BandaAncha

  • 🔍 en 📰 artículos ⏎
  • 🔍 en 💬 foros ⏎
  • 🔍 en 👇 este 💬 foro ⏎
  • 🔍 en 👇 este 💬 tema ⏎
Regístrate Regístrate Identifícate Identifícate

¿Alguien quiere probar?

bumper

A mi personalmente no me ha funcionado.
Ojo que con la opción "install" a secas (que es la que he probado) te quedas sin firewall.

Sacado de otro foro:

A bit of a background to Sandvine:
Comcast is blocking P2P traffic by using something called a Sandvine. Comcast searches for connections for file-sharing networks. When it finds a connection, comcast sends a "RST" packet to both your computer and the computer you are connecting to. The RST packet is telling both computers to "Reset" or "Close" the network connection. Thus, blocking any data from being sent over the connection. What this tutorial does here is sets your computer up to ignore any RST packets on your bittorrent port. DO NOT IGNORE RST PACKETS ON ALL PORTS - ONLY DO IT ON YOUR BITTORRENT PORT.

Make sure you ask questions here before doing anything you are unsure of. You have the ability to completely cut yourself off from the internet using this.

ALSO NOTE: You must use a single port for using bittorrent. THis will not work if you have your client use a "random" port.

------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------

Important!

This isn't just for Comcast users. It appears that sandvine sends RSTs to both the seeder and the leecher. Therefore, if you want to download from anyone who is on comcast, you have to do this fix, or something similar, as well.
-----------

I know there are a lot of us using comcast, and the tutorial (redhatcat.somewhere.com/2007/09/ ... wipfw.html) leaves out some important stuff... but not to fear, here's a complete guide to setting up WIPFW on Windows 2000 and XP. If you're having any problems, post 'em here and I'll have a solution for you in no time.

You MUST do this at a local console, as it will block all VNC/Remote Desktop connections by default.

This has only been tested on Windows 2000 & XP, with Vista YMMV.

Step 1:

Download WIPFW from sourceforge downloads.sourceforge.net/wipfw/

Step 2:

Unzip to C:\Program Files\WIPFW

Step 3:

If you want a "default deny", double click "install-deny.cmd". Network activity WILL be cut off at this point.

If you want a "default allow", double click "install.cmd".

A default deny means that ALL data will be BLOCKED by default. If you are behind a router (or any other firewall) that has a firewall already built in, use default allow (Because your router is blocking the bad stuff anyway).

Step 4 (Windows XP only):

Start -> Control Panel -> Security Center -> Windows Firewall

Turn Windows Firewall OFF and click OK

Then, in the security center, click "Recommendations..." under the (now red) firewall header.

Check "I have a firewall solution that I'll monitor myself" and click OK

Step 5:

Save the following text in the file %systemroot%\System32\drivers\etc\protocol (%systemroot% is the windows directory). NOTE: This text may already be there. If so, just ignore this step.

QUOTE(protocol)
# Copyright © 1993-1999 Microsoft Corp.
#
# This file contains the Internet protocols as defined by RFC 1700
# (Assigned Numbers).
#
# Format:
#
# [aliases...] [#]

ip 0 IP # Internet protocol
icmp 1 ICMP # Internet control message protocol
ggp 3 GGP # Gateway-gateway protocol
tcp 6 TCP # Transmission control protocol
egp 8 EGP # Exterior gateway protocol
pup 12 PUP # PARC universal packet protocol
udp 17 UDP # User datagram protocol
hmp 20 HMP # Host monitoring protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
rdp 27 RDP # "reliable datagram" protocol
rvd 66 RVD # MIT remote virtual disk

Step 6:

Open C:\Program Files\WIPFW\wipfw.conf in notepad and replace the contents with the following:
NOTE: Make sure you replace "*****" with the port that your bittorrent client uses!

If you are using the Default Deny:

QUOTE
#################
#
# wipfw.conf
# Replace ***** with your bittorrent port
#
#################

# First flush the firewall rules
-f flush

# Localhost rules
add 100 allow all from any to any via lo*

# Prevent any traffic to 127.0.0.1, common in localhost spoofing
add 110 deny log all from any to 127.0.0.0/8 in
add 120 deny log all from 127.0.0.0/8 to any in

# Drop incoming packets with RST flag on BitTorrent port
# This is what thwarts Sandvine.
add deny tcp from any to me ***** tcpflags rst

# Setup stateful filtering
add check-state
add pass all from me to any out keep-state
add count log ip from any to any

# Allow new incoming BitTorrent connections
add pass tcp from any to any *****
add pass udp from any to any *****

If you are using the Default Allow:

QUOTE
#################
#
# wipfw.conf
# Replace ***** with your bittorrent port
#
#################

# First flush the firewall rules
-f flush

# Drop incoming packets with RST flag on BitTorrent port
# This is what thwarts Sandvine.
add deny tcp from any to me ***** tcpflags rst

Step 7:

If you are using a default deny, you will have to change the config to allow other network data through your network with any of the following rules (just add these rules to the end of wipfw.conf)

QUOTE(File & Print Sharing)
#Replace 192.168.0.0/24 with your local subnet and mask

# Allow Microsoft SMB file sharing w/ NetBIOS
add pass tcp from 192.168.0.0/24 to me 135-139
add pass udp from 192.168.0.0/24 to me 135-139

# Allow direct-hosted SMB w/out NetBIOS
add pass tcp from 192.168.0.0/24 to me 445
add pass udp from 192.168.0.0/24 to me 445

QUOTE(VNC)
# Enable VNC
add pass tcp from any to me 5800-5801
add pass tcp from any to me 5900-5901

QUOTE(Remote Desktop)
# Allow RDP/Terminal Services connections
add pass tcp from any to me 3389

QUOTE(SSH server)
# Allow incoming SSH
add pass tcp from any to me 22

QUOTE(DNS server)
# Allow incoming DNS
add pass udp from any to me 53

QUOTE(Web server)
# Allow incoming WWW
add pass tcp from any to me 80

QUOTE(FTP server)
# Allow incoming FTP
add pass tcp from any to me 21

More ports for other network services can be found here.

Save wipfw.conf when you're done.

Step 8:

Start -> Run

Type CMD.exe and press enter.

run the following two commands

>net stop ipfw

>net start ipfw

Este tema está cerrado a nuevas respuestas. Abre un nuevo tema para retomar la conversación.
CAPONO

Por supuesto que quiero probar,

Lo he buscado en versión iptables: (link roto)

Lo malo es que parece que esos paquetes RST se envían al cliente y al servidor, así que si el servidor no está configurado para ignorarlos no sirve de nada ignorarlos en el cliente.

Por otro lado, ¿servirá para las conexiones de la mula?

A ver si alguien que sepa del tema nos saca de dudas.

🗨️ 2
CAPONO

Lo estoy probando y no noto ninguna mejoría, aunque tampoco tengo ni puñetera idea de lo que estoy haciendo.

🗨️ 1
bumper

:-D Básicamente es un firewall que rechaza los paquetes "RST", al puerto que le marquemos, y que debe ser el sistema que utiliza comcast en eeuu para controlar las conexiones p2p y hecharlas abajo. Pero capono no debe estar utilizando este sistema.