Help setting up a queue for inbound traffic from Youtube
-
OK I've spent like 3 hours trying to get this to work but no matter what I seem to do I can't get any firewall rules to match traffic from youtube.
I'm trying to get youtube inbound traffic coming through into a youtube queue so that I can limit the amount of download bandwidth youtube videos are taking up.
I've included the current version of my config right now as image attachments. I have tried a lot of different things but none so far have been successful.
Appreciate your help everyone!
 -
OK. Here goes:
First, I think you're going down a rabbit hole trying to maintain a list of IP addresses for a particular web site but if you must. I hope you actually catch youtube video traffic and not just traffic with the web interface….
You need to catch the traffic at the point of state creation. This point is not IN on WAN with a source from youtube. That's the return traffic of an outgoing connection for which the queues have already been set.
Try creating a floating rule that looks like this:
Action: Match
Interface: WAN
Direction: OUT
Source: Any
Destination: alias youtube
Ackqueue/Queue: qACK/youtubeI'm new to this but I think that'll do it for you.
-
My point about the rabbit hole is this: I just looked at the source for a random youtube video. The actual video file is not retrieved from youtube.com, but from googlevideo.com. And not just from host googlevideo.com, but from host "r19–-sn-nwj7kner.googlevideo.com"
Good luck.
-
Yotube is acquired by google. You need all google service ip's to block, allow or prioritize these services.
As far as i know, these services can use ip's from different ip ranges. Therefore it is very hard if not impossible to sort out one specific service.
These are all ip ranges i can find for google services
-
thank you for the list .its a wonderful list of ips.
-
Here is the google help page on how to find the current Google IPs. Shaping this way though, as mentioned above, will probably cause issues, because these IPs also are for google.com, gmail.com, etc.
-
Here is the google help page on how to find the current Google IPs. Shaping this way though, as mentioned above, will probably cause issues, because these IPs also are for google.com, gmail.com, etc.
Like i said,I suspect there is no absolute ip cidr for a specific service but you can furher distinguish a service (like mail.google.com) by defining an alias for it too and creating a new rule before the "google" rule.
As for today gmail uses 173.194.0.0/16 if anyone interested in checking that in following weeks or months.
