Tomato access restriction & IPP2P + L7.

Discussion in 'Tomato Firmware' started by TVTV, Jul 27, 2009.

  1. TVTV

    TVTV LI Guru Member

    Hi, guys!

    I have a short question about the L7 and IPP2P. I have tried to block both DC++ and BitTorrent traffic using the above mentioned filtering "protocols", but to no success. What could be the problem?

    I have set the access restriction correctly. Right now i am filtering all ports above 1000, except for the 5000-6000 range which is used by Yahoo! Messenger.
  2. Jedis

    Jedis LI Guru Member

    I believe if the user configures encryption in their P2P program it will not allow the L7 and IPP2P filters to work.
  3. TVTV

    TVTV LI Guru Member

    Just checked. Protocol encryption is disabled in both mTorrent and DC++ clients. :|
  4. Toastman

    Toastman Super Moderator Staff Member Member

    The big problem is that many of the L7/IPP2P filters don't really work very well. That is why we normally don't try to control P2P in this way.

    Instead, very quickly: Set default class as e.g. E. Set a rule for everything you want to work and assign to other classes (and just ignore P2P altogether). Anything you don't address, including P2P, will "fall through" your rules and end up in the default class E (or whatever). Now you can control it or throttle it with the settings for class E.
  5. TVTV

    TVTV LI Guru Member

    Problem is QoS won't limit their downstream. Upstream is contained just fine.

    I'd have loved to see L7/IPP2P working, as i don't like to mess with ports.

    Goshdarnit, maybe i'll switch to Victek's, although i don't need anything other than BWlimiter/QoS...
  6. TVTV

    TVTV LI Guru Member

    Correction - QoS limit works for downstream too. Just tested. My bad. Seems i had set some conflicting rules.
  7. Toastman

    Toastman Super Moderator Staff Member Member

    You aren't using Victek's already? :knock:
  8. TVTV

    TVTV LI Guru Member

    Nope, sir. I have no need for the extra themes and almost every other feature on Victek's apart from the BW limiter/IMQ, which i just realized i can live without as it's not the bandwidth usage that kills my ping in games but the sheer number of connections BT/DC++ initiates. :) Now if i was to serve internet to a whole block, paid that is, i wouldn't think twice about using Victek's.
