johuwar
发表于 2005-4-26 11:15:46
在 RouterOS 封BT和EMULE方法,请教
weiya
发表于 2005-4-26 15:59:15
up才2M的adsl,10几台电脑同时bt,头痛!!!
weiya
发表于 2005-4-26 20:47:37
按RouterOS_Reference_Manual_v2.8的说法,RouterOS用 p2p2的协议来封BT和EMULE,应该是可以限制的,但按Manual来设定,能检出p2p的流量,但实际效果不佳(总流量基本没有变化)设定如下:enabled Connection Tracking参数按默认值 ip firewall mangle> add src-address=10.0.0.0/24 mark-flow=p2p-out \\... p2p=all-p2p action=passthrough ip firewall mangle> add dst-address=10.0.0.0/24 mark-flow=p2p-in \\... p2p=all-p2p action=passthrough ip firewall mangle> queue type> add name="p2p-out" kind=pcq \\... pcq-rate=65536 pcq-classifier=src-address queue type> add name="p2p-in" kind=pcq pcq-rate=65536 \\... pcq-classifier=dst-address queue type> queue tree> add name="p2p-in" \\... parent=global-in flow=p2p-in queue=p2p-in queue tree> add name="p2p-out" \\... parent=global-out flow=p2p-out queue=p2p-out我想问题出在这里:1:RouterOS不支持新版p2p软件的协议(比如BitComet)2:设置错误(e文太差,啃了半天,好多还不明白)
weiya
发表于 2005-4-29 12:34:18
不要沉
voatec
发表于 2005-4-29 21:29:41
1 ;;; drop p2p track 6969 in-interface=LocalNIC dst-address=:6969 out-interface=PublicNIC protocol=tcp action=drop2 ;;; Drop all p2p application packets p2p=all-p2p action=drop3 ;;; allow stockstar in-interface=LocalNIC dst-address=:8888 out-interface=PublicNIC protocol=tcp action=accept4 ;;; drop BT port in-interface=LocalNIC dst-address=:6880-6890 out-interface=PublicNIC protocol=tcp action=drop log=yes5 in-interface=LocalNIC dst-address=:6880-6890 out-interface=PublicNIC protocol=udp action=drop6 in-interface=LocalNIC dst-address=:1880-1889 out-interface=PublicNIC protocol=tcp action=drop7 in-interface=LocalNIC dst-address=:1880-1889 out-interface=PublicNIC protocol=udp action=drop8 in-interface=LocalNIC dst-address=:8880-8889 out-interface=PublicNIC protocol=tcp 9 in-interface=LocalNIC dst-address=:8880-8889 out-interface=PublicNIC protocol=udp action=drop 10 ;;; drop p2p tcp port range: 16881-16889 in-interface=LocalNIC dst-address=:16881-16889 out-interface=PublicNIC protocol=tcp action=drop
weiya
发表于 2005-4-29 22:01:52
多谢voatec提供意见基于端口的封锁,对于BitComet(主页:http://www.bitcomet.com/index-zh.htm)肯定是不行的,BitComet可以用任意改端口,曾经只开放0~500端口,一样没有效果。
weiya
发表于 2005-4-29 22:05:17
2822 ghost版
页:
[1]