View Single Post
  #1  
Old 2008-01-08, 11:06 AM
U2Lynne's Avatar
U2Lynne U2Lynne is offline
TTD Staff
 
Join Date: Oct 2004
Location: California
Mac Sandvine Fix

I came across this link on another site and thought it would be helpful for those users stuck being sandvined (is this a verb?) by Comcast. I did not write it and I am not sandvined so I haven't even tried it. In other words, I cannot help with it.

Source: http://wakarimasu.googlepages.com/macosx

Quote:
Warning: It is highly recommended that you do this at a local console.
Step 1
Open terminal
Step 2
Run the command:

sudo mkdir /Library/StartupItems/Firewall
Step 3
Save the following to the file /Library/StartupItems/Firewall/Firewall
Code:
#!/bin/sh
## Boot Script for firewall
#####################################
#
# Replace 55259 with your BitTorrent port and 55339 with your bittorrent port+100
#
#####################################

# Purge existing rules, this blanks any existing rules
/sbin/ipfw -f flush

########
# Basic Settings
########

# Allow everything on the localhost (127.0.0.1)
/sbin/ipfw -f add 00100 allow ip from any to any via lo0

# Now check for spoofing attacks via localhost, and deny them
/sbin/ipfw -f add 00110 deny from 127.0.0.0/8 to any in
/sbin/ipfw -f add 00120 deny from any to 127.0.0.0/8 in
/sbin/ipfw -f add 00130 deny from 224.0.0.0/3 to any in
/sbin/ipfw -f add 00140 deny from any to 224.0.0.0/3 in

# Setup stateful filtering
# allows any estabilshed outbound connections to recieve data on the same port
/sbin/ipfw -f add 25000 check-state
/sbin/ipfw -f add allow tcp from any to any established
/sbin/ipfw -f add allow tcp from any to any out setup keep-state
/sbin/ipfw -f add allow udp from any to any out keep-state
/sbin/ipfw -f add allow icmp from any to any out


# Block RST Packets on your BitTorrent Port
/sbin/ipfw -f add deny tcp from any to me 55259-55359 tcpflags rst

# Allow new incoming BitTorrent connections
/sbin/ipfw -f add pass tcp from any to any 55259
/sbin/ipfw -f add pass udp from any to any 55259
Step 4
Append any of the following rules to the file.
Apple File Sharing
Code:
# Allow AppleShare File Sharing
/sbin/ipfw -f add allow tcp from any to me 548 keep-state setup
/sbin/ipfw -f add allow tcp from any to me 427 keep-state setup
Samba/Windows File Sharing
Code:
# Allow Microsoft SMB file sharing
/sbin/ipfw -f add pass tcp from any to me 135-139
/sbin/ipfw -f add pass udp from any to me 135-139

# Allow direct-hosted SMB w/out NetBIOS
/sbin/ipfw -f add pass tcp from any to me 445
/sbin/ipfw -f add pass udp from any to me 445
iTunes sharing
Code:
# iTunes library sharing
/sbin/ipfw -f add allow tcp from any to me 3689 setup
/sbin/ipfw -f add allow udp from any to me 3689 keep-state
VNC
Code:
# Allow VNC
/sbin/ipfw -f add pass tcp from any to me 5900
More filters coming soon...
Step 5
Save the following in the file /Library/StartupItems/Firewall/StartupParameters.plist
Code:
{
Description = "Firewall";
Provides = ("Firewall");
Requires = ("Network");
OrderPreference = "None";
Messages =
 {
 start = "Starting NAT/Firewall";
 stop = "Stopping NAT/Firewall";
 };
}
Step 6
Run the following commands:

sudo chown root /Library/StartupItems/Firewall/Firewall
sudo chmod 755 /Library/StartupItems/Firewall/Firewall
sudo chown root /Library/StartupItems/Firewall/StartupParameters.plist
sudo chmod 644 /Library/StartupItems/Firewall/StartupParameters.plist
Step 7
Close all open applications and reboot your computer.
Step 8
Configure your torrent client to use a static outgoing (source) port or an outgoing port range. This port range should start with your bittorrent port (e.g. 55259), and extend to your bittorrent port+100. (e.g. 55359)

Troubleshooting: If you cannot connect to the internet after doing this fix, open terminal and run the following commands:

sudo rm /Library/StartupItems/Firewall/StartupParameters.plist
sudo rm /Library/StartupItems/Firewall/Firewall

Then reboot and please let me know.
__________________
Five's Checksums Demystified - everything and anything you want to know about checksums
On a Mac? Get XLD to rip your CDs. Please see this guide - X Lossless Decoder (XLD): How to create flawless CD rips on Mac OS X


Reply With Quote Reply with Nested Quotes