What's new

Blocking torrents on my network

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

MamaLing

Occasional Visitor
Hi everyone!

I'm looking for a solution to block torrenting on my network. I think the best solution would be to use a Pi-hole and add torrent tracker servers on the blocklist. However, I want to prevent other users on the network to avoid Pi-hole, if they manually set an other DNS server on their devices, blocking won't work. So what I think is to re-route most common public DNS server addresses to my local Pi-hole. How can I do that? I have an Asus RT-AC86U with the newest Asus-Merlin. Routing clients through VPN isn't working on my router, unfortunately. Could you suggest any other solution for my problem?
 
Last edited:
There are literally thousands of trackers available, and it's common to see torrents on 20+ these days so filtering is going to be very difficult. Port blocking is out as bittorrent can use any port, tcp or udp.
If they run it through a VPN it's gonna make life difficult.
I'm sure there will be a filter list somewhere for skynet but a quick search returns nothing updated more recently than 2yrs ago.
 
Another approach might be to set quotas on download volumes for certain clients, or limit download speeds. IIRC, there was a thread or two and perhaps a script that aimed to do that (might be a couple of years back).
 
I wouldn't mind if torrent traffic would go through VPN on the router, but that's not optional for me because VPN redirection isn't working on my router, perhaps because of a bug. I'm just concerned about torrenting for legal reasons, I don't want to get into trouble because of some user on my network.
 
I wouldn't mind if torrent traffic would go through VPN on the router, but that's not optional for me because VPN redirection isn't working on my router, perhaps because of a bug. I'm just concerned about torrenting for legal reasons, I don't want to get into trouble because of some user on my network.
Then use a VPN client on the PC that's doing the torrenting. Or fix the problem you had with VPN Director.
 
Last edited:
Frew older discussions (some very old):
And from one of those discussions is this very old link on updating iptables to block torrent traffic:
 
BitTorrent clients haven't used fixed UDP ports for over a decade. They use random ports on TCP and UDP.
The actual client uses specific ports depending on which client you're using. You could also target the tracker ports as they don't change. or get a layer 7 firewall and block by program type. Even iptables in Linux can block by program or traffic type.
 
The actual client uses specific ports depending on which client you're using. You could also target the tracker ports as they don't change. or get a layer 7 firewall and block by program type. Even iptables in Linux can block by program or traffic type.
That's old skool. Transmission can use any tcp/udp port , selected at random on start/restart. Can also use port 80 or 443 to get around blocks. Most other clients are the same.
Edit
Extract from my config file
Code:
    "peer-port": 54279,
    "peer-port-random-high": 65535,
    "peer-port-random-low": 49152,
    "peer-port-random-on-start": true,
You may be thinking of the UI port, which the default for transmission is 9091. But that can also be changed.
 
Last edited:
The actual client uses specific ports depending on which client you're using.
Not on any of the clients I've used in recent years. They use multiple techniques and multiple ports to avoid being blocked.

You could also target the tracker ports as they don't change. or get a layer 7 firewall and block by program type. Even iptables in Linux can block by program or traffic type.
A combination of blocking the trackers and DPI is probably the best you can do nowadays, and even that isn't foolproof.
 
Detecting torrent traffic can only be done through DPI. Ports are randomized. Remote trackers may very well listen on ports 53 or 443 to bypass firewalls/blocking.
 
The actual client uses specific ports depending on which client you're using.
An example. uTorrent has the option to randomize the port including when one starts the application.
utorrent.jpg

Other Torrenting clients (like qBittorrent) I've seen have similar options to randomize the port.
 
As others have said, can't really be done. The best you can do is put in bandwidth limiters to make torrenting painfully slow. Or you can put a captive portal up with legal disclaimers and jargon including traffic is monitors and logged and will be turned over upon request for illegal actions. Or something like that, which is how a lot of hotels and public wifi attempts to mitigate the risk

As for blocking dns outside pihole, it can be done fairly easily with higher end router software like pfsense which you can cofigure firewall rules to block lan queries to known DNS servers and which forces the client to use the DNS resolver that you setup, but not sure if Asus routers can handle that
 
Last edited:
It may not be a good idea but you can install merlin clash and run vless client config. The vless server (intel/amd) can be setup on your local network using this script:


All users connected to your ac86u cannot bypass this measure except using vpn.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top