Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

MT i nemogucnost blokiranja utorrenta

[es] :: Wireless :: Mikrotik :: MT i nemogucnost blokiranja utorrenta

Strane: 1 2

[ Pregleda: 10878 | Odgovora: 23 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

Stator
System Administrator
Beograd

Član broj: 14552
Poruke: 257
*.adsl.verat.net.



+3 Profil

icon MT i nemogucnost blokiranja utorrenta16.07.2008. u 21:21 - pre 191 meseci
Dakle imam RB 150 i 3.11 verziju OS-a na njemu.

Postavio sam FW i sa

Code:

/ip firewall filter add chain=forward p2p=all-p2p action=drop


Hocu da blokiram sav p2p saobracaj. Medjutim kada to upalim i postavim da mi bude na vrhu FW liste (Dakle nulto pravilo) utorrent sa ukljucenom enkripcijom bez ikakavih problema radi.

Da li ovome ima ikakve pomoci ?
 
Odgovor na temu

DoubleHeadEagle
Sinisa Lujic
SSA KlikNet
Subotica

Član broj: 160130
Poruke: 40
77.46.205.*

ICQ: 62973700
Sajt: www.suwireless.org


Profil

icon Re: MT i nemogucnost blokiranja utorrenta16.07.2008. u 23:27 - pre 191 meseci
Ne znam zasto ti ne radi, kod mene je isto podeseno i sece sve.

chain=forward src-address=192.x.x.x p2p=all-p2p action=drop

Mozda zato sto nisi dodao opseg koji treba da sece.
Suwireless community network
www.suwireless.org
 
Odgovor na temu

Stator
System Administrator
Beograd

Član broj: 14552
Poruke: 257
*.adsl.verat.net.



+3 Profil

icon Re: MT i nemogucnost blokiranja utorrenta17.07.2008. u 09:19 - pre 191 meseci
Koju ti imas verziju MT-a ?
Aj ako te ne mrzi skini najnoviji utorrent
http://download.utorrent.com/1.7.7/utorrent.exe
I probaj da skidas nesto. Bas me insteresuje da li je to samo kod mene ili kako.
 
Odgovor na temu

DoubleHeadEagle
Sinisa Lujic
SSA KlikNet
Subotica

Član broj: 160130
Poruke: 40
77.46.205.*

ICQ: 62973700
Sajt: www.suwireless.org


Profil

icon Re: MT i nemogucnost blokiranja utorrenta17.07.2008. u 14:43 - pre 191 meseci
Verzija tika je 2.9.27

Skinuo sam novi utorrent, probao i tik mi blokira protok, samo lete drop-ovi, ni byte mi nije prosao.
Suwireless community network
www.suwireless.org
 
Odgovor na temu

anon115774

Član broj: 115774
Poruke: 1656



+920 Profil

icon Re: MT i nemogucnost blokiranja utorrenta17.07.2008. u 15:01 - pre 191 meseci
Covek je spomenuo nesto jako bitno: enkripcija.

Kako ce router da zna koje je vrste saobracaj koji prolazi ako je kriptovan?
 
Odgovor na temu

Sasha_bn
Aleksandar Kamenjasevic
Bijeljina

Član broj: 144252
Poruke: 224
84.41.118.*

Sajt: www.scwlan.com


Profil

icon Re: MT i nemogucnost blokiranja utorrenta17.07.2008. u 23:44 - pre 191 meseci
Ovo je jednostavno :P
Pogedas dal nemas iznad portova koji su dozvoljeni ili se vec obradjuju u nekim pravilima
 
Odgovor na temu

DoubleHeadEagle
Sinisa Lujic
SSA KlikNet
Subotica

Član broj: 160130
Poruke: 40
77.46.205.*

ICQ: 62973700
Sajt: www.suwireless.org


Profil

icon Re: MT i nemogucnost blokiranja utorrenta18.07.2008. u 00:56 - pre 191 meseci
Moje izvinjenje, nije mi bila ukljucena enkripcija u utorrent-u, ista je sitluacija kao do tebe, prolaze paketi kroz FW.

Hmmm pa onda jedino moguce resenje da drop-ujes sve sto dolazi preko defoult-e port-a utorrent-a, i nadas se da ti korisnici nisu toliko pametni da promene port :D
Suwireless community network
www.suwireless.org
 
Odgovor na temu

Stator
System Administrator
Beograd

Član broj: 14552
Poruke: 257
*.adsl.verat.net.



+3 Profil

icon Re: MT i nemogucnost blokiranja utorrenta18.07.2008. u 02:12 - pre 191 meseci
Mislim da utorrent ima po defaultu ukljuceno da randomizuje port tako da to nije neko resenje :/
 
Odgovor na temu

dalek
tehnicka podrska
Beograd

Član broj: 19569
Poruke: 429
94.189.233.*



+4 Profil

icon Re: MT i nemogucnost blokiranja utorrenta18.11.2008. u 22:12 - pre 186 meseci
Imam slican problem, blokiran je all p2p ali prolazi Limewire bez problema... sta da radim!!?
 
Odgovor na temu

BlackBomber
Dusan Simonovic
Krusevac

Član broj: 64972
Poruke: 50
212.200.222.*

ICQ: 276541366
Sajt: www.krusevacopen.net


Profil

icon Re: MT i nemogucnost blokiranja utorrenta18.11.2008. u 22:49 - pre 186 meseci
Varijanta koja zavrsava posao ali je malo nezgodna iz drugih razloga, je sledeca: pustis sve known portove napolje sa accept pravilom, i na kraju zveknes drop all :). Realno, imas 30-tak standardnih portova koje koriste ljudi. Sve ostalo je p2p, virusi razni, i neke specificne aplikacije. Znaci pustis web, mesendzere, igrice poznatije, mail, dns-ove ukoliko idu ka spolja i tako dalje, i onda zveknes lepo drop all :). Problem je sto uvek moze da se desi da si nesto propustio da dozvolis, ili sto moze da se pojavi neka aplikacija koja nekom korisniku treba, a nije dozvoljen njen port, pa ce da te zove da vidi zasto mu ne radi.
 
Odgovor na temu

Robinson_back
Dalibor K

Član broj: 201624
Poruke: 40
*.adsl.net.t-com.hr.



Profil

icon Re: MT i nemogucnost blokiranja utorrenta19.11.2008. u 21:43 - pre 186 meseci
http://wireless.uzice.net/uput...umber-of-connections-per-user/
možda pomogne
 
Odgovor na temu

ivica82
Ivica Golubovic
student
Krusevac

Član broj: 200591
Poruke: 72
77.46.252.*



Profil

icon Re: MT i nemogucnost blokiranja utorrenta20.11.2008. u 17:37 - pre 186 meseci
I ja sam imao isti problem, ali sam nasao resenje. Jedino je resenje da se ostave samo portovi koji se najcesce koriste, jer p2p programi kao sto su torrent i mnogi drugi koriste veliki broj portova za provlacenje saobracaja, tako da MT ne uspeva sve da ih prepozna, cak prepoznaje samo jedan mali deo

Elem, ovako treba da uradis:

U firewall mangle treba da dodelis pakete svim portovima koji se najcesce koriste, koje koriste programi poput MSN, Yahoo Messenger, grice koje igras itd. i takodje portove za razne protokole (ftp, http, pop3, smtp itd). Sve ostalo sto se ne koristi treba da smestis u jedan paket, npr "OTHER_UNMATCHED" i u firewall>filter stavis pravilo koje dropuje taj paket i ono pravilo koje vec imas da dropuje p2p. Naime ovim se propusta protok samo kroz one portove za koje si ti siguran da nisu p2p, a svi ostali se blokiraju. Tako se torrent konekcije gase jos dok se ne ostvare, a ne kad se vec naprave konekcije.

Evo ja cu da ti iskopiram kako to kod mene izgleda, pa se ti nekako snadji.

U firewall mangle iskucaj ovo ispod. To ti markira pakete za programe kojima sam ja odobrio portove. Naravno, ti kod sebe mozes da izbacis nesto, a mozes i da dodas.

1 ;;; HTTP Connection
chain=prerouting protocol=tcp dst-port=80 action=mark-connection
new-connection-mark=HTTP_CON passthrough=yes

2 chain=prerouting protocol=tcp dst-port=443 action=mark-connection
new-connection-mark=HTTP_CON passthrough=yes

3 ;;; HTTP Packet
chain=prerouting connection-mark=HTTP_CON action=mark-packet
new-packet-mark=HTTP passthrough=no

4 ;;; DNS Connection
chain=prerouting protocol=udp dst-port=53 action=mark-connection
new-connection-mark=DNS_CON passthrough=yes
5 ;;; DNS Packet
chain=prerouting connection-mark=DNS_CON action=mark-packet
new-packet-mark=DNS passthrough=no

6 ;;; POP3 Connection
chain=prerouting protocol=tcp dst-port=110 action=mark-connection
new-connection-mark=SMTP_CON passthrough=yes

7 ;;; SMTP Connection
chain=prerouting protocol=tcp dst-port=25 action=mark-connection
new-connection-mark=SMTP_CON passthrough=yes

8 ;;; SMTP Packet
chain=prerouting connection-mark=SMTP_CON action=mark-packet
new-packet-mark=SMTP passthrough=no

9 ;;; FTP Connection
chain=prerouting protocol=tcp dst-port=21 action=mark-connection
new-connection-mark=FTP_CON passthrough=yes

10 ;;; FTP Packet
chain=prerouting connection-mark=FTP_CON action=mark-packet
new-packet-mark=FTP passthrough=no

11 ;;; P2P Connection
chain=prerouting p2p=all-p2p action=mark-connection
new-connection-mark=P2P_CON passthrough=yes

12 chain=prerouting protocol=tcp dst-port=1214 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes

13 chain=prerouting protocol=udp dst-port=1214 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes

14 chain=prerouting protocol=tcp dst-port=4661-4672 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes

15 chain=prerouting protocol=udp dst-port=4661-4672 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes

16 chain=prerouting protocol=tcp dst-port=5555 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes

17 chain=prerouting protocol=tcp dst-port=4242 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes

18 chain=prerouting protocol=tcp dst-port=3306 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes

19 chain=prerouting protocol=tcp dst-port=2323 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes

20 chain=prerouting protocol=tcp dst-port=7778 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes

21 chain=prerouting protocol=tcp dst-port=400-445 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes

22 chain=prerouting protocol=tcp dst-port=1412 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes

23 ;;; P2P Packet
chain=prerouting connection-mark=P2P_CON action=mark-packet
new-packet-mark=P2P passthrough=no

24 ;;; OSPF Connection
chain=prerouting protocol=ospf action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes

25 ;;; OSPF Packet
chain=prerouting connection-mark=MANAGEMENT_CON action=mark-packet
new-packet-mark=MANAGEMENT passthrough=no

26 ;;; Radius Connection
chain=prerouting protocol=udp dst-port=1812 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes

27 chain=prerouting protocol=tcp dst-port=1812 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes

28 chain=prerouting protocol=tcp dst-port=1813 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes

29 chain=prerouting protocol=udp dst-port=1813 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes

30 ;;; Radius Packet
chain=prerouting connection-mark=MANAGEMENT_CON action=mark-packet
new-packet-mark=MANAGEMENT passthrough=no

31 ;;; SNMP Connection
chain=prerouting protocol=udp dst-port=161 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes

32 chain=prerouting protocol=udp dst-port=162 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes

33 ;;; SNMP Packet
chain=prerouting connection-mark=MANAGEMENT_CON action=mark-packet
new-packet-mark=MANAGEMENT passthrough=no

34 ;;; SYSLOG Connection
chain=prerouting protocol=udp dst-port=514 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes

35 ;;; SYSLOG Packet
chain=prerouting connection-mark=MANAGEMENT_CON action=mark-packet
new-packet-mark=MANAGEMENT passthrough=no

36 ;;; SSH Connection
chain=prerouting protocol=tcp dst-port=22 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes

37 ;;; Management Packet
chain=prerouting connection-mark=MANAGEMENT_CON action=mark-packet
new-packet-mark=MANAGEMENT passthrough=no

38 ;;; ICMP Connection
chain=prerouting protocol=icmp action=mark-connection
new-connection-mark=ICMP_CON passthrough=yes

39 ;;; ICMP Packet
chain=prerouting connection-mark=ICMP_CON action=mark-packet
new-packet-mark=ICMP passthrough=no

40 ;;; Streaming Connection
chain=prerouting protocol=tcp dst-port=554 action=mark-connection
new-connection-mark=VOIP_CON passthrough=yes

41 ;;; SIP TCP Connection
chain=prerouting protocol=tcp dst-port=5060 action=mark-connection
new-connection-mark=VOIP_CON passthrough=yes

42 chain=prerouting protocol=udp dst-port=5060 action=mark-connection
new-connection-mark=VOIP_CON passthrough=yes

43 ;;; VOIP Packet
chain=prerouting connection-mark=VOIP_CON action=mark-packet
new-packet-mark=VOIP passthrough=no

44 ;;; WOW Connection
chain=prerouting protocol=udp dst-port=3724 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes

45 chain=prerouting protocol=tcp dst-port=3724 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes

46 ;;; WOW Packet
chain=prerouting connection-mark=GAME_CON action=mark-packet
new-packet-mark=GAME passthrough=no

47 ;;; XBOX 360 Connection
chain=prerouting protocol=tcp dst-port=2074 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes

48 chain=prerouting protocol=udp dst-port=2074 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes

49 chain=prerouting protocol=tcp dst-port=3074 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes

50 chain=prerouting protocol=udp dst-port=3074 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes

51 chain=prerouting protocol=tcp dst-port=88 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes

52 ;;; XBOX 360
chain=prerouting connection-mark=GAME_CON action=mark-packet
new-packet-mark=GAME passthrough=no

53 ;;; CoDII Connection
chain=prerouting protocol=tcp dst-port=28960 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes

54 chain=prerouting protocol=udp dst-port=28960 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes

55 ;;; CoDII Packet
chain=prerouting connection-mark=GAME_CON action=mark-packet
new-packet-mark=GAME passthrough=no

56 ;;; Counter Connection
chain=prerouting protocol=tcp dst-port=27000-27050
action=mark-connection new-connection-mark=GAME_CON passthrough=yes

57 chain=prerouting protocol=udp dst-port=27000-27050 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes

58 chain=prerouting protocol=udp dst-port=1200 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes

59 ;;; GAME Packet
chain=prerouting connection-mark=GAME_CON action=mark-packet
new-packet-mark=GAME passthrough=no

60 ;;; VPN Connection
chain=prerouting protocol=tcp dst-port=1723 action=mark-connection
new-connection-mark=VPN_CON passthrough=yes

61 ;;; VPN Packet
chain=prerouting connection-mark=VPN_CON action=mark-packet
new-packet-mark=VPN passthrough=no

62 ;;; VPN GRE Packet
chain=prerouting protocol=gre action=mark-packet new-packet-mark=VPN
passthrough=no

63 ;;; MSN Messenger Connection
chain=prerouting protocol=tcp dst-port=1863 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

64 chain=prerouting protocol=udp dst-port=2001-2120 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

65 chain=prerouting protocol=tcp dst-port=1493 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

66 chain=prerouting protocol=tcp dst-port=1542 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

67 chain=prerouting protocol=tcp dst-port=1963 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

68 chain=prerouting protocol=tcp dst-port=1457 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

69 chain=prerouting protocol=tcp dst-port=3389 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

70 chain=prerouting protocol=tcp dst-port=1556 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

71 chain=prerouting protocol=tcp dst-port=11771 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

72 chain=prerouting protocol=tcp dst-port=5000-8000 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

73 chain=prerouting protocol=udp dst-port=5000-8000 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

74 chain=prerouting protocol=tcp dst-port=13803 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

75 chain=prerouting protocol=tcp dst-port=389 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

76 chain=prerouting protocol=tcp dst-port=522 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

77 chain=prerouting protocol=tcp dst-port=1503 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

78 chain=prerouting protocol=tcp dst-port=1720 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

79 chain=prerouting protocol=tcp dst-port=1731 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

80 chain=prerouting protocol=tcp dst-port=9000-9999 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

81 chain=prerouting protocol=tcp dst-port=1484 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

82 chain=prerouting protocol=udp dst-port=80 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

83 ;;; Yahoo Messenger Connection
chain=prerouting protocol=tcp dst-port=5000-5001 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

84 chain=prerouting protocol=tcp dst-port=5050 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

85 chain=prerouting protocol=tcp dst-port=5100-5101 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

86 ;;; Mirc Connection
chain=prerouting protocol=tcp dst-port=6660-6669 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

87 chain=prerouting protocol=tcp dst-port=1024-1100 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

88 ;;; Skype Connection
chain=prerouting protocol=tcp dst-port=25956 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

89 ;;; AIM Connection
chain=prerouting protocol=tcp dst-port=5190 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

90 ;;; ICQ Connection
chain=prerouting protocol=tcp dst-port=20000-20019
action=mark-connection new-connection-mark=CHAT_CON passthrough=yes

91 ;;; Workgroup Connection
chain=prerouting protocol=tcp dst-port=130-139 action=mark-connection
new-connection-mark=WORKGROUP passthrough=yes

92 chain=prerouting protocol=udp dst-port=130-139 action=mark-connection
new-connection-mark=WORKGROUP passthrough=yes

93 ;;; Workgroup Packet
chain=prerouting connection-mark=WORKGROUP action=mark-packet
new-packet-mark=WORKGROUP PACKET passthrough=no

94 ;;; Avast Packet
chain=prerouting protocol=tcp dst-port=12025 action=mark-connection
new-connection-mark=ANTIVIRUS passthrough=yes

95 chain=prerouting protocol=tcp dst-port=12110 action=mark-connection
new-connection-mark=ANTIVIRUS passthrough=yes

96 chain=prerouting protocol=tcp dst-port=12143 action=mark-connection
new-connection-mark=ANTIVIRUS passthrough=yes

97 chain=prerouting protocol=tcp dst-port=12080 action=mark-connection
new-connection-mark=ANTIVIRUS passthrough=yes

98 ;;; Chat Packet
chain=prerouting connection-mark=CHAT_CON action=mark-packet
new-packet-mark=CHAT passthrough=no

99 ;;; Everything Unmatched
chain=prerouting action=mark-packet new-packet-mark=OTHER_UNMATCHED
passthrough=no


U firewall>filter ti idu sledeca 2 pravila:


14 ;;; P2P
chain=forward dst-address=x.x.x.x(mrezni opseg adresa) packet-mark=P2P action=drop

15 ;;; Other
chain=forward dst-address=x.x.x.x(mrezni opseg adresa) packet-mark=OTHER_UNMATCHED action=drop




Ovo sigurno radi, provereno. Jeste malo glomazno, ali isplati se. Protok torrentima je ravan nuli.
Ivica Golubovic
 
Odgovor na temu

dalek
tehnicka podrska
Beograd

Član broj: 19569
Poruke: 429
94.189.233.*



+4 Profil

icon Re: MT i nemogucnost blokiranja utorrenta28.11.2008. u 15:24 - pre 186 meseci
Hvala na ovako kompletnom resenju, probao sam i cini mi se da radi i da blokira sve sto treba. Jedino sto mi ne radi a mozda bi trebalo je windows update. koje portove treba da oslobodim za to? Hvala
 
Odgovor na temu

pizzonia83
trgovac
HR

Član broj: 188166
Poruke: 21
*.adsl.net.t-com.hr.



Profil

icon Re: MT i nemogucnost blokiranja utorrenta28.11.2008. u 16:57 - pre 186 meseci
Imam postavljeno ono opće pravilo za p2p ali mi izgleda prolazi edonkey (Winbox->IP->Firewall->Connections->u koloni p2p mi piše za puno konekcija edonkey)..
Ima neko brzo riješenje?
 
Odgovor na temu

dalek
tehnicka podrska
Beograd

Član broj: 19569
Poruke: 429
94.189.233.*



+4 Profil

icon Re: MT i nemogucnost blokiranja utorrenta29.11.2008. u 18:27 - pre 186 meseci
Citat:
pizzonia83: Imam postavljeno ono opće pravilo za p2p ali mi izgleda prolazi edonkey (Winbox->IP->Firewall->Connections->u koloni p2p mi piše za puno konekcija edonkey)..
Ima neko brzo riješenje?


Kod mene je Edonky bio blokiran ali mi je prolazio Limewire tako da sam morao da primenim ovo kompletno resenje sa blokiranjem svih portova osim onih neophodnih. To jedino pomaze!! hvala jos jednom za pomoc
 
Odgovor na temu

dalek
tehnicka podrska
Beograd

Član broj: 19569
Poruke: 429
94.189.233.*



+4 Profil

icon Re: MT i nemogucnost blokiranja utorrenta27.12.2008. u 22:30 - pre 185 meseci
Citat:
ivica82: I ja sam imao isti problem, ali sam nasao resenje. Jedino je resenje da se ostave samo portovi koji se najcesce koriste, jer p2p programi kao sto su torrent i mnogi drugi koriste veliki broj portova za provlacenje saobracaja, tako da MT ne uspeva sve da ih prepozna, cak prepoznaje samo jedan mali deo

Elem, ovako treba da uradis:

U firewall mangle treba da dodelis pakete svim portovima koji se najcesce koriste, koje koriste programi poput MSN, Yahoo Messenger, grice koje igras itd. i takodje portove za razne protokole (ftp, http, pop3, smtp itd). Sve ostalo sto se ne koristi treba da smestis u jedan paket, npr "OTHER_UNMATCHED" i u firewall>filter stavis pravilo koje dropuje taj paket i ono pravilo koje vec imas da dropuje p2p. Naime ovim se propusta protok samo kroz one portove za koje si ti siguran da nisu p2p, a svi ostali se blokiraju. Tako se torrent konekcije gase jos dok se ne ostvare, a ne kad se vec naprave konekcije.

Evo ja cu da ti iskopiram kako to kod mene izgleda, pa se ti nekako snadji.

U firewall mangle iskucaj ovo ispod. To ti markira pakete za programe kojima sam ja odobrio portove. Naravno, ti kod sebe mozes da izbacis nesto, a mozes i da dodas.

1
85 chain=prerouting protocol=tcp dst-port=5100-5101 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

86 ;;; Mirc Connection
chain=prerouting protocol=tcp dst-port=6660-6669 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes

Ovo sigurno radi, provereno. Jeste malo glomazno, ali isplati se. Protok torrentima je ravan nuli.


Zasto mi u ovoj kombinaciji ne radi IRC kad je lepo dozvoljen port?
 
Odgovor na temu

mobilexpert
GSM/WiFi service

Član broj: 30843
Poruke: 81
93.86.107.*

ICQ: 20333009


Profil

icon Re: MT i nemogucnost blokiranja utorrenta28.12.2008. u 20:25 - pre 185 meseci
evo kratkih testiranih saveta

- poseces userima broj konekcija, /ip firewall filter> add chain=forward src-address=x.x.x.x connection-limit=24 action=drop
tako seces na 24 konekcije po useru .... sasvim dovoljno .... stavljas od 20-50-64 ...

- blokiras torrent ... ali bas torrent, ne all-p2p, (drop)

- poseces sve udp i tcp konekcije od portova 28000-65535

i garant ima da ne radi torrent i ostali p2p, dzabe im randomize portova posto biraju visoke portove

ako si bas sado-mazo, blokiras sve osim DNS-a za udp (block, !53 port za odredjenu source adresu u forward chainu)

za svaki p2p dodaj po jedan blok pojedinacno, vezuj za mac adresu usera
(blok za torrent, blok za gnutellu, itd.)

poz.
Brka.
 
Odgovor na temu

dalek
tehnicka podrska
Beograd

Član broj: 19569
Poruke: 429
94.189.233.*



+4 Profil

icon Re: MT i nemogucnost blokiranja utorrenta29.12.2008. u 00:09 - pre 185 meseci
Citat:
mobilexpert: evo kratkih testiranih saveta

- poseces userima broj konekcija, /ip firewall filter> add chain=forward src-address=x.x.x.x connection-limit=24 action=drop
tako seces na 24 konekcije po useru .... sasvim dovoljno .... stavljas od 20-50-64 ...

- blokiras torrent ... ali bas torrent, ne all-p2p, (drop)

- poseces sve udp i tcp konekcije od portova 28000-65535

i garant ima da ne radi torrent i ostali p2p, dzabe im randomize portova posto biraju visoke portove

ako si bas sado-mazo, blokiras sve osim DNS-a za udp (block, !53 port za odredjenu source adresu u forward chainu)

za svaki p2p dodaj po jedan blok pojedinacno, vezuj za mac adresu usera
(blok za torrent, blok za gnutellu, itd.)

poz.
Brka.


Ajde razjasni mi malo? ovo prvo mi je jasno ali ovo dalje ne
 
Odgovor na temu

ivica82
Ivica Golubovic
student
Krusevac

Član broj: 200591
Poruke: 72
93.86.185.*



Profil

icon Re: MT i nemogucnost blokiranja utorrenta06.01.2009. u 22:44 - pre 185 meseci
Resenje koje je dao mobile expert moze da radi, ali ne 100% kao sa mapiranjem portova, evo i zasto:

1. ogranicenje broja konekcija vazi samo za TCP, a vecina p2p softwera, a posebno torenti, provlace p2p saobracaj bas kroz UDP portove (u ovom slucaju proci ce neki p2p kroz UDP portove do 28000, a to moze da bude dovoljno da se ostvari i vise konekcija).
2. Iz licnog iskustva nisam za to da se zatvaraju nasumicno portovi, zato sto ce sigurno da se nadje neka aplikacija koja ce da radi na portovima od 28000-65535 (npr. portovi za counter su na 27000+, a to je vrlo blizu blokiranom opsegu).

A sto se tice toga da nece mirc da radi sa onim mapiranjem portova koje sam ja predlozio, prover svoj firewall filter u tiku da tu nemas neko pravilo koje zatvara neki od portova. Mirc koristi port 6667, a fajlove provlaci kroz portove od 1024 pa na dalje (u svakom slucaju bi trebalo da se konektuje). Takodje proveri firewall na svom racunaru (windows firewall ili neki koji si sam instalirao). Takodje postoji mogucnost da ti je neka aplikacija iz windowsa trajno zauzela port 6667 i da ne dozvoljava mircu da protera saobracaj.
Meni sa onim mapiranjem portova radi mirc bez problema i takodje radi slanje i primanje fajlova preko mirca.

POZDRAV
Ivica Golubovic
 
Odgovor na temu

cika007
na kraj sela

Član broj: 19386
Poruke: 154
91.143.216.*

Sajt: www.paperart.co.yu


Profil

icon Re: MT i nemogucnost blokiranja utorrenta20.03.2009. u 18:28 - pre 182 meseci
Cudi me da niko nije pomenuo Layer7 protokol. Sasvim zadovoljavajuce radi.
Hehe i ja imam potpis
:)))
 
Odgovor na temu

[es] :: Wireless :: Mikrotik :: MT i nemogucnost blokiranja utorrenta

Strane: 1 2

[ Pregleda: 10878 | Odgovora: 23 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.