Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Bartinounet

3 posts

Wannabe Geek


#164240 3-Feb-2015 01:41
Send private message

Hello everybody,  

I have RB201 1UI AS-RM and i want make QoS to differenciate VoIP, Data and P2P. Here is my configuration:  

/ip firewall mangle  

Add chain=prerouting                  action=mark-packet      new-packet-mark=VoIP             port=5060                protocol= tcp    passthrought=yes          comment=”sip”
Add chain= prerouting                 action=mark-packet      new-packet-mark=VoIP             port=5060                protocol=udp    passthrought=yes          comment=”sip”
Add chain= prerouting                 action=mark-packet      new-packet-mark=VoIP             port=5004                 protocol= udp    passthrought=yes          comment=”RTP”
Add chain= prerouting                 action=mark-packet      new-packet-mark=VoIP             port=4569                protocol= udp    passthrought=yes          comment=”IAX”
Add chain= prerouting                 action=mark-packet      new-packet-mark=VoIP             port=5036                 protocol= udp     passthrought=yes          comment=”IAX”
Add chain= prerouting                 action=mark-packet      new-packet-mark=VoIP         port=3478,3479                      protocol= udp   passthrought=yes          comment=”STUN”
Add chain= prerouting                 action=mark-packet      new-packet-mark=VoIP             port=10000                         protocol= udp   passthrought=yes          comment=”STUN”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=80                              protocol= tcp    passthrought=yes          comment=”HTTP”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=443                            protocol= tcp    passthrought=yes          comment=”HTTPS”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=22                              protocol= tcp    passthrought=yes          comment=”SSH”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=53                              protocol= tcp    passthrought=yes          comment=”DNS”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=53                              protocol= udp   passthrought=yes          comment=”DNS”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=20,21        protocol= tcp                passthrought=yes          comment=”FTP”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=110            protocol= tcp                passthrought=yes          comment=”POP3”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=25                              protocol= tcp    passthrought=yes          comment=”SMTP”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=143                            protocol= tcp    passthrought=yes          comment=”IMAP”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=993,995                    protocol=tcp     passthrought=yes          comment=”SSL”
Add chain= prerouting                 action=mark-packet      new-packet-mark=Data             port=546                            protocol=udp    passthrought=yes          comment=”DHCP"
Add chain= prerouting  action=mark-packet      new-packet-mark=P2P               port=6881-6889                                                              protocol=tcp     passthrought=yes          comment=”BitTorrent”
Add chain= prerouting  action=mark-packet     new-packet-mark=P2P               port=6881-6999                              protocol=tcp     passthrought=yes

Add chain= prerouting           action=mark-packet     new-packet-mark=P2P               port=27763                       protocol=tcp     passthrought=yes  

/ queue tree
Add name= ‘QueueVoIP             packet-mark=VoIP         priority=2            parent=ether2 limit-at=0            disabled=no                 max-limit=xx
Add name=QueueData                packet-mark=Data         priority=7            parent=ether2 limit-at=xx          disabled=no                 max-limit=xx
Add name= QueueP2P          packet-mark=P2P           priority=7            parent=ether2                 disabled=no      max-limit=1024k  

I ouput ether3, eher4 and ether5 of the bridge local and i placed ether2 in master-port with ether3 ether4 and ether5 in slave.  

I connect my PC to ether5 and ether2 to the WAN.   To test if my QoS run, I dowload some files but my dowload going up to 6M/S while i dont't want the flow exceeds 1024k. 

Where is the problem and can you help me to solve him ? To dowload, I use Vuze with listen port 27763 ( just to see if the QoS run).  

Sorry if my english isn't godd but i'm french.  

Thanks a lot !

Filter this topic showing only the reply marked as answer Create new topic
sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1230143 3-Feb-2015 07:23
Send private message

It's impossible for your setup to work. You can't easily identify and shape torrent traffic - it's simply not possible.

Your filter to capture P2P traffic simply by filtering on a few ports isn't going to work.




 
 
 
 

Trade NZ and US shares and funds with Hatch (affiliate link).
Sounddude
I fix stuff!
1928 posts

Uber Geek

Trusted
2degrees
Lifetime subscriber

  #1230151 3-Feb-2015 07:31
Send private message

Ports 6881 -> 6998 are used for tracker communications. The actual P2P data uses a much larger range of ports. Its been designed to get around firewalls and shapers like this.

Its not possible to shape P2P without devices which can look into the packets

sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #1230158 3-Feb-2015 07:44
Send private message

On the other hand blocking P2P entirely on a Mikrotik is very simple and only requires around 3 or 4 rules to pretty effectively block DHT traffic.





Ragnor
8196 posts

Uber Geek

Trusted

  #1230581 3-Feb-2015 15:09
Send private message

The best way to reduce the impact of p2p/other large downloads is to make the default class for traffic the "slowest" class that has lowest priority and a restriction of the % of bandwidth it can use when near 100% utilization. Then you specifically prioritize or reserve bandwidth for things you do care about eg: DNS, NTP, small www/http requests, gaming, voip etc.

It's far easier to identify a whitelist of what you want to prioritize than a blacklist of what you want to slow.

Also you want to apply QoS rules on download and upload, contrary to some popular beliefs... otherwise you will saturate your upload.





Talkiet
4787 posts

Uber Geek

Trusted

  #1230589 3-Feb-2015 15:14
Send private message

The best way to shape P2P traffic is to use P2P clients that allow you to throttle upload and download. If you're trying to shape other users on the network then basically tough luck.

Cheers - N




Please note all comments are from my own brain and don't necessarily represent the position or opinions of my employer, previous employers, colleagues, friends or pets.


Bartinounet

3 posts

Wannabe Geek


  #1231460 5-Feb-2015 01:50
Send private message

Hello,

Thank everybody to your answer !

The easiest way for you is to prioritize some ports such as DNS, SIP with high priority ?

You advise me to use that configuration ?

Add name= ‘QueueVoIP             packet-mark=VoIP         priority=1            parent=none limit-at=0            disabled=no                 max-limit=xx
Add name=QueueData                packet-mark=Data         priority=43            parent=none limit-at=xx          disabled=no                 max-limit=xx
Add name= QueueP2P          packet-mark=P2P           priority=7            parent=none                disabled=no                  max-limit=1024k  

Bartinounet

3 posts

Wannabe Geek


  #1231461 5-Feb-2015 01:55
Send private message

Hello,

Thank everybody to your answers !

The easiest way for you is to prioritize some ports such as DNS, SIP with high priority and juqt limit the P2P ?

You advise me to use that configuration ?

/queue simple
Add name= ‘QueueVoIP              packet-mark=VoIP          priority=1             parent=none              disabled=no                 max-limit=unlimited
Add name=QueueData                packet-mark=Data         priority=3            parent=none              disabled=no                 max-limit=unlimited
Add name= QueueP2P                packet-mark=P2P           priority=7             parent=none               disabled=no                 max-limit=2M

Paquets VoIP and Data are placed in the whitelist in that configuration.

Thanks you ofr all the time you spend answer me !

Filter this topic showing only the reply marked as answer Create new topic





News and reviews »

Bolt Launches in New Zealand
Posted 11-Jun-2025 00:00


Suunto Run Review
Posted 10-Jun-2025 10:44


Freeview Satellite TV Brings HD Viewing to More New Zealanders
Posted 5-Jun-2025 11:50


HP OmniBook Ultra Flip 14-inch Review
Posted 3-Jun-2025 14:40


Flip Phones Are Back as HMD Reimagines an Iconic Style
Posted 30-May-2025 17:06


Hundreds of School Students Receive Laptops Through Spark Partnership With Quadrent's Green Lease
Posted 30-May-2025 16:57


AI Report Reveals Trust Is Key to Unlocking Its Potential in Aotearoa
Posted 30-May-2025 16:55


Galaxy Tab S10 FE Series Brings Intelligent Experiences to the Forefront with Premium, Versatile Design
Posted 30-May-2025 16:14


New OPPO Watch X2 Launches in New Zealand
Posted 29-May-2025 16:08


Synology Premiers a New Lineup of Advanced Data Management Solutions
Posted 29-May-2025 16:04


Dyson Launches Its Slimmest Vaccum Cleaner PencilVac
Posted 29-May-2025 15:50


OPPO Reno13 Pro 5G Review 
Posted 29-May-2025 15:33


Logitech Introduces New G522 Gaming Headset
Posted 21-May-2025 19:01


LG Announces New Ultragear OLED Range for 2025
Posted 20-May-2025 16:35


Sandisk Raises the Bar With WD_BLACK SN8100 NVME SSD
Posted 20-May-2025 16:29









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup