Need how-to/docs for 2.0 Traffic Shaping uTorrent

stramato

I would like to ask for a simple guide on how to do this:

1. Catch all Torrent traffic (uTorrent particularly)
2. Limit that traffic to 3.0 Kilobytes/sec (up and down)

I have tried using the Traffic Shaper Wizard, checking bittorrent.
Result: Nothing gets sent into qP2P when uTorrent is used.

I have tried using Layer7 filter.
Result: When I use block, nothing gets blocked. When I use queue, nothing gets sent to qP2P.

Origin_Unknown

have you tried snort?

roja

;D Another thing "stramato" is to force your torrents to a specific port and shape those ports.
In version 2.0 you can create a firewall Rule that says data traffic destined for host xyz or port abc to use Queue-in/Queue-out

There for all data passing through the firewall for those ports automatically get throttled. There is also the Layer 7 filter which may or may not catch all torrent traffic. Some P2P clients use tricks to avoid traffic identification including using encryption so the fire wall would work.

My 2 cents  ;D

Cino

@roja:

;D Another thing "stramato" is to force your torrents to a specific port and shape those ports.
In version 2.0 you can create a firewall Rule that says data traffic destined for host xyz or port abc to use Queue-in/Queue-out

There for all data passing through the firewall for those ports automatically get throttled. There is also the Layer 7 filter which may or may not catch all torrent traffic. Some P2P clients use tricks to avoid traffic identification including using encryption so the fire wall would work.

My 2 cents  ;D

I agree, your better off setting up static ports. I set static ports within the P2P software then allow the P2P software to open the ports via uPnP… Add the floating rules and it catches the traffic... I tried the layer7 filter, it catch about half of the traffic but not all.. When I set my P2P to encrypt the data, it catches about 10% of the traffic.

if you go this route, remember to inclue the DHT port, 6881; if your using that also.

RafterX

I have had a lot of trouble getting almost the same job done. But with alot of help from guys @ irc #pfsense, I finally succeeded. THANK YOU!! :)

1. Set the Upperlimit in the qP2P queue to whatever you need.
2. Make sure, qP2p is not default queue and is lowest priority(1).
3. Create an L7 Layer Rule to catch bittorrent traffic: protocol=bittorrent, structure=queue, behaviour=qP2P
4. Create a LAN firewall rule: protocol=tcp/udp, queue=qP2P, and Advanced L7 settings, choose the L7 rule you created in step 3.

Remember to have the firewall rule above the 'Default allow LAN to any rule' rule.

I cannot say how much it catches or not as time goes by, but for now it does a fine job catching it all.

jnana

L7 rules - they don't work so well catching torrent, and particularly utorrent. Only a very small amount of packets are identified - uTorrent encrypts its protocol and that feature is on by default mostly - so you aren't really going to be able to block it.
At our site we use the bandwidthd package to find who is using torrent and add them to a penalty box type queue. The limiters are best for that because they can be set to a per individual speed.
I have had issues that if you try to filter all your traffic via the L7 rules performance can take a hit depending on your CPU power - it was maxing out my dual core ATHLON!

Anyway, I have been trying to stop it for years.
On Zentyal firewall the L7 rules seem to work slightly better, but that thing gives you very little ability to analyse your network traffic. Even then, when you force encryption in uTorrent it becomes unstoppable.

Good luck