Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help setting up a queue for inbound traffic from Youtube

    Scheduled Pinned Locked Moved Traffic Shaping
    7 Posts 5 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      omatase
      last edited by

      OK I've spent like 3 hours trying to get this to work but no matter what I seem to do I can't get any firewall rules to match traffic from youtube.

      I'm trying to get youtube inbound traffic coming through into a youtube queue so that I can limit the amount of download bandwidth youtube videos are taking up.

      I've included the current version of my config right now as image attachments. I have tried a lot of different things but none so far have been successful.

      Appreciate your help everyone!
      ![Queue Config.JPG](/public/imported_attachments/1/Queue Config.JPG)
      ![Queue Config.JPG_thumb](/public/imported_attachments/1/Queue Config.JPG_thumb)
      ![Rule Config.jpg](/public/imported_attachments/1/Rule Config.jpg)
      ![Rule Config.jpg_thumb](/public/imported_attachments/1/Rule Config.jpg_thumb)
      ![Alias Config.JPG](/public/imported_attachments/1/Alias Config.JPG)
      ![Alias Config.JPG_thumb](/public/imported_attachments/1/Alias Config.JPG_thumb)

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        OK.  Here goes:

        First, I think you're going down a rabbit hole trying to maintain a list of IP addresses for a particular web site but if you must.  I hope you actually catch youtube video traffic and not just traffic with the web interface….

        You need to catch the traffic at the point of state creation.  This point is not IN on WAN with a source from youtube.  That's the return traffic of an outgoing connection for which the queues have already been set.

        Try creating a floating rule that looks like this:

        Action: Match
        Interface: WAN
        Direction: OUT
        Source: Any
        Destination: alias youtube
        Ackqueue/Queue: qACK/youtube

        I'm new to this but I think that'll do it for you.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          My point about the rabbit hole is this:  I just looked at the source for a random youtube video.  The actual video file is not retrieved from youtube.com, but from googlevideo.com.  And not just from host googlevideo.com, but from host "r19–-sn-nwj7kner.googlevideo.com"

          Good luck.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • D
            denizv
            last edited by

            Yotube is acquired by google. You need all google service ip's to block, allow or prioritize these services.

            As far as i know, these services can use ip's from different ip ranges. Therefore it is very hard if not impossible to sort out one specific service.

            These are all ip ranges i can find for google services

            1 Reply Last reply Reply Quote 0
            • C
              CardinS2U
              last edited by

              thank you for the list .its a wonderful list of ips.

              1 Reply Last reply Reply Quote 0
              • F
                fsSnowboard
                last edited by

                Here is the google help page on how to find the current Google IPs.  Shaping this way though, as mentioned above, will probably cause issues, because these IPs also are for google.com, gmail.com, etc.

                1 Reply Last reply Reply Quote 0
                • D
                  denizv
                  last edited by

                  @fsSnowboard:

                  Here is the google help page on how to find the current Google IPs.  Shaping this way though, as mentioned above, will probably cause issues, because these IPs also are for google.com, gmail.com, etc.

                  Like i said,I suspect there is no absolute ip cidr for a specific service but you can furher distinguish a service (like mail.google.com) by defining an alias for it too and creating a new rule before the "google" rule.

                  As for today gmail uses 173.194.0.0/16 if anyone interested in checking that in following weeks or months.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.