popeye
@shawcable.net
| how to stop bittorrent downloads??
ok i am running a wrt54gl with tomato firmware. I enabled QOS, set the rules for p2p, made port 80 highest priority..etc. It worked for a while but after a few days, he seem to have bypassed everything and still slows my connection down. I even tried to turn the uPnP off, but i still see his IP everywhere under detail list. and all the destinations are to p2p sites like bittorrent.
is he using port forwarding to trick my router??
thanks for the help. |
|
max2k1
Hibernating In Texas
join:2001-06-01
Austin, TX
| Who is this "he" that you speak of ??
Is he an unauthorized user? If so, can't you setup your security to disallow access to your network ? (WPA keys for wireless) ... and yanking his cable out for wired 
Or setup a firewall that filters all traffic except the ones you need. |
|
popeye
@shawcable.net | reply to popeye
oh sorry he is just one of the mates in the house. btw, i do have full access to the router, he doesnt.
thanks. |
|
Lowtarget
Premium
join:2003-12-22
Alger, OH
clubs:
 ·RoadRunner Cable
 ·magicjack.com
| reply to popeye
Checkout this link »www.linksysinfo.org/forums/showt···?t=58571
I never tryed this on my router. Since I'm the only one who uses the broadband connection. Just thought I'll post the link for you. If anything if he/she uses to much bandwidth. A good old hammer on the hand works good. Just kidding on the last part.   |
|
popeye
@shawcable.net | Thanks alot Lowtarget, looks like this is exactly what im looking for! |
|
Tursiops_G
Technoid
Premium,MVM
join:2002-02-06
Norwalk, CT
clubs:
·Optimum Online
| In the interest of maintaining "Domestic Tranquility", I'd suggest limiting "him" to no Less than 1/2 of your Bandwidth, and don't even mention anything to him about it... If he asks you about his 'Slower than Normal' Speeds, just say: "Yeah, I'm seeing it too..."
-Tursiops_G.
--
If You're Unsure, "RTFM"... If You're SURE, "RTFM" Anyway. |
|
JTC
Always Mount A Scratch Monkey
join:2002-01-09
USA
·Comcast Workplace
 ·Integra Telecom
| reply to popeye
The problem with the IP QoS approach is that there isn't anything to stop your flat/house mate from changing their IP address to one that isn't managed.
L7 filtering, which I believe Tomato has, looks at the packets and applies your QoS rules regardless of the IP. However, if the stream is encrypted, it can't tell what it is and will dump it into the default bucket.
If you are really serious about limiting their bandwidth, I'd do this, if Tomato allows it:
•Pick a range of IP addresses that are allowed 'out' of your LAN, block all the rest in your subnet
•Assign every machine on the LAN an IP
•Set up static ARP for each IP
•Set up your QoS tables as needed
This will force the target machine to use the IP you specify if they want to do anything outside your LAN.
If they spoof their MAC address, they won't get a 'working' IP.
If they pick a random IP from a working machine, the static ARP won't send any traffic to their machine (MAC IP mapping doesn't match).
If they pick another IP outside the chosen range you are allowing access out (spoofed MAC or not), it will be blocked.
--
All hardware sucks, all software sucks, some just suck more than others |
|
latinuser_uy
join:2004-07-15
UY
edit:
October 6th, @12:03PM
| One thing I did that worked for me is the following:
I have two WRT54GL's with DD-WRT. One is used to give "the other user" access the the network. That WRT54GL is connected using an ethernet cable to another WRT54G that manages the actual internet connection. In that second WRT54G I have configured even at the port level to have less priority and 1/2 of the total available bandwidth. Each WRT54GL has its own SSID, and both share the same IP net. Only one has DHCP on.
That has worked, and it only cost a second WRT54G more. P2P are going the obfuscation-way at the protocol level, so they might even more difficult to catch with a protocol control mechanism (because that's precisely what they are trying to avoid at the ISP level).
Have fun!. |
|
popeye
@shawcable.net
| reply to JTC
Thanks for all the info everyone
If you are really serious about limiting their bandwidth, I'd do this, if Tomato allows it:
•Pick a range of IP addresses that are allowed 'out' of your LAN, block all the rest in your subnet
•Assign every machine on the LAN an IP
•Set up static ARP for each IP
•Set up your QoS tables as needed
I am interested in doing these steps to get a better control over the bandwidth, because i think you are right, my internet is still slow sometimes even with the correct QOS settings.
Can you tell me exactly how to do this in tomato firmware? also, what does ARP stand for?
If this doesnt work i might have to get a second router
thanks again |
|
JTC
Always Mount A Scratch Monkey
join:2002-01-09
USA
·Comcast Workplace
·Integra Telecom
| said by popeye :
I am interested in doing these steps to get a better control over the bandwidth, because i think you are right, my internet is still slow sometimes even with the correct QOS settings. You might want to look into connection limiting as well then, or try tweaking the connection tracking timeout in the firmware.
I have experienced massive slowdowns on my WRT54G running DD-WRT when the connection table had a lot of connections in it. It might be that your device is having a heck of a time keeping track of them all.
said by popeye :
Can you tell me exactly how to do this in tomato firmware? also, what does ARP stand for? ARP = Address Resolution Protocol
Per wikipedia:
"ARP is primarily used to translate IP addresses to Ethernet MAC addresses"
So in this case, it's the bits that maps an IP to a network card. If you set a static ARP, the LAN won't send any data to the system in question unless it has the correct MAC and IP.
As for how to do it in tomato, I do not know. If tomato has the provisions to set a static IP, perfect. Otherwise, it's adding some commands to a script.
The command is usually something to the effect of arp -s 00:00:00:00:00:00 127.0.0.1, but it might vary on the version of arp on the device.
said by popeye :If this doesnt work i might have to get a second router Eh, I don't think you will, but hey, more toys, right?
--
All hardware sucks, all software sucks, some just suck more than others |
|
