Getting Around Apt. Firewall
November 1, 2006 3:24 PM
How to get around building-wide firewall?
I pay $20/month for access to my building's T3 line...however, I think there's some sort of firewall or restrictions going on, as the speeds are generally slower than when I used timewarner cable's internet access. This could be due to high peek usage, or some sort of bandwidth restriction placed on apartment internet access. Is there a way to test this (Azureus, a bittorrent client, says that a firewall is present)? And more importantly, is there a way around this? I'm on a Macbook Pro, no wireless, plugged via ethernet cable.
I pay $20/month for access to my building's T3 line...however, I think there's some sort of firewall or restrictions going on, as the speeds are generally slower than when I used timewarner cable's internet access. This could be due to high peek usage, or some sort of bandwidth restriction placed on apartment internet access. Is there a way to test this (Azureus, a bittorrent client, says that a firewall is present)? And more importantly, is there a way around this? I'm on a Macbook Pro, no wireless, plugged via ethernet cable.
BTW I was referring to general slowness as in all internet browsing.
If the slowness is in Bittorrent, then yes, the firewall is causing that. Nothing you can do.
posted by mphuie at 3:40 PM on November 1, 2006
If the slowness is in Bittorrent, then yes, the firewall is causing that. Nothing you can do.
posted by mphuie at 3:40 PM on November 1, 2006
A T3 is 45 mbps shared for the whole building. It could be there are too many units, or that someone else is using up too much bandwidth.
posted by smackfu at 4:04 PM on November 1, 2006
posted by smackfu at 4:04 PM on November 1, 2006
The mere fact the you have a share of a T3 grade connection doesn't mean that servers on the internet do, or that they aren't throttling connections on their end. Most Web servers running Apache intentionally throttle connections so that no one client on a fast connection can load the server to the exclusion of other users. And well managed servers will do other things to shed load during peak times, such as dynamically disable pre-fetching.
Some firewalls are set to throttle traffic by IP address, and if you are a torrent user, you can get selectively killed behind one of these firewalls, even if your torrent client is well behaved [popular torrents generate huge bandwidth spikes that can go on for hours]. You can try binding 2 IP addresses statically, and assigning one of them for torrent use, and one for Web and other interactive clients to overcome this, but how successful you will be doing this will depend on whether the network to which you connect will allow multiple IP addresses on the same MAC address.
posted by paulsc at 4:12 PM on November 1, 2006
Some firewalls are set to throttle traffic by IP address, and if you are a torrent user, you can get selectively killed behind one of these firewalls, even if your torrent client is well behaved [popular torrents generate huge bandwidth spikes that can go on for hours]. You can try binding 2 IP addresses statically, and assigning one of them for torrent use, and one for Web and other interactive clients to overcome this, but how successful you will be doing this will depend on whether the network to which you connect will allow multiple IP addresses on the same MAC address.
posted by paulsc at 4:12 PM on November 1, 2006
Torrent clients use a specified port for file transfers. In order for this port to be assigned to your IP address, it must be forwarded through the firewall. Presumably, this is not the case for you if you are on an internal network (i.e. an IP address starting with 192.168.x.x, 172.16-32.x.x, or 10.x.x.x)
That is why Azureus would report that a firewall is present, because it sees that port as closed.
This will restrict you from maintaining multiple connections (the way torrents work) and produce significantly reduced download speeds.
Internet browsing is burst traffic, and you shouldn't experience much slowdown when viewing webpages, assuming the website has decent hosting bandwidth.
A DS3 connection (your 45Mbps T3) is substantial enough to carry thousands of users via burst traffic (i.e. web browsing) so you should be well connected.
However, torrent downloads are not burst traffic, and are probably frowned upon by your institution. I'm sure they are concerned about how it affects the other users in your building and may even be taking measure against it beyond simply a firewall that doesn't let the port through to you.
posted by doomtop at 5:00 PM on November 1, 2006
That is why Azureus would report that a firewall is present, because it sees that port as closed.
This will restrict you from maintaining multiple connections (the way torrents work) and produce significantly reduced download speeds.
Internet browsing is burst traffic, and you shouldn't experience much slowdown when viewing webpages, assuming the website has decent hosting bandwidth.
A DS3 connection (your 45Mbps T3) is substantial enough to carry thousands of users via burst traffic (i.e. web browsing) so you should be well connected.
However, torrent downloads are not burst traffic, and are probably frowned upon by your institution. I'm sure they are concerned about how it affects the other users in your building and may even be taking measure against it beyond simply a firewall that doesn't let the port through to you.
posted by doomtop at 5:00 PM on November 1, 2006
If they're doing packet-filtering they can specifically target BitTorrent traffic. I recommend using encryption (Azureus supports this).
posted by onalark at 5:04 PM on November 1, 2006
posted by onalark at 5:04 PM on November 1, 2006
Whatever you do, don't use Tor to handle your Torrent traffic. Please.
posted by bshort at 8:46 PM on November 1, 2006
posted by bshort at 8:46 PM on November 1, 2006
« Older Help with online poker addiction | Help me not be so stressed out about grad school. Newer »
This thread is closed to new comments.
If they are in fact restricting bandwidth, theres probably not a way around it. You can try blindly manually assigning your IP and seeing if that does anything.
posted by mphuie at 3:38 PM on November 1, 2006