• Sign in to Neowin Faster!

    Create an account on Neowin to contribute and support the site.

  • 0
Sign in to follow this  

Options to block uTorrent or any other downloading program?

Question

joe_banana    0

Hello guys,

I'm having trouble with one of my roommate using torrent & limewire to download all the time, even though we agreed that speed limits are set. It is terribly affecting the house productivity now.?

So being the noob administrator of our network, I am given the task to fix this, our other friends decided to just stop downloading & enable only the browsing & imap/pop3 ports(port 80 right?) instead.?

How is that possible with a hardware firewall? Im using D-link DIR-300.

Share this post


Link to post
Share on other sites

13 answers to this question

Recommended Posts

  • 0
Shaun N.    569

As Budman will say get Utorrent set up correctly and you won't even notice he is downloading.

Share this post


Link to post
Share on other sites
  • 0
+Ryster    787
So being the noob administrator of our network, I am given the task to fix this, our other friends decided to just stop downloading & enable only the browsing & imap/pop3 ports(port 80 right?) instead.

For reference, the ports for Web, pop3, smtp and imap are as follows:

Web: 80 and 443 (SSL)

POP3: 110

SMTP: 25

IMAP: 143

If you just limit your router to allowing those ports, P2P apps wont really stand a chance. That will however block other stuff as well so be careful.

Share this post


Link to post
Share on other sites
  • 0
+Human.Online    8,690

Block all other ports than the 5 given above. Then let people request those which need opening. And learn to say no :)

Also, tell this dude he is being hugely antisocial and if he continues to do this, you'll simply remove his connectivity.

Share this post


Link to post
Share on other sites
  • 0
FiB3R    1,663

Kick him in the nuts

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,585

Why don't you give us some details of your connection, how many users - and how you have this downloading room mate setup for his clients. As Shaun mentions when they are correctly setup -- unless he and the other clients are wireless??

You should really not notice any issues.. I'm currently download 6 torrents all at the same time, with download speed over 1.4MBps -- and I don't even notice.. Since the upload pipe has room for stuff like dns and to query webservers.

limiting what ports are allowed outbound can limit his access to p2p for sure -- but then again he could just use a proxy that is listening on the ports you have open (80, 443 which kind of required for the net to work)

Your better off working with him so that everyone in the house is happy.. When correctly setup p2p should not be noticed.. Most of the clients even have scheduling built in to up the speeds when no other users on the network, etc.

Blocking all outbound ports other than known services is a valid control method -- but you will find your prob going to run into issues with your other room mates for other things if you limit to only http, https and those email ports.. And don't forget the tls/ssl ports for stuff like imap and pop, smtp for example gmail uses tcp 995, 993 and 587

Share this post


Link to post
Share on other sites
  • 0
boogerjones    86

enable only the browsing & imap/pop3 ports(port 80 right?) instead.

No, you don't need to "enable" any ports to browse the web or to check email. That's only for inbound connections. Or does the DIR-300 let you control outbound connections? I wouldn't think so since it's an entry-level router.

Share this post


Link to post
Share on other sites
  • 0
Nagisan    248

Get a WRT54GL or another router that can use Tomato Firmware. Then use the default QOS settings. From there, you can add game ports (such as the ports for steam-based games) and move them above the "bulk traffic" QOS classification.

Once you do that you will be able to run utorrent and allow it to use as much bandwidth as you want, and still browse without a problem. For reference, I went from a 160N router to a WRT54GL with Tomato firmware. On my normal TF2 server my ping went from 50-60, down to 30-35. While downloading and uploading using about half my max bandwidth, my ping is around 40-50. If I am uploading at my full upload speeds, my ping is around 50-60. Not perfect, obviously, but if you have a router with good firmware that properly handles QOS (from what I have read and experienced, Tomato firmware has the best QOS service you can put on a router, period), downloading through torrents will not affect your internet hardly at all.

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,585

From a quick look a the manual for the dir-300 and the emulator, it allows up to 20 firewall rules which can be used to only allow access to specific ports.. Hope you don't need more than 20 ;)

post-14624-12699587209998.jpg

Off the top real quick your using up quite a few already http,https,pop,smtp,imap,(993,995,587 pop smtp and imap for gmail) dont forget ftp 21. Thats 9 and your going to need a rule at the end to deny all ports. So your at 10 rules arleady.

Share this post


Link to post
Share on other sites
  • 0
joe_banana    0
Kick him in the nuts

How i wish i could. lol

Cool thanks a lot guys!

Our setup is quite simple a modem(containing ISP settings) is plugged into the router, honestly I havent tinkered much to it other than setting/assigning specific IP address for computer.

The thing is i even thought him how to limit speeds so everyone can get their share of speed but its pretty annoying this guy won't listen. What i really want is only those ports to be opened then? how is that possible what rule to block other ports other than those? & opening of ther ports should be requested.

I think the QOS is ISP dependent right?

Thanks again specially budman, you are the man. :)

Share this post


Link to post
Share on other sites
  • 0
mediVh    3

err, why exactly does it matter that he's downloading? Where do you live that your internet service isnt capable of supporting that these days?

Share this post


Link to post
Share on other sites
  • 0
Nicholas P.    1

If you use DHCP then find his IP and Lock it so he will always have the same IP.

Try to log the ports he uses and of course disable UnPn (Universal plug and play if I am correct).

If he uses same ports every time just block his ports.

btw blocking ports for P2P software does not always work especially if he uses random ports.

Disabling the UnPn requires port forwarding. That means he wont be able to download at descent speeds (for p2p progs) which is what you want. probably max speed will be something between 10-60kb/s.

Of course he will still screw your connection up if he wont limit his uploading speed.

But anyway you dont need to get mad and hysterical. Calm down and speak with your other room8s first. Then try to talk to him. If he does not get it then simply stop sharing your internet connection with him.

Another solution is to use a router with QOS and limit his bandwidth. Generally, QOS is ISP independent.

Share this post


Link to post
Share on other sites
  • 0
Nagisan    248

I think the QOS is ISP dependent right?

QOS is a router setting. Most routers have it, but most of them do not work worth a crap (in my experience, at least). Even WITH QOS configured properly I had trouble browsing the internet on my WRT160N. I got a WRT54GL and put tomato firmware on it, turned on QOS (with its default settings) and I was browsing without a problem while downloading full speed through torrents. I even added online game ports into the QOS with a higher priority than downloads, and I can download and upload at full torrent speeds, while keeping my ping manageable in the servers I typically play on (under 80). Without downloading, just having QOS configured properly and a good router + firmware combination, I dropped my normal latency from 45-60 down to around 30-35 on the normal TF2 server I play on.

err, why exactly does it matter that he's downloading? Where do you live that your internet service isnt capable of supporting that these days?

Sadly, some ISPs limit upload WAY too much. Where I live the fastest speed I can get is 10/0.5 mb/s up/down. The download is fine, but the upload is a mere 1/20th of the download speed and it quite frankly sucks. I mean hell, Video chat with skype virtually saturates the upload link, thrown a few torrent downloads on the line and it quite quickly saturates the uplink. Luckily, all you need is a good router with a properly working QOS (that is, third-party firmware, unless you find a stock router that has QOS thats worth a crap) and it pretty much solves issues from torrent downloads slowing internet access.

Share this post


Link to post
Share on other sites
  • 0
+BudMan    3,585

"btw blocking ports for P2P software does not always work especially if he uses random ports."

He is not looking to block just p2p ports - he is looking to block ALL ports other than needed for web, email access -- ie he will only allow http, https, pop, smtp, imap, etc. So yes this will prevent p2p from working.. Since unless the tracker is running on one of these ports, and only clients in the cloud are using these ports he will not be able to talk to them. Now I have never seen a tracker that run on any of these ports, nor is there going to be many clients using them.. So he would never be able to request anything from them. Since the local router would not allow outbound traffic unless its on 80, 443, 110, 25, etc.

Now his router allows for this - but has a limit of only 20 rules. So this could be a problem if he needs more than 19 ports open outbound.. From the way I am reading his routers interface the last rule will have to be set to block all ports. So unless the traffic meets a rule that allows it - it will be blocked by the block rule. Not sure what version he has - but its seems from the manual that version 2 allows for 50 rules.. So thats good if he has that version.

But anyway - from looking at the interface, his rules would prob look something like this.

post-14624-12700513089007.jpg

He would just need to add more allows above the block rule, etc. He would prob want to set that last block rule to both udp and tcp.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.