PDA

View Full Version : Mac Sandvine Fix


U2Lynne
2008-01-08, 12:06 PM
I came across this link on another site and thought it would be helpful for those users stuck being sandvined (is this a verb?) by Comcast. I did not write it and I am not sandvined so I haven't even tried it. In other words, I cannot help with it.

Source: http://wakarimasu.googlepages.com/macosx

Warning: It is highly recommended that you do this at a local console.
Step 1
Open terminal
Step 2
Run the command:

sudo mkdir /Library/StartupItems/Firewall
Step 3
Save the following to the file /Library/StartupItems/Firewall/Firewall
#!/bin/sh
## Boot Script for firewall
#####################################
#
# Replace 55259 with your BitTorrent port and 55339 with your bittorrent port+100
#
#####################################

# Purge existing rules, this blanks any existing rules
/sbin/ipfw -f flush

########
# Basic Settings
########

# Allow everything on the localhost (127.0.0.1)
/sbin/ipfw -f add 00100 allow ip from any to any via lo0

# Now check for spoofing attacks via localhost, and deny them
/sbin/ipfw -f add 00110 deny from 127.0.0.0/8 to any in
/sbin/ipfw -f add 00120 deny from any to 127.0.0.0/8 in
/sbin/ipfw -f add 00130 deny from 224.0.0.0/3 to any in
/sbin/ipfw -f add 00140 deny from any to 224.0.0.0/3 in

# Setup stateful filtering
# allows any estabilshed outbound connections to recieve data on the same port
/sbin/ipfw -f add 25000 check-state
/sbin/ipfw -f add allow tcp from any to any established
/sbin/ipfw -f add allow tcp from any to any out setup keep-state
/sbin/ipfw -f add allow udp from any to any out keep-state
/sbin/ipfw -f add allow icmp from any to any out


# Block RST Packets on your BitTorrent Port
/sbin/ipfw -f add deny tcp from any to me 55259-55359 tcpflags rst

# Allow new incoming BitTorrent connections
/sbin/ipfw -f add pass tcp from any to any 55259
/sbin/ipfw -f add pass udp from any to any 55259Step 4
Append any of the following rules to the file.
Apple File Sharing # Allow AppleShare File Sharing
/sbin/ipfw -f add allow tcp from any to me 548 keep-state setup
/sbin/ipfw -f add allow tcp from any to me 427 keep-state setup Samba/Windows File Sharing # Allow Microsoft SMB file sharing
/sbin/ipfw -f add pass tcp from any to me 135-139
/sbin/ipfw -f add pass udp from any to me 135-139

# Allow direct-hosted SMB w/out NetBIOS
/sbin/ipfw -f add pass tcp from any to me 445
/sbin/ipfw -f add pass udp from any to me 445 iTunes sharing # iTunes library sharing
/sbin/ipfw -f add allow tcp from any to me 3689 setup
/sbin/ipfw -f add allow udp from any to me 3689 keep-state VNC # Allow VNC
/sbin/ipfw -f add pass tcp from any to me 5900More filters coming soon...
Step 5
Save the following in the file /Library/StartupItems/Firewall/StartupParameters.plist
{
Description = "Firewall";
Provides = ("Firewall");
Requires = ("Network");
OrderPreference = "None";
Messages =
{
start = "Starting NAT/Firewall";
stop = "Stopping NAT/Firewall";
};
}Step 6
Run the following commands:

sudo chown root /Library/StartupItems/Firewall/Firewall
sudo chmod 755 /Library/StartupItems/Firewall/Firewall
sudo chown root /Library/StartupItems/Firewall/StartupParameters.plist
sudo chmod 644 /Library/StartupItems/Firewall/StartupParameters.plist
Step 7
Close all open applications and reboot your computer.
Step 8
Configure your torrent client to use a static outgoing (source) port or an outgoing port range. This port range should start with your bittorrent port (e.g. 55259), and extend to your bittorrent port+100. (e.g. 55359)

Troubleshooting: If you cannot connect to the internet after doing this fix, open terminal and run the following commands:

sudo rm /Library/StartupItems/Firewall/StartupParameters.plist
sudo rm /Library/StartupItems/Firewall/Firewall

Then reboot and please let me know.

lgerard
2008-01-08, 12:31 PM
there is also this for windows users...but I haven't tried it

http://redhatcat.blogspot.com/2007/09/beating-sandvine-on-windows-with-wipfw.html

cleantone
2008-03-01, 06:45 PM
has anyone tried this?