What's new

guest wifi -how to disable torrent downloads

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

greggy101

Regular Contributor
Does anyone know if there is a simple way (or any way possible) to restrict/disable all torrent downloads for the clients on the guest wifi ? (without knowing their MAC's upfront)
Any help would be greatly appreciated!

87U 378_50
 
Not possible since torrents can be encrypted.

Sent from my LG-D802 using Tapatalk

That's not necessarily true. You could technically implement a firewall that has a whitelist of allowed outbound services and drop everything else.
 
That's not necessarily true. You could technically implement a firewall that has a whitelist of allowed outbound services and drop everything else.

Any idea how to?
 
Any idea how to?

The following illustrates how outbound services allowed on Guest 2.4GHz SSID #1 can be limited to a whitelist:

Code:
GUEST_IF="wl0.1"

iptables -I FORWARD -i $GUEST_IF -j DROP
iptables -I FORWARD -i $GUEST_IF -p tcp -m multiport --dports http,https,imap,smtp,pop3,sftp,ftp,imaps -j ACCEPT
 
The following illustrates how outbound services allowed on Guest 2.4GHz SSID #1 can be limited to a whitelist:

Code:
GUEST_IF="wl0.1"

iptables -I FORWARD -i $GUEST_IF -j DROP
iptables -I FORWARD -i $GUEST_IF -p tcp -m multiport --dports http,https,imap,smtp,pop3,sftp,ftp,imaps -j ACCEPT

So, the same for Guest 5Ghz?

Thanks!
 
I am looking to do this on an Asus RT-AC87U router running latest merlin firmware. I am a bit new to this so could someone explain how to implement the above.

Thanks
 
torrents use the torrent protocol that is UDP based. Its easier to do this using layer 3 but on layer 2 you would need a special router for that such as from mikrotik which you can tag packets from layer 2 coming from an interface and than pass them to layer 3 firewall to filter. This sort of filtering requires the traffic going through the CPU. I havent seen a layer 2 firewall from ubiquiti yet.

So even if torrents were encrypted it would still be using the same protocol and would require the router to recognise it. encrypting torrents is only so no one knows what you're sharing and probably a way against some network based malware injection but it doesnt help if someone on the torrent network is a tracker or giving an infected file.
 
torrents use the torrent protocol that is UDP based. Its easier to do this using layer 3 but on layer 2 you would need a special router for that such as from mikrotik which you can tag packets from layer 2 coming from an interface and than pass them to layer 3 firewall to filter. This sort of filtering requires the traffic going through the CPU. I havent seen a layer 2 firewall from ubiquiti yet.

So even if torrents were encrypted it would still be using the same protocol and would require the router to recognise it. encrypting torrents is only so no one knows what you're sharing and probably a way against some network based malware injection but it doesnt help if someone on the torrent network is a tracker or giving an infected file.

So would blocking everything except http & https would have no effect?
 
blocking everything except those 2 will block torrents unless the torrent is using a http proxy. A lot of things are important for the internet to function and use UDP. NTP and DNS are the important ones.
 
blocking everything except those 2 will block torrents unless the torrent is using a http proxy. A lot of things are important for the internet to function and use UDP. NTP and DNS are the important ones.
So would you be able to assist me in blocking torrents somehow? Thanks for the assistance so far
 
I cannot help you with blocking, if you use an asus router you can try RMerlin's firmware and some IPTable examples. If you were using mikrotik i could help you block torrents coming from wifi only.
 
I cannot help you with blocking, if you use an asus router you can try RMerlin's firmware and some IPTable examples. If you were using mikrotik i could help you block torrents coming from wifi only.
I am using merlin firmware but do not know where to start with ip tables. Looking for guidance
 
You cannot really block torrents. You can setup really complicated firewalling and perhaps hinder it, but completely blocking is practically impossible, without severely limiting the places & services that you allow connections to/from.


Another method would be to not allow any IP to saturate the connection, by using traffic-shaping or traffic-policing. With pfSense you can use limiters (FreeBSD dummynet) to dynamically share bandwidth proportionally among active LAN IPs. This means 3 users downloading on a 3mbit connection would be rate-limited to 1mbit each, but if there is bandwidth available/unused, anyone can use all (or most, depending on how you configure it).Traffic-shaping is a simpler way of dealing with hostile/greedy traffic.


As I understand it, blocking torrents is not the preferred method of dealing with it's traffic, since it can use any TCP or UDP port along with encryption.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top