I ja sam imao isti problem, ali sam nasao resenje. Jedino je resenje da se ostave samo portovi koji se najcesce koriste, jer p2p programi kao sto su torrent i mnogi drugi koriste veliki broj portova za provlacenje saobracaja, tako da MT ne uspeva sve da ih prepozna, cak prepoznaje samo jedan mali deo
Elem, ovako treba da uradis:
U firewall mangle treba da dodelis pakete svim portovima koji se najcesce koriste, koje koriste programi poput MSN, Yahoo Messenger, grice koje igras itd. i takodje portove za razne protokole (ftp, http, pop3, smtp itd). Sve ostalo sto se ne koristi treba da smestis u jedan paket, npr "OTHER_UNMATCHED" i u firewall>filter stavis pravilo koje dropuje taj paket i ono pravilo koje vec imas da dropuje p2p. Naime ovim se propusta protok samo kroz one portove za koje si ti siguran da nisu p2p, a svi ostali se blokiraju. Tako se torrent konekcije gase jos dok se ne ostvare, a ne kad se vec naprave konekcije.
Evo ja cu da ti iskopiram kako to kod mene izgleda, pa se ti nekako snadji.
U firewall mangle iskucaj ovo ispod. To ti markira pakete za programe kojima sam ja odobrio portove. Naravno, ti kod sebe mozes da izbacis nesto, a mozes i da dodas.
1 ;;; HTTP Connection
chain=prerouting protocol=tcp dst-port=80 action=mark-connection
new-connection-mark=HTTP_CON passthrough=yes
2 chain=prerouting protocol=tcp dst-port=443 action=mark-connection
new-connection-mark=HTTP_CON passthrough=yes
3 ;;; HTTP Packet
chain=prerouting connection-mark=HTTP_CON action=mark-packet
new-packet-mark=HTTP passthrough=no
4 ;;; DNS Connection
chain=prerouting protocol=udp dst-port=53 action=mark-connection
new-connection-mark=DNS_CON passthrough=yes
5 ;;; DNS Packet
chain=prerouting connection-mark=DNS_CON action=mark-packet
new-packet-mark=DNS passthrough=no
6 ;;; POP3 Connection
chain=prerouting protocol=tcp dst-port=110 action=mark-connection
new-connection-mark=SMTP_CON passthrough=yes
7 ;;; SMTP Connection
chain=prerouting protocol=tcp dst-port=25 action=mark-connection
new-connection-mark=SMTP_CON passthrough=yes
8 ;;; SMTP Packet
chain=prerouting connection-mark=SMTP_CON action=mark-packet
new-packet-mark=SMTP passthrough=no
9 ;;; FTP Connection
chain=prerouting protocol=tcp dst-port=21 action=mark-connection
new-connection-mark=FTP_CON passthrough=yes
10 ;;; FTP Packet
chain=prerouting connection-mark=FTP_CON action=mark-packet
new-packet-mark=FTP passthrough=no
11 ;;; P2P Connection
chain=prerouting p2p=all-p2p action=mark-connection
new-connection-mark=P2P_CON passthrough=yes
12 chain=prerouting protocol=tcp dst-port=1214 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes
13 chain=prerouting protocol=udp dst-port=1214 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes
14 chain=prerouting protocol=tcp dst-port=4661-4672 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes
15 chain=prerouting protocol=udp dst-port=4661-4672 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes
16 chain=prerouting protocol=tcp dst-port=5555 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes
17 chain=prerouting protocol=tcp dst-port=4242 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes
18 chain=prerouting protocol=tcp dst-port=3306 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes
19 chain=prerouting protocol=tcp dst-port=2323 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes
20 chain=prerouting protocol=tcp dst-port=7778 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes
21 chain=prerouting protocol=tcp dst-port=400-445 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes
22 chain=prerouting protocol=tcp dst-port=1412 action=mark-connection
new-connection-mark=P2P_CON passthrough=yes
23 ;;; P2P Packet
chain=prerouting connection-mark=P2P_CON action=mark-packet
new-packet-mark=P2P passthrough=no
24 ;;; OSPF Connection
chain=prerouting protocol=ospf action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes
25 ;;; OSPF Packet
chain=prerouting connection-mark=MANAGEMENT_CON action=mark-packet
new-packet-mark=MANAGEMENT passthrough=no
26 ;;; Radius Connection
chain=prerouting protocol=udp dst-port=1812 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes
27 chain=prerouting protocol=tcp dst-port=1812 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes
28 chain=prerouting protocol=tcp dst-port=1813 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes
29 chain=prerouting protocol=udp dst-port=1813 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes
30 ;;; Radius Packet
chain=prerouting connection-mark=MANAGEMENT_CON action=mark-packet
new-packet-mark=MANAGEMENT passthrough=no
31 ;;; SNMP Connection
chain=prerouting protocol=udp dst-port=161 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes
32 chain=prerouting protocol=udp dst-port=162 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes
33 ;;; SNMP Packet
chain=prerouting connection-mark=MANAGEMENT_CON action=mark-packet
new-packet-mark=MANAGEMENT passthrough=no
34 ;;; SYSLOG Connection
chain=prerouting protocol=udp dst-port=514 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes
35 ;;; SYSLOG Packet
chain=prerouting connection-mark=MANAGEMENT_CON action=mark-packet
new-packet-mark=MANAGEMENT passthrough=no
36 ;;; SSH Connection
chain=prerouting protocol=tcp dst-port=22 action=mark-connection
new-connection-mark=MANAGEMENT_CON passthrough=yes
37 ;;; Management Packet
chain=prerouting connection-mark=MANAGEMENT_CON action=mark-packet
new-packet-mark=MANAGEMENT passthrough=no
38 ;;; ICMP Connection
chain=prerouting protocol=icmp action=mark-connection
new-connection-mark=ICMP_CON passthrough=yes
39 ;;; ICMP Packet
chain=prerouting connection-mark=ICMP_CON action=mark-packet
new-packet-mark=ICMP passthrough=no
40 ;;; Streaming Connection
chain=prerouting protocol=tcp dst-port=554 action=mark-connection
new-connection-mark=VOIP_CON passthrough=yes
41 ;;; SIP TCP Connection
chain=prerouting protocol=tcp dst-port=5060 action=mark-connection
new-connection-mark=VOIP_CON passthrough=yes
42 chain=prerouting protocol=udp dst-port=5060 action=mark-connection
new-connection-mark=VOIP_CON passthrough=yes
43 ;;; VOIP Packet
chain=prerouting connection-mark=VOIP_CON action=mark-packet
new-packet-mark=VOIP passthrough=no
44 ;;; WOW Connection
chain=prerouting protocol=udp dst-port=3724 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes
45 chain=prerouting protocol=tcp dst-port=3724 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes
46 ;;; WOW Packet
chain=prerouting connection-mark=GAME_CON action=mark-packet
new-packet-mark=GAME passthrough=no
47 ;;; XBOX 360 Connection
chain=prerouting protocol=tcp dst-port=2074 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes
48 chain=prerouting protocol=udp dst-port=2074 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes
49 chain=prerouting protocol=tcp dst-port=3074 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes
50 chain=prerouting protocol=udp dst-port=3074 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes
51 chain=prerouting protocol=tcp dst-port=88 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes
52 ;;; XBOX 360
chain=prerouting connection-mark=GAME_CON action=mark-packet
new-packet-mark=GAME passthrough=no
53 ;;; CoDII Connection
chain=prerouting protocol=tcp dst-port=28960 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes
54 chain=prerouting protocol=udp dst-port=28960 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes
55 ;;; CoDII Packet
chain=prerouting connection-mark=GAME_CON action=mark-packet
new-packet-mark=GAME passthrough=no
56 ;;; Counter Connection
chain=prerouting protocol=tcp dst-port=27000-27050
action=mark-connection new-connection-mark=GAME_CON passthrough=yes
57 chain=prerouting protocol=udp dst-port=27000-27050 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes
58 chain=prerouting protocol=udp dst-port=1200 action=mark-connection
new-connection-mark=GAME_CON passthrough=yes
59 ;;; GAME Packet
chain=prerouting connection-mark=GAME_CON action=mark-packet
new-packet-mark=GAME passthrough=no
60 ;;; VPN Connection
chain=prerouting protocol=tcp dst-port=1723 action=mark-connection
new-connection-mark=VPN_CON passthrough=yes
61 ;;; VPN Packet
chain=prerouting connection-mark=VPN_CON action=mark-packet
new-packet-mark=VPN passthrough=no
62 ;;; VPN GRE Packet
chain=prerouting protocol=gre action=mark-packet new-packet-mark=VPN
passthrough=no
63 ;;; MSN Messenger Connection
chain=prerouting protocol=tcp dst-port=1863 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
64 chain=prerouting protocol=udp dst-port=2001-2120 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
65 chain=prerouting protocol=tcp dst-port=1493 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
66 chain=prerouting protocol=tcp dst-port=1542 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
67 chain=prerouting protocol=tcp dst-port=1963 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
68 chain=prerouting protocol=tcp dst-port=1457 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
69 chain=prerouting protocol=tcp dst-port=3389 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
70 chain=prerouting protocol=tcp dst-port=1556 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
71 chain=prerouting protocol=tcp dst-port=11771 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
72 chain=prerouting protocol=tcp dst-port=5000-8000 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
73 chain=prerouting protocol=udp dst-port=5000-8000 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
74 chain=prerouting protocol=tcp dst-port=13803 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
75 chain=prerouting protocol=tcp dst-port=389 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
76 chain=prerouting protocol=tcp dst-port=522 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
77 chain=prerouting protocol=tcp dst-port=1503 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
78 chain=prerouting protocol=tcp dst-port=1720 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
79 chain=prerouting protocol=tcp dst-port=1731 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
80 chain=prerouting protocol=tcp dst-port=9000-9999 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
81 chain=prerouting protocol=tcp dst-port=1484 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
82 chain=prerouting protocol=udp dst-port=80 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
83 ;;; Yahoo Messenger Connection
chain=prerouting protocol=tcp dst-port=5000-5001 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
84 chain=prerouting protocol=tcp dst-port=5050 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
85 chain=prerouting protocol=tcp dst-port=5100-5101 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
86 ;;; Mirc Connection
chain=prerouting protocol=tcp dst-port=6660-6669 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
87 chain=prerouting protocol=tcp dst-port=1024-1100 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
88 ;;; Skype Connection
chain=prerouting protocol=tcp dst-port=25956 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
89 ;;; AIM Connection
chain=prerouting protocol=tcp dst-port=5190 action=mark-connection
new-connection-mark=CHAT_CON passthrough=yes
90 ;;; ICQ Connection
chain=prerouting protocol=tcp dst-port=20000-20019
action=mark-connection new-connection-mark=CHAT_CON passthrough=yes
91 ;;; Workgroup Connection
chain=prerouting protocol=tcp dst-port=130-139 action=mark-connection
new-connection-mark=WORKGROUP passthrough=yes
92 chain=prerouting protocol=udp dst-port=130-139 action=mark-connection
new-connection-mark=WORKGROUP passthrough=yes
93 ;;; Workgroup Packet
chain=prerouting connection-mark=WORKGROUP action=mark-packet
new-packet-mark=WORKGROUP PACKET passthrough=no
94 ;;; Avast Packet
chain=prerouting protocol=tcp dst-port=12025 action=mark-connection
new-connection-mark=ANTIVIRUS passthrough=yes
95 chain=prerouting protocol=tcp dst-port=12110 action=mark-connection
new-connection-mark=ANTIVIRUS passthrough=yes
96 chain=prerouting protocol=tcp dst-port=12143 action=mark-connection
new-connection-mark=ANTIVIRUS passthrough=yes
97 chain=prerouting protocol=tcp dst-port=12080 action=mark-connection
new-connection-mark=ANTIVIRUS passthrough=yes
98 ;;; Chat Packet
chain=prerouting connection-mark=CHAT_CON action=mark-packet
new-packet-mark=CHAT passthrough=no
99 ;;; Everything Unmatched
chain=prerouting action=mark-packet new-packet-mark=OTHER_UNMATCHED
passthrough=no
U firewall>filter ti idu sledeca 2 pravila:
14 ;;; P2P
chain=forward dst-address=x.x.x.x(mrezni opseg adresa) packet-mark=P2P action=drop
15 ;;; Other
chain=forward dst-address=x.x.x.x(mrezni opseg adresa) packet-mark=OTHER_UNMATCHED action=drop
Ovo sigurno radi, provereno. Jeste malo glomazno, ali isplati se. Protok torrentima je ravan nuli.
Ivica Golubovic