[ previous ] [ next ] [ threads ]
 
 From:  Aaron <lists at mycommunitynet dot net>
 To:  'm0n0wall' <m0n0wall at lists dot m0n0 dot ch>
 Subject:  P2P help
 Date:  Mon, 24 Jan 2005 21:08:58 -0800
Hello all. This is not my day job, but I am "the contact" for internet 
access at a community owned internet access system for our 
condominiums. We have DSL (3/768 = 2.2/500) and it works well with 
m0n0wall on a net4501 (with 32MB RAM)as the router. Uptime is over 100 
days and that was my fault. Without Traffic shaping, the connection 
works terribly.

I have been working to fight bandwidth some of the P2P on a community 
network. The m0n0wall Traffic shaper works great. It makes things like 
VOIP usable and improves the connection for all of the users. But I 
still have some users who generate a huge number of connections and are 
able to send quite a bit of data, which I would like to discourage a 
bit more. I know it's not possible to stop it all, but I can at least 
stop/slow it down a lot of it and hopefully not inconvenience a lot of 
the more legitimate uses.

Does anyone know what applications use the ports listed below. Would 
the easiest way to stop it be to set it in the low priority queue in 
the traffic shaper? Most start at port 2900 and run on to port 3200 
(this was 3 minutes after resetting the NAT and State tables). If I 
block or add them to the m_hated queue, will it help or will the app 
just choose other ports? Is there a way to limit the # of connections a 
user establishes?

Also, if anyone has any suggestions on how best to "categorize" the 
traffic and display what and where the bandwidth goes, I would love to 
hear about anything you might have done.

Thanks!
Aaron
(The guy responsible for internet at our condominiums)


List of active MAP/Redirect filters:
bimap sis1 192.168.100.89/32 -> 209.19.xx.xy/32
map sis1 192.168.100.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map sis1 192.168.100.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map sis1 192.168.100.0/24 -> 0.0.0.0/32
map sis1 192.168.100.208/28 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map sis1 192.168.100.208/28 -> 0.0.0.0/32 portmap tcp/udp auto
map sis1 192.168.100.208/28 -> 0.0.0.0/32
map sis1 192.168.1.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map sis1 192.168.1.0/24 -> 0.0.0.0/32 portmap tcp/udp auto
map sis1 192.168.1.0/24 -> 0.0.0.0/32
rdr sis1 0.0.0.0/0 port 23 -> 192.168.100.11 port 23 tcp/udp
rdr sis1 0.0.0.0/0 port 0 -> 127.0.0.1 port 0 gre
rdr sis1 0.0.0.0/0 port 1723 -> 127.0.0.1 port 1723 tcp

List of active sessions:
MAP 192.168.100.184 3217  <- -> 209.19.xx.xx   47585 [209.152.120.126 
18595]
         age 474 use 0 sumd 0x95c/0x95c pr 6 bkt 720/1662 flags 1 drop 
0/0
         ifp sis1 bytes 48 pkts 1
MAP 192.168.100.184 3216  <- -> 209.19.xx.xx   47584 [203.217.3.56 7380]
         age 14398 use 0 sumd 0x95c/0x95c pr 6 bkt 26/1991 flags 1 drop 
0/0
         ifp sis1 bytes 1495 pkts 11
MAP 192.168.100.184 3215  <- -> 209.19.xx.xx   47583 [65.50.67.24 43960]
         age 14395 use 0 sumd 0x95c/0x95c pr 6 bkt 1853/1771 flags 1 
drop 0/0
         ifp sis1 bytes 1855 pkts 8
MAP 192.168.100.184 3214  <- -> 209.19.xx.xx   47582 [65.31.230.165 
11898]
         age 14386 use 0 sumd 0x95c/0x95c pr 6 bkt 662/1604 flags 1 drop 
0/0
         ifp sis1 bytes 685 pkts 7
MAP 192.168.100.184 3213  <- -> 209.19.xx.xx   47581 [192.168.1.101 
47463]
         age 463 use 0 sumd 0x95c/0x95c pr 6 bkt 1090/2032 flags 1 drop 
0/0
         ifp sis1 bytes 48 pkts 1
MAP 192.168.100.184 3212  <- -> 209.19.xx.xx   47580 [192.168.1.100 
41624]
         age 463 use 0 sumd 0x95c/0x95c pr 6 bkt 1067/2009 flags 1 drop 
0/0
         ifp sis1 bytes 48 pkts 1
MAP 192.168.100.184 3211  <- -> 209.19.xx.xx   47579 [65.110.244.24 
30358]
         age 14396 use 0 sumd 0x95c/0x95c pr 6 bkt 1602/1520 flags 1 
drop 0/0
         ifp sis1 bytes 1327 pkts 11
MAP 192.168.100.184 3210  <- -> 209.19.xx.xx   47578 [147.31.11.2 46235]
         age 14384 use 0 sumd 0x95c/0x95c pr 6 bkt 1930/1848 flags 1 
drop 0/0
         ifp sis1 bytes 1388 pkts 9
MAP 192.168.100.184 3209  <- -> 209.19.xx.xx   47577 [192.168.0.3 17327]
         age 462 use 0 sumd 0x95c/0x95c pr 6 bkt 345/263 flags 1 drop 0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3208  <- -> 209.19.xx.xx   47576 [1.0.0.10 23495]
         age 1194 use 0 sumd 0x95c/0x95c pr 6 bkt 1983/1901 flags 1 drop 
0/0
         ifp sis1 bytes 208 pkts 4
MAP 192.168.100.184 3207  <- -> 209.19.xx.xx   47575 [156.34.240.210 
43144]
         age 14382 use 0 sumd 0x95c/0x95c pr 6 bkt 92/10 flags 1 drop 0/0
         ifp sis1 bytes 1510 pkts 8
MAP 192.168.100.184 3206  <- -> 209.19.xx.xx   47574 [192.168.2.3 17395]
         age 451 use 0 sumd 0x95c/0x95c pr 6 bkt 705/623 flags 1 drop 0/0
         ifp sis1 bytes 144 pkts 3
MAP 192.168.100.184 3205  <- -> 209.19.xx.xx   47573 [200.122.7.231 
12038]
         age 863998 use 0 sumd 0x95c/0x95c pr 6 bkt 215/133 flags 1 drop 
0/0
         ifp sis1 bytes 798 pkts 14
MAP 192.168.100.184 3204  <- -> 209.19.xx.xx   47572 [202.149.40.185 
6743]
         age 863999 use 0 sumd 0x95c/0x95c pr 6 bkt 240/158 flags 1 drop 
0/0
         ifp sis1 bytes 789 pkts 13
MAP 192.168.100.184 3202  <- -> 209.19.xx.xx   47570 [65.8.154.249 
33074]
         age 1171 use 0 sumd 0x95c/0x95c pr 6 bkt 913/831 flags 1 drop 
0/0
         ifp sis1 bytes 104 pkts 2
MAP 192.168.100.184 3203  <- -> 209.19.xx.xx   47571 [211.28.52.115 
9187]
         age 448 use 0 sumd 0x95c/0x95c pr 6 bkt 920/1862 flags 1 drop 
0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3200  <- -> 209.19.xx.xx   47568 [73.99.99.203 
13138]
         age 444 use 0 sumd 0x95c/0x95c pr 6 bkt 251/169 flags 1 drop 0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3199  <- -> 209.19.xx.xx   47567 [69.159.15.105 
43169]
         age 443 use 0 sumd 0x95c/0x95c pr 6 bkt 370/1312 flags 1 drop 
0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3198  <- -> 209.19.xx.xx   47566 [61.247.225.222 
26269]
         age 14388 use 0 sumd 0x95c/0x95c pr 6 bkt 1627/1545 flags 1 
drop 0/0
         ifp sis1 bytes 660 pkts 13
MAP 192.168.100.184 3197  <- -> 209.19.xx.xx   47565 [192.168.0.2 47535]
         age 427 use 0 sumd 0x95c/0x95c pr 6 bkt 1479/1397 flags 1 drop 
0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3196  <- -> 209.19.xx.xx   47564 [131.94.63.98 7520]
         age 428 use 0 sumd 0x95c/0x95c pr 6 bkt 1255/150 flags 1 drop 
0/0
         ifp sis1 bytes 374 pkts 8
MAP 192.168.100.184 3195  <- -> 209.19.xx.xx   47563 [192.168.1.101 
23015]
         age 427 use 0 sumd 0x95c/0x95c pr 6 bkt 496/1438 flags 1 drop 
0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3194  <- -> 209.19.xx.xx   47562 [192.168.0.9 4814]
         age 420 use 0 sumd 0x95c/0x95c pr 6 bkt 334/252 flags 1 drop 0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3193  <- -> 209.19.xx.xx   47561 [192.168.1.100 
33518]
         age 418 use 0 sumd 0x95c/0x95c pr 6 bkt 1811/706 flags 1 drop 
0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3192  <- -> 209.19.xx.xx   47560 [220.240.123.218 
11070]
         age 416 use 0 sumd 0x95c/0x95c pr 6 bkt 1911/1829 flags 1 drop 
0/0
         ifp sis1 bytes 88 pkts 2
MAP 192.168.100.184 3191  <- -> 209.19.xx.xx   47559 [150.10.213.254 
38787]
         age 415 use 0 sumd 0x95c/0x95c pr 6 bkt 1844/1762 flags 1 drop 
0/0
         ifp sis1 bytes 48 pkts 1
BIMAP 192.168.100.89  33435 <- -> 209.19.xx.xy   33435 [147.135.8.16 
10101]
         age 1178 use 0 sumd 0xa394/0xa394 pr 17 bkt 15/326 flags 2 drop 
0/0
         ifp sis1 bytes 192 pkts 6
MAP 192.168.100.184 3189  <- -> 209.19.xx.xx   47557 [69.211.0.28 30334]
         age 402 use 0 sumd 0x95c/0x95c pr 6 bkt 1958/1876 flags 1 drop 
0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3190  <- -> 209.19.xx.xx   47558 [201.255.71.122 
31877]
         age 402 use 0 sumd 0x95c/0x95c pr 6 bkt 1982/877 flags 1 drop 
0/0
         ifp sis1 bytes 144 pkts 3
MAP 192.168.100.184 3188  <- -> 209.19.xx.xx   47556 [24.57.55.149 
39241]
         age 395 use 0 sumd 0x95c/0x95c pr 6 bkt 160/1102 flags 1 drop 
0/0
         ifp sis1 bytes 144 pkts 3
MAP 192.168.100.184 3187  <- -> 209.19.xx.xx   47555 [198.53.106.50 
28295]
         age 394 use 0 sumd 0x95c/0x95c pr 6 bkt 1385/1303 flags 1 drop 
0/0
         ifp sis1 bytes 144 pkts 3
BIMAP 192.168.100.89  26133 <- -> 209.19.xx.xy   26133 [134.121.11.46 
631]
         age 393 use 0 sumd 0x5c6b/0x5c6b pr 6 bkt 1777/41 flags 1 drop 
0/0
         ifp sis1 bytes 400 pkts 8
MAP 192.168.100.184 3186  <- -> 209.19.xx.xx   47554 [65.43.213.105 
12312]
         age 395 use 0 sumd 0x95c/0x95c pr 6 bkt 1010/1952 flags 1 drop 
0/0
         ifp sis1 bytes 333 pkts 6
MAP 192.168.100.184 3185  <- -> 209.19.xx.xx   47553 [24.176.73.34 
12646]
         age 423 use 0 sumd 0x95c/0x95c pr 6 bkt 1536/1454 flags 1 drop 
0/0
         ifp sis1 bytes 1485 pkts 11
MAP 192.168.100.184 3183  <- -> 209.19.xx.xx   47551 [24.156.81.84 
34206]
         age 390 use 0 sumd 0x95c/0x95c pr 6 bkt 1794/689 flags 1 drop 
0/0
         ifp sis1 bytes 48 pkts 1
MAP 192.168.100.184 3182  <- -> 209.19.xx.xx   47550 [66.215.232.204 
37632]
         age 427 use 0 sumd 0x95c/0x95c pr 6 bkt 598/516 flags 1 drop 0/0
         ifp sis1 bytes 1508 pkts 12
MAP 192.168.100.184 3181  <- -> 209.19.xx.xx   47549 [24.6.65.78 49014]
         age 385 use 0 sumd 0x95c/0x95c pr 6 bkt 1015/1957 flags 1 drop 
0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3184  <- -> 209.19.xx.xx   47552 [63.240.133.75 80]
         age 385 use 0 sumd 0x95c/0x95c pr 6 bkt 1846/741 flags 1 drop 
0/0
         ifp sis1 bytes 144 pkts 3
MAP 192.168.100.184 3180  <- -> 209.19.xx.xx   47548 [169.254.3.37 
46017]
         age 374 use 0 sumd 0x95c/0x95c pr 6 bkt 1564/1482 flags 1 drop 
0/0
         ifp sis1 bytes 144 pkts 3
MAP 192.168.100.184 3179  <- -> 209.19.xx.xx   47547 [192.168.0.104 
16417]
         age 372 use 0 sumd 0x95c/0x95c pr 6 bkt 926/1868 flags 1 drop 
0/0
         ifp sis1 bytes 144 pkts 3
MAP 192.168.100.184 3175  <- -> 209.19.xx.xx   47543 [219.95.184.103 
34215]
         age 366 use 0 sumd 0x95c/0x95c pr 6 bkt 1918/813 flags 1 drop 
0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3178  <- -> 209.19.xx.xx   47546 [172.0.11.79 33881]
         age 366 use 0 sumd 0x95c/0x95c pr 6 bkt 1072/2014 flags 1 drop 
0/0
         ifp sis1 bytes 144 pkts 3
MAP 192.168.100.184 3177  <- -> 209.19.xx.xx   47545 [24.162.34.101 
43372]
         age 375 use 0 sumd 0x95c/0x95c pr 6 bkt 1206/101 flags 1 drop 
0/0
         ifp sis1 bytes 462 pkts 10
MAP 192.168.100.184 3176  <- -> 209.19.xx.xx   47544 [192.168.1.100 
38843]
         age 361 use 0 sumd 0x95c/0x95c pr 6 bkt 800/1742 flags 1 drop 
0/0
         ifp sis1 bytes 144 pkts 3
MAP 192.168.100.184 3174  <- -> 209.19.xx.xx   47542 [207.248.38.78 
17640]
         age 354 use 0 sumd 0x95c/0x95c pr 6 bkt 1117/12 flags 1 drop 0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3173  <- -> 209.19.xx.xx   47541 [67.87.130.56 
12205]
         age 354 use 0 sumd 0x95c/0x95c pr 6 bkt 853/771 flags 1 drop 0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3172  <- -> 209.19.xx.xx   47540 [192.168.1.102 
41969]
         age 348 use 0 sumd 0x95c/0x95c pr 6 bkt 1342/237 flags 1 drop 
0/0
         ifp sis1 bytes 48 pkts 1
MAP 192.168.100.184 3171  <- -> 209.19.xx.xx   47539 [192.168.1.100 
12269]
         age 338 use 0 sumd 0x95c/0x95c pr 6 bkt 1981/876 flags 1 drop 
0/0
         ifp sis1 bytes 144 pkts 3
MAP 192.168.100.184 3170  <- -> 209.19.xx.xx   47538 [81.102.19.233 
46867]
         age 335 use 0 sumd 0x95c/0x95c pr 6 bkt 302/220 flags 1 drop 0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3169  <- -> 209.19.xx.xx   47537 [77.23.99.117 
36037]
         age 335 use 0 sumd 0x95c/0x95c pr 6 bkt 1871/766 flags 1 drop 
0/0
         ifp sis1 bytes 96 pkts 2
MAP 192.168.100.184 3168  <- -> 209.19.xx.xx   47536 [212.251.111.159 
23093]
         age 334 use 0 sumd 0x95c/0x95c pr 6 bkt 1529/424 flags 1 drop 
0/0
         ifp sis1 bytes 264 pkts 6


and so on...