Block BitTorrent Traffic w/Tomato?

Discussion in 'Tomato Firmware' started by LobsterScuttle, Jan 16, 2009.

  1. LobsterScuttle

    LobsterScuttle Network Guru Member

    Has anyone successfully blocked bittorrent traffic with Tomato? I have searched and found people that said they blocked it but needed help blocking it for specific time periods, they did not mention how they successfully did it :(
  2. Meffy

    Meffy LI Guru Member

    the best way would prolly be the blocking of ports via access restriction.only allow things like msn web browsing and maybe ftp
  3. LobsterScuttle

    LobsterScuttle Network Guru Member

    It appears to be working now, using the builtin access restrictions.

    I created an access restriction for all 3 of these:
    IPP2P All
    IPP2P Bittorrent
    L7 Bittorrent

    All 3 enabled, not sure if I need all three or not but its working so I'm leaving it.
  4. Meffy

    Meffy LI Guru Member

    That can easily be bypassed by enabling encryption in most torrent clients
  5. LobsterScuttle

    LobsterScuttle Network Guru Member

    No worries, My roommate is an idiot. I warned him not to download stuff and he complied for 9 days, then figured I wouldn't notice if he did it while I was at work. Anyway I figured this was better than cutting his internet completely. Which will be the next option if he figures a way around it. Plus im running tomato with the Bandwidth limiter, so he will get that axe too. And he's already been told to move his lazy a$$ out, but we generously gave him 3 months :(

    Thanks for the tip though.
  6. LobsterScuttle

    LobsterScuttle Network Guru Member

    Hmmm, I just tested it again for fun, and now its not blocking anymore. Any ideas as to why that happens, I tried going back and re enabling the access restrictions and still no go. Weird.
  7. szfong

    szfong Network Guru Member

    Look at the Device list and find his device(s). Try restricting his usage based on his IP/MAC address. Try one of the Tomato Mods.

  8. Meffy

    Meffy LI Guru Member

    He prolly has encryption on....its enabled by default on most clients.Best way is to block off all ports cept the dns,ftp,www ones
  9. mikester

    mikester Network Guru Member

    google this forum as its been done

    add "announce" and "torrent" to your access restrictions as well as the other stuff posted above
  10. az2008

    az2008 Addicted to LI Member

    I would set a QoS rule for his MAC addr to cap all UDP traffic to 1% of available bandwidth (or, whatever percentage makes sense). Especially if he's not respecting your wishes.

    Also make sure he doesn't have the password to the router.

  11. LobsterScuttle

    LobsterScuttle Network Guru Member

    I have done that, using Victek mod to seriously limit his bandwidth, but I have the same problem there it works for a while then all of the sudden he is using all the bandwidth again, i go back into the bandwidth limiter option and hit save again and it drops again. It just never stays.

    I guess so, he is using utorrent and my test machine was using it too, but it was blocking the first time. sigh...

    I did find that in a google before i posted but was not sure where to put the announce and torrent. After you mentioned it I just stuck it in the HTTP Requests box and that appears to be working well. Noticed that it wont let you go to pages that have torrent in the address too which is kinda cool. Thanks, will see if that one sticks.

    If you could provide more detail on the QOS rule that would be appreciated. I have QOS rules but the only thing I notice i can do is set priority to: highest, high, medium, low, lowest, etc. Oh, and there is no way he has the password to the router.

    Thank you all for your help, I appreciate it. I know I could just yell at him again but I am having fun with this :) and its a nice learning experience.
  12. az2008

    az2008 Addicted to LI Member

    Go to QoS->Basic Settings. Set Class E to something like 1% and 1% (min/max). Save the page.

    Go to QoS->Classifications and create a new rule with

    - His source MAC address,
    - Class E,
    - Desc: "Former roomate...",
    - Protocol: UDP,
    - Any port,
    - IPP2P disabled,
    - Layer 7 disabled

    After adding the rule, move it above the "Bulk" UDP rule so it won't be applied first.

    If he has some legitimate UDP traffic, you'd have to create another rule to give higher priority to that specific traffic (like, to a destination IP address for VOIP traffic). Or, just tell him it's tough because he won't follow your rules.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice