26 protocol=tcp dst-port=110 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.204.0/26 protocol=tcp dst-port=443 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=yes
    add chain=forward src-address=192.168.204.0/26 protocol=tcp dst-port=8080 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no
    add chain=forward src-address=192.168.204.0/26 protocol=tcp dst-port=6891-6901 \
    action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
    disabled=no

    Se tiver uma maneira de otimizar todas essas regras sinta-se a vontade.....Abraços!!!

  4. #4
    Moderador Avatar de minelli
    Ingresso
    Aug 2006
    Localização
    Pres. Venceslau - SP | Pres. Prudente - SP
    Posts
    1.412
    Posts de Blog
    10

    Padrão P2p

    Caro colega tenta essas regras. Desabilite o P2P queues tree e crie em queues simple. A regra do QUEUEs deve sempre estar em primeiro.

    / ip firewall mangle

    add chain=foward p2p=all-p2p action=mark-connection \
    new-connection-mark=p2p passthrough=yes comment="bloquear p2p" disabled=no
    add chain=foward connection-mark=p2p action=mark-packet \
    new-packet-mark=p2p passthrough=yes comment="" disabled=no
    add chain=foward connection-mark=!p2p action=mark-packet \
    new-packet-mark=Outros passthrough=yes comment="" disabled=no

    / ip queue simple

    add name="P2P" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=p2p direction=both priority=6 \
    queue=default/default limit-at=0/0 max-limit=512000/512000 total-queue=default time=0s-24m,sun,mon,tue,wed,thu,fri,sat \
    disabled=no

  5. #5

    Padrão

    Amigo Minelli, gato pela atenção, coloquei as regras mas não marcou os pacotes!!!!!! estranho, pois pela logica deveria funcionar...

  6. #6

    Padrão

    Citação Postado originalmente por minelli Ver Post
    Caro colega tenta essas regras. Desabilite o P2P queues tree e crie em queues simple. A regra do QUEUEs deve sempre estar em primeiro.

    / ip firewall mangle

    add chain=foward p2p=all-p2p action=mark-connection \
    new-connection-mark=p2p passthrough=yes comment="bloquear p2p" disabled=no
    add chain=foward connection-mark=p2p action=mark-packet \
    new-packet-mark=p2p passthrough=yes comment="" disabled=no
    add chain=foward connection-mark=!p2p action=mark-packet \
    new-packet-mark=Outros passthrough=yes comment="" disabled=no

    / ip queue simple

    add name="P2P" dst-address=0.0.0.0/0 interface=all parent=none packet-marks=p2p direction=both priority=6 \
    queue=default/default limit-at=0/0 max-limit=512000/512000 total-queue=default time=0s-24m,sun,mon,tue,wed,thu,fri,sat \
    disabled=no
    Amigo troca o forward por prerouting, e remova o "!" das regras, testa ae e posta os resultados.

    Acabei me esquecendo, muda o connection-mark para p2p_conn para diferenciar do mark-packet que de ficar como p2p.
    Última edição por 2KILLER2; 15-02-2008 às 13:38.

  7. #7

    Padrão

    Colega, marcou porem nao efetuou a queue....

  8. #8
    Moderador Avatar de minelli
    Ingresso
    Aug 2006
    Localização
    Pres. Venceslau - SP | Pres. Prudente - SP
    Posts
    1.412
    Posts de Blog
    10

    Padrão p2p

    o prerouting pode ser mudado o restante nao faca o teste.