Need install help 2 block p2p



  • Here's what I want…. to block p2p traffic from iprange 123.x.x.x and bypass fw on ip 75.x.x.x for video conferencing.

    Here's what I've got..... p4 board, 512 MB ram, 80 GB HDD, 2 3com 3c905c's (can put more if needed) & pfsense 1.2 RC4. I have a full class c iprange AND a totally diff ip address for the video conferencing unit. (ie. 123.x.x.x \ 255.255.255.0 & 75.x.x.x \ 255.255.255.248)

    How do i do this? And please be as explicit as you can (I am a noob after all)

    Thanks!



  • 1. To verify: NONE of the IP blocks you're using are reserved? (I.E., non-routeable in the Internet)
        If so, depending on your setup, this may make things a little weird…
    2. Knowing the ports your video conferencing apps use would be very helpful as well as the P2P apps,
      assuming they don't change.  If they do, this again could be very tricky.  However if you KNOW
      (and I can't emphasize this enough) that ALL of your video conferencing is on one block and ALL of
      those file sharers are on the other, then simply using traffic shaping to knock down the bandwidth on
      anyone using it all would be an easy fix with the caveat that it would apply to any traffic taking up all
      the link.  I realize this sounds like I'm beating around the bush, but P2P app writers and traffic shaper
      writers are currently waging a war to see who can beat who: methods P2P apps use include encrypting
      traffic so firewalls can't sniff the packets to see what protocol is being used.

    Anyway, once you know these 2 things, you'll be much more ready to make a decision on how to
    proceed (or even IF you can!).

    For the purposes of this discussion as well, it might be useful to know what each network connects
    to--that is, which side WAN or Internet (not necessarily the same--the WAN could be leased lines or
    a VPN running over the Internet but separate from it) vs LAN, if there's more than one LAN, etc.  In
    other words, exactly how you're positioning the firewall in relation to all the networks.

    I hope this helps.

    Mike


Locked