How to circumvent Sandvine/torrent throttling?

Discussion in 'Tomato Firmware' started by Pete7874, Feb 10, 2008.

  1. Pete7874

    Pete7874 Network Guru Member

    Hi All,

    Is there anything that can be done in Tomato (some dedicated scripts) that would overcome the torrent throttling mechanism that Comcast is using?

    I use Azureus and tried following these directions:

    but they just don't work for me. After applying them, most of the torrents I seed throw a tracker error (invalid port).

    But on the same page, they talk about alternative solution:

    Use iptables or ipfw, this has been posted many times around the web, but here it is just for posterity:
    iptables -A INPUT -p tcp –dport $YOURTORRENTPORT –tcp-flags RST RST -j DROP
    ipfw add deny tcp from any to any YOURTORRENTPORT in tcpflags rst
    Is this something that could be adapted and executed in Tomato?

    I saw an earlier post on this subject here, but it didn't look like there was a clear answer...

    How are you Comcast p2p users going around this Sandvine throttling problem?
  2. icemanv3

    icemanv3 LI Guru Member

    telnet to your router,

    using root instead of admin, but same password as http.

    iptables -A INPUT -p tcp --dport PORTHERE --tcp-flags RST RST -j DROP

    so for example

    iptables -A INPUT -p tcp --dport 1234 --tcp-flags RST RST -j DROP
    iptables -A INPUT -p tcp --dport 1234:4000 --tcp-flags RST RST -j DROP

    The last = a range of ports.
  3. icemanv3

    icemanv3 LI Guru Member

    or to better it,

    Block it on all ports

    iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
  4. mstombs

    mstombs Network Guru Member

    But INPUT only applies to messages to the router, surely you would need to drop those packets in the FORWARD chain?
  5. icemanv3

    icemanv3 LI Guru Member

    have to admit read that after i posted earlier.

    iptables -I FORWARD 7 -p tcp --dport PORTHERE --tcp-flags RST RST -j DROP
  6. Pete7874

    Pete7874 Network Guru Member

    Thanks guys. So do I just need this line:

    iptables -I FORWARD 7 -p tcp --dport PORTHERE --tcp-flags RST RST -j DROP

    or also this one:

    iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP


    Also, once I make these changes, will they be permanently saved in the router's memory or will I have to issue them after every reboot and power disconnect?
  7. szfong

    szfong Network Guru Member

    uTorrent v1.8 alpha w/ Teredo on both ends should also work.
  8. Pete7874

    Pete7874 Network Guru Member

    I guess what I'm asking is if I can put these commands in the init script so that they are executed whenever the router reboots.

    And what commands would I use if I wanted to reverse these actions?
  9. dolly_oops

    dolly_oops Network Guru Member

    Having been heavily involved with the Comcast stuff (and being involved on workarounds), my advice would be not to make the firewall changes, and just wait for the next release of uTorrent or Azureus (or try betas of either) - there's new stuff in both which should improve things somewhat.
  10. Pete7874

    Pete7874 Network Guru Member

    I am using a beta Azureus with the tweaks recommended in the link that I posted above. And as I said, the tweaks don't work.
  11. rcordorica

    rcordorica Network Guru Member

    Actually, Azureus already implented a fix for the Sandvine filtering. See the changelog under
    "Reconnect to peers after unexpected disconnect / recover stats of recently disconnected peers"

    And I also use encrypted transfers to avoid filtering. Unfortunately some ISP's are going too far and putting low priority on all encrypted traffic (they ignore ssh and ssl).
  12. Sunspark

    Sunspark LI Guru Member

    It's interesting how the TCP protocol is becoming increasingly broken due to ISP attempts to control the customers. Ignoring RST at the router isn't the best idea imho because it is there for a reason.

    I did try the Azureus tweaks and I think it helped because I was d/ling at 150-175 at a time I 'should' have been 30. But we'll see. (Sympatico here)
  13. dolly_oops

    dolly_oops Network Guru Member

    It's not true to say that either Azureus or uTorrent have fixed the Sandvine "problem" - both have implemented various things which workaround problems to an extent. And there are new developments (certainly at least on the Azureus side of things) which will try to improve the situation more.
  14. ng12345

    ng12345 LI Guru Member

  15. kevanj

    kevanj LI Guru Member

    I don't think it's TCP that is 'becoming increasingly broken' at all..TCP is a pretty robust protocol (look how long it's been arround, and how many other protocols have submitted to it's will and disappeared.. :)

    The problem is software developers deliberately circumventing the built in controls within TCP (such as ignoring RST packets) can make anything LOOK broken if you want to... LOL
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice