Blocking uTorrent via router

[Tweety.Abd]

Hi!

I've been troubled a lot by my network users heavily downloading files via torrents, and I would like to know if there is a way to block torrents on the router level, or at least block the torrent client, utorrent to be specifc, from accessing the internet via router.

Thanks :)

[lazzser]

Google for: "L7 filters" or "netfilter". With a linux gateway or OpenWRT or DD-WRT in your router you can implement this type of filtering.

[LeetPirate]

The Layer7 blocking can be done thorough the Access Restrictions page on dd-wrt router. It does not always work if they use protocol obfuscation but you could probably use some firewall rule to block all ports except 80,443 and whatever else you use. Check these links and do some reading. Don't forget to disable upnp as well.

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=34521
http://www.dd-wrt.com/wiki/index.php/Port_Blocking
http://www.dd-wrt.com/wiki/index.php/Iptables

A more powerful way might be to use opendns and configure your account to block p2p traffic. Then you just have to implement some firewall rules to catch all dns queries in the router. This is to ensure that even if people on your network use alternative dns servers the router will catch all those dns requests and force them to the dns servers you set on the router which would be opendns. I have done this in the past and these are the firewall commands I used but I don't know if they have since changed with later versions of dd-wrt.

#Capture all DNS requests
iptables -t nat -A PREROUTING -p udp -i br0 --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -p tcp -i br0 --dport 53 -j DNAT --to $(nvram get lan_ipaddr)

[Tweety.Abd]

The Layer7 blocking can be done thorough the Access Restrictions page on dd-wrt router. It does not always work if they use protocol obfuscation but you could probably use some firewall rule to block all ports except 80,443 and whatever else you use. Check these links and do some reading. Don't forget to disable upnp as well.

http://www.dd-wrt.com/phpBB2/viewtopic.php?t=34521
http://www.dd-wrt.com/wiki/index.php/Port_Blocking
http://www.dd-wrt.com/wiki/index.php/Iptables

A more powerful way might be to use opendns and configure your account to block p2p traffic. Then you just have to implement some firewall rules to catch all dns queries in the router. This is to ensure that even if people on your network use alternative dns servers the router will catch all those dns requests and force them to the dns servers you set on the router which would be opendns. I have done this in the past and these are the firewall commands I used but I don't know if they have since changed with later versions of dd-wrt.

#Capture all DNS requests
iptables -t nat -A PREROUTING -p udp -i br0 --dport 53 -j DNAT --to $(nvram get lan_ipaddr)
iptables -t nat -A PREROUTING -p tcp -i br0 --dport 53 -j DNAT --to $(nvram get lan_ipaddr)

Many thanks for your reply. The problem is, I'm not using DD-WRT on my router, rather I'm using the router's default software. I'm not sure if my router is compatible with the DD-WRT because I cannot find my router on the list of routers supported by DD-WRT.

I tried many times using Open DNS, but it doesn't work, probably my ISP does not support 3rd party DNS. And with my dynamic IP, it makes it all more difficult to use it since it requires an OpenDNS client be installed on each computer.

[Adrean]

if you configure the dns settings in the router, then you only need to install the OpenDNS client in one computer.

However, it's better to use 3rd party firmware since they also autoupdate your ip to the dns server

[ck_kent]

If you still can't block uTorrent, maybe your router supports QOS. Some routers with QOS supports prioritizing traffic. You could make P2P traffic the least priority. Some QOS even supports limiting the bandwidth of just a specific ip/mac address.