recommended routers that would block torrents

R

remixedcat

Weaksauce
Joined
Jun 5, 2011
Messages
70
what is a router under 300 bucks that I can get that would block torrent traffic?

Can I also just do it with pfsense or any of those?

Please let me know.
 
Blocking Torrents is much more difficult than you may realize, or much easier than I realize and someone already has a solution. But what we've done for our customers who have public wireless systems or employees with torrent problems, we lock down outbound ports and use OpenDNS. In OpenDNS you can block the P2P/Torrent category to stop new traffic and file downloads. In the firewall only allow some outbound ports and monitor your traffic logs to find other ports that may be needed. So for example, at a coffee shop, we allow out ports 80 (http), 443 (https), 22 (ssh), 143 (imap), 25 (smtp), 110 (pop3), and 53 (dns). Then we monitor traffic for a week or so and find what other ports are commonly attempted to be used, such as Apple iTunes ports. Now the random over 10000 ports that BitTorrent commonly uses doesn't connect.

But the smart torrenter knows you can just change the port in their client to use port 80 and they're back out. The dumb torrenter is foiled.

You could do this easily on a $99 Ubiquiti EdgeRouter Lite.

Now if you have to guarantee Torrenting is blocked, you would need something that can do Deep Packet Inspection, which probably means an expensive appliance from one of the big buys like Fortinet or Watchguard.
 
To summarize the problem, to block the ports when most can randomize from ports 50k to 65k is a recipe for issues. On top of that you can have encrypted traffic which prevents any packet level inspection. The best solution I've seen is stopping the clients from connecting to begin with, at the trackers. The link here describes how to do that using dd-wrt a common aftermarket firmware. This is why I asked what hardware you already have.
 
Untangle would be one, if you're using this at home Sophos UTM is a good product as well. If it's a commercial environment, you'll have to buy a unit from Sophos, or license the software to run on a PC. It works pretty well by my experience.
 
Untangle etc is not really the answer, you need to combine a bunch of "tools".

By default block all ports outbound
Only allow bare minmum outbound ports, if possible use proxies (HTTP etc) to filter torrent files and sites

That's a start...

//Danne
 
Sonicwall TZ105 makes it easy. Place a check mark in a box to block torrents and you're done. Note there is an annual renewal cost for security services.

CGSS (comprehensive gateway security suite) includes all of it. Content filtering, IPS, Anti spyware, Gateway AV, application control and tech support.

The wireless unit costs a bit more than the wired unit. Supports up to 20Mb internet connection. It will require a higher end unit to support faster connections.

http://www.amazon.com/Sonicwall-TZ-105-Wireless-N/dp/B00A6B4O7S
 
Last edited:
As an Amazon Associate, HardForum may earn from qualifying purchases.
diizzy said:
Untangle etc is not really the answer, you need to combine a bunch of "tools".

By default block all ports outbound
Only allow bare minmum outbound ports, if possible use proxies (HTTP etc) to filter torrent files and sites

That's a start...

//Danne
Click to expand...

The UTMs combine a bunch of tools to do exactly that. Sophos and Untangle both use IPS, HTTP proxy to block sites, and some application detection. Sophos is a lot more polished than Untangle, and I've even read on their forum the Untangle IPS doesn't work well without substantial tuning and modification.

Sophos uses IPS, content filtering and application detection in an HTTP proxy to filter network content. Sophos also uses their own AV on the gateway, instead of Untangle's use of ClamAV. They let you install their AV on 10 end points, integration with their wireless systems, reverse proxy, VPN, etc. It has a pretty exhaustive country-blocking capabilities (need to be careful with this), email proxy (this is a really neat feature), etc. You can even do pretty seamless HTTPS inspection. The previous method would have the Sophos device generate a certificate, and install it on the end points. However, this only works in a closed system. The new version has a method to filter HTTPS without breaking encryption--which isn't as secure as going with the certificates, but would work in a more open environment such as providing guest wifi.

They are worth a look, as the features are pretty impressive. I ran Untangle for something like 7 years, and I don't think it ever detected anything. I ran Sophos for a few months, and it detected a few (viruses, even). I was quite impressed. It even sent out very nice emails once a day with an executive report of network activity. Untangle sends out PDF's, but it's nice to have just a short one-pager in your email box you don't have to open a PDF or anything.

Other than Sonicwall, Juniper & Fortinet get pretty good reviews in the UTM category. I'd take a good look at Fortinet if I were buying for a business, and compare with Sophos.
 
Can untangle detect torrents even when the client uses encryption? I figured at that point, it would be dependent on IP reputation.
 
@ iroc409

I know what it is, just saying that it's not just one thing you need to do to perform the task...
//Danne
 
diizzy said:
@ iroc409

I know what it is, just saying that it's not just one thing you need to do to perform the task...
//Danne
Click to expand...

Hmm... I figured you did, but I guess I don't see why you say they wouldn't be fit for purpose. I know there's a plausible argument against using a single device, but for small installations it's much easier than having all of this in separate devices. Or are you referring to a specific feature they are lacking to do the job?
 
I was just doing a following up on firedrow's suggestion(s) which would be the "technical" correct one ;)
Tools != multiple devices
That said, I have no idea how well Squid or any other web proxy performs on the ERL.
//Danne
 
Easiest way is to block all outgoing ports except for what is needed like 80, 443 etc. There may be some torrent servers listening on those ports but they'll be far and few between and it should at very least highly reduce the ability to use torrents.

There may be solutions that will actually do packet inspection and look for the type of traffic but I would imagine you need a pretty beefy box for that since it would need to actually read every single packet and analyze it, instead of just passing or blocking it based on layer 3 info. Dual cpu, etc.
 
diizzy said:
I was just doing a following up on firedrow's suggestion(s) which would be the "technical" correct one ;)
Tools != multiple devices
That said, I have no idea how well Squid or any other web proxy performs on the ERL.
//Danne
Click to expand...

Ah, right, makes sense. :D

There have been some people working with content filtering on the ERL with the stock OS, but most of it involves a lot of custom scripting and mostly block lists--which probably wouldn't help the OP much. The firewall rules do (did?) have a check box to "block P2P", but I don't really know how effective it would be.

The ERL does have some sort of "webproxy" that can be enabled through the CLI, and it *might* even be based on Squid: here (no idea on performance, and also wouldn't probably help much against torrents).
 
Thanks everyone :) I'm looking into all these options.

Currently just have an amped rta15, however I did order a meraki z1 and I am giving that a shot. I'll let you know how it goes.

If it doesn't do good I may look into the other options.

I saw that there's a watchguard firebox on newegg for about 200 that looks pretty interesting. I have submitted an evaluation request to see if I can test it before I buy it.
 
Last edited:
Squid (or any other fitering proxy) would help as you would be able to block .torrent files using transparent filtering...
//Danne
 
diizzy said:
Squid (or any other fitering proxy) would help as you would be able to block .torrent files using transparent filtering...
//Danne
Click to expand...

which does almost nothing for blocking torrenting activity given there's tons of sites that don't use .torrent files anymore, just magnet links.
 
http://www.badips.com is a new haven for hackers worldwide. Their is also an easy to use API. Not a direct answer but definately worth a check. If you have linux machine you can sync the firewall setting to read from the site realtively easily.

A nice built in solution if you consider the web built in :p
 
diizzy said:
Untangle etc is not really the answer, you need to combine a bunch of "tools".

By default block all ports outbound
Only allow bare minmum outbound ports, if possible use proxies (HTTP etc) to filter torrent files and sites

That's a start...

//Danne
Click to expand...

It is %100 the answer, i do it at work, if you get the Application control module, not sure if that is free or paid.

Untangle blocks the actual application running by reading the application header / prochain info.
 
Anyone recommend a low wattage option? Electric bill has to be kept low due to the higher summer bills :( The untangle boxes on their site are hella expensive (700+!)
 
Depending on your size requirements, a 1037u Celeron might work. The Gigabyte one has dual Realtek NICs on board for something like $70, and I think the CPU is rated with a TDP of 17W. I ran Untangle on a Celeron E3300 for a while, and they bench almost identical, and it ran fine.

The new J1900 might be worth a link, but it would probably be underpowered. The C-series 4/8 core Atoms might also work, but they are spendy. Any basic, modern CPU will use pretty low power. If you watch for sales, you can get a Dell T20 with a G3220 cheap (they start at $300).
 
@ remixedcat

It all depends on on your knowledge and "official" support. The EdgeRouter Lite running FreeBSD can most likely (I haven't tried Squid on it myself) do it but with limited performance. It would be more interesting to use a Wandboard/CuBox/Hummingboard which most likely would do this task fine (just use VLANs and a VLAN capable switch if you need two ports).
//Danne
 
diizzy said:
http://forums.freenas.org/index.php?threads/dell-poweredge-t20.18989/ ~90W
//Danne
Click to expand...

Not likely for a firewall, that was start-up wattage with 4 hard Red's in it. Most modern Intel desktops don't use that much power. From the same thread:

Power usage running 9.2.1.2(from a kill-a-watt):
Base system as delivered: 22w
Base + 8GB module (12GB total) and 2x 4TB Seagate: 35w
Running 1 stream from Plex plugin (no transcoding): 44W
Click to expand...

T20 is now loaded with four 4TB RED. Almost doubled the weight, at least it felt so.
It draws about 90W on spinup.
Between 0 and 1W in standby (with tone)
More data when I load FreeNAS after testing.
Click to expand...

Mine at idle doesn't use much power. It's only powered on during testing at the moment, but with it at idle and my file server running with 3 hdd's, my UPS says 35-40w combined load. That should include my switch, firewall, etc.

I would assume it's actually using a little more power than that, but there's a huge difference in the room between these two systems and my previous two systems, which the UPS reported at 130W. It's hard to really calculate power though, as it has been said the kill-a-watt power readings are suspect with computers, and I would question the readings on my UPS somewhat as well.

The EdgeRouter documentation says it uses a max of 7W, and I actually kind of doubt it normally uses that much power. I think you'd have to go to a J1800/1900 to get close in a "computer".

I think I saw in the paper this weekend that Dell actually sells a J1800-based desktop now, but you can build your own for cheaper.
 
Last edited:
diizzy said:
22w sounds very low and inaccurate....

http://docs.ts.fujitsu.com/dl.aspx?id=0da3863b-29c3-49ed-80f5-aa29332d01d1 - ..and they're know to be very energy efficient
//Danne
Click to expand...

That's a good document, as it's hard sometimes to find real power specs on computer systems--but I don't think it's far off the mark. It is talking about quad-core systems, which the G3220 is a dual core. Although, at idle, there's probably little difference between the two, the G3220 probably uses slightly less power under load (but less horsepower available, so not necessarily more efficient).

Anyway, the document you linked indicates a maximum power usage of about 70W, for both systems listed. Idle mode for both systems is about 20W. "Mode 2" (whatever that is) states 23-28W idle.

It also shows standby of 0-1W, which is consistent with what I quoted from the Kill-A-Watt in the other thread.

So, I'd expect it to run in the 20-30W range, but I'm making the assumption that the system will largely run at or close to idle. If the system is consistently loaded heavily, then I'd question whether you'd even be able to use a smaller system for the application. 3-4x the power usage of an ERL even at max loading (and the cost), but you still have limits on the ERL that may not make it applicable.
 
Not too bad usage.I think I found an option thanks to you guys :)

I'll look into that if my current solution fails.
 
You must log in or register to reply here.
Back
Top