Searching \ for '[TECH] Block a port for ICS on Win XP' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: www.piclist.com/techref/ios.htm?key=port
Search entire site for: 'Block a port for ICS on Win XP'.

Exact match. Not showing close matches.
PICList Thread
'[TECH] Block a port for ICS on Win XP'
2008\09\12@072032 by Tomás Ó hÉilidhe

picon face

ICS = Internet Connection Sharing

I have two ethernet interfaces on my computer. One of the interfaces
consists of a connection to the internet (let's call it "eth0"), and the
other interface consists of a cross-over cable leading to my friend's
computer (let's call it "eth1").

My friend wanted access to the internet, so I enabled ICS in Windows,
thus sharing my internet connection from eth0 to eth1. Now the only
problem I'm having is that my friend is running bittorrent 24 hours a
day downloading absolute crap (his internal 120 GB hard disk is full,
along with two separate external 100 GB hard disks).

Of course I could kindly ask him to stop downloading, but I'd rather
just make it impossible for him, and then when he asks what's going
wrong I'll just say the Internet Service Provider must have blocked
bittorrent (I'm living in his house rent-free at the moment so I think
this is the most amicable way of cutting him off!)

So here's what I want to do: When I receive a TCP or UDP segment from my
friend's computer on eth1, I want to discard it depending on the
destination port. What's the best way of doing this?

I've experimented a few times with different firewall software but all
the ones I've tried have been a righteous pain in the ass. All I want to
do is block TCP segments with a destination of port 6881, but none of
the firewalls I've tried can provide this simplicity; they go into all
sorts of crap like "safe zone" and "danger zone" and blocking particular
programs. All I want to do is discard segments that have particular
destination ports.

To be a little more specific, here's the process I have in mind:
1) I receive a packet from my friend's computer on eth1
2) If the destination port is bittorrent, discard the packet
3) If it's not bittorrent, perform NAT on the packet and forward it out
through eth0

If possible, I would like it set it so that port 6881 is only blocked on
eth1, and not on eth0 (so that I myself can use bittorrent from time to
time if I want to).

Any ideas?



2008\09\12@113306 by Jim Franklin

flavicon
face
A more subtle way would be to "fake" and email from your ISP to yourself,
Warning of abuse of their service acceptable use policy "you are using too
much bandwidth, if you do not reduce your levels, we will terminate your
connection or reduce your connection to 64k for the remainder of the month"

(This is common in the UK on cheap ISPs)

Why do you want to stop him using it? Is it because your line is too slow
because of him, or ?


-Jim

{Original Message removed}

2008\09\12@121252 by Tomás Ó hÉilidhe

picon face
Jim Franklin wrote:
> Why do you want to stop him using it? Is it because your line is too slow
> because of him, or ?

My Skype suffers when he's downloading. Also there's a download limit
beyond which they charge a ridiculous price :-O

2008\09\12@161223 by Clint Sharp

picon face
In message <spam_OUT48CAA3E6.5090406TakeThisOuTspamlavabit.com>, Tomás Ó hÉilidhe
<.....toe_listKILLspamspam@spam@lavabit.com> writes
>If possible, I would like it set it so that port 6881 is only blocked on
>eth1, and not on eth0 (so that I myself can use bittorrent from time to
>time if I want to).
>
>Any ideas?

Grit your teeth and explain to your friend. It's best in the short term
and long term and if they're a good friend they should respect your
wishes. Besides, if it's your name on the bill, guess who's going to get
the nasty letter if they're downloading stuff illegally. It's then your
job to prove it wasn't you.

There's plenty of information readily available using Google that will
explain to you why things like Bittorrent are hard to block so I won't
go into it here as it's OT in my opinion, but using block bittorrent as
a search will tell you why having a calm, reasoned chat with your friend
is the best solution.

Oh, and buy a router, get rid of the evil that is ICS. If you buy the
right one (I can't advise, I don't know how you're connecting to the
'net) it will come with port filtering and possibly even allow you to
limit bandwidth with QoS based on source/destination.

>
>

--
Clint Sharp

2008\09\12@162122 by Mark Rages

face picon face
On Fri, Sep 12, 2008 at 3:11 PM, Clint Sharp <piclistspamKILLspammit.edu> wrote:
{Quote hidden}

Any decent bittorrent client will let you limit your upload speed.
Ask your friend what upload rate he gets now, then subtract 20% and
set his client to limit at that speed.  This should leave plenty of
bandwidth for skype, webbrowsing, etc.

Given your posting history here, perhaps your objective is simply to
annoy your roommate. If this is the case, break the locking tab off
the connector on the crossover cable, then start "accidentally"
knocking it out of the jack occasionally.

Regards,
Mark
markrages@gmail
--
Mark Rages, Engineer
Midwest Telecine LLC
markragesspamspam_OUTmidwesttelecine.com

2008\09\12@163959 by Carl Denk

flavicon
face
I would tell him the truth and lay the cards on the table. If he gets
mad, he isn't much of a friend anyway. If he doesn't stop, shut him out.
Sounds like he is wearing out his welcome, or maybe needs education on
how things work. Explain as much a being a bit torrent server is a good
thing for the world, you don't pay for that level of service, and you
have a budget too. This falls in the classification, help if you can,
and if you can't, well then you can't, but someone that has lots of time
available at this stage of life will be a good Samaritan and make up for
those who weren't dealt a super card hand at this instance.

Tomás Ó hÉilidhe wrote:
> Jim Franklin wrote:
>  
>> Why do you want to stop him using it? Is it because your line is too slow
>> because of him, or ?
>>    
>
> My Skype suffers when he's downloading. Also there's a download limit
> beyond which they charge a ridiculous price :-O
>
>

2008\09\12@172444 by Jon Baker

picon face

2008/9/12 Tomás Ó hÉilidhe <@spam@toe_listKILLspamspamlavabit.com>:
>
> ICS = Internet Connection Sharing
>
> If possible, I would like it set it so that port 6881 is only blocked on
> eth1, and not on eth0 (so that I myself can use bittorrent from time to
> time if I want to).
>
> Any ideas?

Unfortunately BitTorrent uses dynamic ports, although 6881 was the
default, most clients choose at random now to sidestep ISPs blocking
the connections. Packet encryption is also common now so you couldn't
even build a firewall based on packet inspection.

The only solutions as far as I can see are - talk to your friend, or
buy a router that supports QoS, and give connections from your PC
higer priority. Even limiting upstream traffic with QoS you wont have
complete control over incoming traffic and if his traffic is using all
your downstream bandwidth theres not much you can do about it.

--
Jon Baker

2008\09\12@184236 by cdb

flavicon
face
One overused internet connection = equivalent of free rent.

Problem solved - or move to another place, problem still solved.

Colin
--
cdb, KILLspamcolinKILLspamspambtech-online.co.uk on 13/09/2008

Web presence: http://www.btech-online.co.uk  

Hosted by:  http://www.1and1.co.uk/?k_id=7988359







2008\09\16@101847 by Bob Axtell

face picon face
er... why not just unplug his Cat5 crossover cable? I assure you his
downloads will be cut back dramatically...

--Bob A

On Fri, Sep 12, 2008 at 10:16 AM, Tomás Ó hÉilidhe <RemoveMEtoe_listTakeThisOuTspamlavabit.com> wrote:
{Quote hidden}

>

More... (looser matching)
- Last day of these posts
- In 2008 , 2009 only
- Today
- New search...