Again same problem with torrents.
I read, I think all the posts from this forum with QOS and firewall, and still no chance to stop this torrents.
OK lets begin.
My network lock like this
WAN>Router (Asus 500GPV2 with TomatoUSB last firmware)>Wireless AP (Bullet HP2 work Mode Bridge AP)
In router is plug my personal PC.
I use the wireless AP for free internet distribution on my neighborhood (5 km around my home ), special for mobile devices (smart phone and tablets ). The connection is free for all, no password or other restriction for access.
But !!! the problems come.
First one and the big one is the desktop PC clients (or laptop), this one use the torrents and 'eat' the band for other users. (for example if one torrent user open 300 connection the wireless AP is almost death, the other users can't make browsing or something else)
Another thing is the legal problem, in my country (Romania) is a big campaign against illegal download for movie and music. (I don't like to see the police at my door).
What I want is to stop the torrents connections (to stop not to limit, because I limit to 2Kb/s and the gays have a lot of patients to stay 3-4 days to download something).
What I try.
I put in script/ firewall
#Limit TCP connections per user FORWARD=to WAN INPUT=from WAN iptables -I FORWARD -p tcp --syn -m iprange --src-range 192.168.1.4-192.168.1.254 -m connlimit --connlimit-above 80 -j DROP iptables -I INPUT -p tcp --syn -m iprange --src-range 192.168.1.4-192.168.1.254 -m connlimit --connlimit-above 100 -j DROP #Limit all *other* connections per user including UDP iptables -I FORWARD -m iprange --src-range 192.168.1.4-192.168.1.254 -p ! tcp -m connlimit --connlimit-above 20 -j DROP iptables -I INPUT -m iprange --src-range 192.168.1.4-192.168.1.254 -p ! tcp -m connlimit --connlimit-above 50 -j DROP #Limit outgoing SMTP simultaneous connections iptables -I FORWARD -p tcp --dport 25 -m connlimit --connlimit-above 10 -j DROP #Limit UDP packet opens from all users - UDP to Router iptables -I INPUT -p udp -m limit --limit 10/s --limit-burst 20 -j ACCEPT #Limit UDP packet opens from all users - UDP out to WAN iptables -I FORWARD -p udp -m limit --limit 10/s --limit-burst 20 -j ACCEPT iptables -t nat -I PREROUTING -p tcp --syn -m iprange --src-range 192.168.1.4-192.168.1.254 -m connlimit --connlimit-above 150 -j DROP iptables -t nat -I PREROUTING -p ! tcp -m iprange --src-range 192.168.1.4-192.168.1.254 -m connlimit --connlimit-above 100 -j DROP iptables -t nat -I PREROUTING -p tcp --dport 25 -m connlimit --connlimit-above 5 -j DROP insert the code here
I set the lowest class to none.
look like this 267 connection but no transfer.
I don't know if this is ok because sometime i see in lowest class connection to yahoo messenger server.
and QOS setings.
What I wish is a script or something else, how can block torrents web search (something like Parental control function, the original Asus firmware have this function, but if I activate, the router freeze after tow or three blocking site.). The function like if user try web search for example "torrent" or "tracker" then the result to be "the page can not be displayed " or a redirection to my web page with a warning.
OR somthing to limit the connection only mobile clients who name include "iphone", blackberry, android …
I want to make invisible my samba share to other users, (because the strange thing is the win xp users have direct access to my share without password need)
see my samba setings
Thanks in advance
and sorry for my English. I read better then I write.
Guests and low-karma users are not allowed to publish links on this site.
I thing I have a low Karma and I can't put picture on post, sorry for my trick.
For link delete # mark