4. Help setting up a queue for inbound traffic from Youtube

Help setting up a queue for inbound traffic from Youtube

  • O

    OK I've spent like 3 hours trying to get this to work but no matter what I seem to do I can't get any firewall rules to match traffic from youtube.

    I'm trying to get youtube inbound traffic coming through into a youtube queue so that I can limit the amount of download bandwidth youtube videos are taking up.

    I've included the current version of my config right now as image attachments. I have tried a lot of different things but none so far have been successful.

    Appreciate your help everyone!
    ![Queue Config.JPG](/public/imported_attachments/1/Queue Config.JPG)
    ![Queue Config.JPG_thumb](/public/imported_attachments/1/Queue Config.JPG_thumb)
    ![Rule Config.jpg](/public/imported_attachments/1/Rule Config.jpg)
    ![Rule Config.jpg_thumb](/public/imported_attachments/1/Rule Config.jpg_thumb)
    ![Alias Config.JPG](/public/imported_attachments/1/Alias Config.JPG)
    ![Alias Config.JPG_thumb](/public/imported_attachments/1/Alias Config.JPG_thumb)

    0
  • LAYER 8 Netgate

    OK.  Here goes:

    First, I think you're going down a rabbit hole trying to maintain a list of IP addresses for a particular web site but if you must.  I hope you actually catch youtube video traffic and not just traffic with the web interface….

    You need to catch the traffic at the point of state creation.  This point is not IN on WAN with a source from youtube.  That's the return traffic of an outgoing connection for which the queues have already been set.

    Try creating a floating rule that looks like this:

    Action: Match
    Interface: WAN
    Direction: OUT
    Source: Any
    Destination: alias youtube
    Ackqueue/Queue: qACK/youtube

    I'm new to this but I think that'll do it for you.

    0
  • LAYER 8 Netgate

    My point about the rabbit hole is this:  I just looked at the source for a random youtube video.  The actual video file is not retrieved from youtube.com, but from googlevideo.com.  And not just from host googlevideo.com, but from host "r19–-sn-nwj7kner.googlevideo.com"

    Good luck.

    0
  • D

    Yotube is acquired by google. You need all google service ip's to block, allow or prioritize these services.

    As far as i know, these services can use ip's from different ip ranges. Therefore it is very hard if not impossible to sort out one specific service.

    These are all ip ranges i can find for google services

    0
  • C

    thank you for the list .its a wonderful list of ips.

    0
  • F

    Here is the google help page on how to find the current Google IPs.  Shaping this way though, as mentioned above, will probably cause issues, because these IPs also are for google.com, gmail.com, etc.

    0
  • D

    @fsSnowboard:

    Here is the google help page on how to find the current Google IPs.  Shaping this way though, as mentioned above, will probably cause issues, because these IPs also are for google.com, gmail.com, etc.

    Like i said,I suspect there is no absolute ip cidr for a specific service but you can furher distinguish a service (like mail.google.com) by defining an alias for it too and creating a new rule before the "google" rule.

    As for today gmail uses 173.194.0.0/16 if anyone interested in checking that in following weeks or months.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy