Brian Ladd’s Blog – Notes on Life

Just another WordPress.com weblog

Beat Comcat BitTorrent Throttling on Linux

http://tuxtraining.com/2008/06/21/beating-sandvine-on-linux-with-iptables/

Multiple sites reported a while ago that Comcast was using Sandvine to do tcp packet resets to throttle BitTorrent connections of their users. This practice may be a thing of the past as it’s been found a simple rule in the Linux firewall, iptables, can simply just block their reset packets, returning your BitTorrent back to normal speeds and allowing you to once again connect to all your seeds and peer. So, if you are tired of Sandvine (the application used by Comcast to throttle Bit Torrent with fake TCP packet resets) screwing with your BitTorrent and a user of GNU/Linux, then this is for you. I will tell you how to take your bandwidth back.

Also see:

  1. Basics of iptables
  2. Iptables: How to save and restore rules at boot & shutdown
  3. How to Encrypt Bit Torrent Traffic With Ktorrent and Azurues

If you are using a Red Hat Linux derivative, such as Fedora Core or CentOS, then you will want to edit /etc/sysconfig/iptables. First, make a backup of this file. Next, open this file in your favorite text editor. Replace the current contents with this, substituting 6883 with your BitTorrent port number:

(Note: the values state, reject, dport and tcp-flags begin with a double dash )

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
#Comcast BitTorrent seeding block workaround
-A INPUT -p tcp –dport 6883 –tcp-flags RST RST -j DROP
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
#BitTorrent
-A INPUT -m state –state NEW -m tcp -p tcp –dport 6883 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 6883 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT

Reload your iptables firewall with service iptables restart. You should now see a great improvement in your seeding.

If you are using Ubuntu or another non-Red Hat Linux derivative, then place the following in a file and execute that file as root.
#!/bin/sh
#Replace 6883 with you BT port
BT_PORT=6883
#Flush the filters
iptables -F
#Apply new filters
iptables -A INPUT -i lo -j ACCEPT
#Comcast BitTorrent seeding block workaround
iptables -A INPUT -p tcp --dport $BT_PORT --tcp-flags RST RST -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#BitTorrent
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport $BT_PORT -j ACCEPT
iptables -A INPUT -m state --state NEW -m udp -p udp --dport $BT_PORT -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

If you are using Gentoo or another distro, it is important that your iptables rules includes this line, feel free to change the port number (or make it a range of ports).

-A INPUT -p tcp –dport 6883 –tcp-flags RST RST -j DROP

Your firewall is now configured and you should have great upload speed now. You will have to run this script every boot, by the way. One easy way is to call the script at the end of /etc/rc.local.

June 30, 2008 Posted by brianladd | Copyright / P2P / Law, Linux | | No Comments Yet

Icons for Windows & Linux

http://www.iconarchive.com/

September 25, 2007 Posted by brianladd | Linux, Windows / Microsoft | | No Comments Yet

Debian Linux Auto Installer

http://goodbye-microsoft.com/

This is a graphic installer for Debian etch distro of Linux and will allow non-technical users to install Debian without most of the the hassles of burning media.  Pretty cool.  Need to try it some time.  And remember, if you are going to try this yourself, always make a complete system backup before starting.

September 13, 2007 Posted by brianladd | Linux | | No Comments Yet

Why people don’t use Linux (or Windows is Free)

http://tlug.jp/articles/Windows_Is_Free

This is a really good article on why people don’t use Linux more often. Fantastic read.

August 16, 2007 Posted by brianladd | Linux | | No Comments Yet

Full Screen Unclosable PopUp

http://hackademix.net/2007/08/07/java-evil-popups

Found this one thanks to Slashdot.org
If you’re not reading Slashdot, then you should. At least once a day.

Anyway, this is a full screen, unclosable popup with no controls and no way to interact with it. Thats the bad news.
Now for the good news. If you’re running Firefox with the NoScript plugin, then you have nothing to worry about as the NoScript plugin does a fantastic job at killing this and almost every other annoyance I’ve come across on the Internet.

In case you don’t have them, get them.
FireFox
NoScript

August 8, 2007 Posted by brianladd | Linux, Security, Windows / Microsoft | | No Comments Yet

How to install PHP 5.x on Windows Server 2003 with IIS 6

http://www.peterguy.com/php/install_IIS6.html
How to install PHP 5.x on Windows Server 2003 with IIS 6

Man this was handy to get SugarCRM installed.

SugarCRM is a really nice Open-Source CRM application for sales contact management.

August 3, 2007 Posted by brianladd | Linux, Windows / Microsoft | | No Comments Yet