# Blocking P2P on a public Wifi,



## Hellfire8 (Feb 27, 2010)

Hi guys,

I'll cut right too it, I've been tasked by work into looking into blocking P2P traffic on our public wifi network as it has been abused and the company I work for are obviously left liable,

The 2 choices I've come up with are..

1 - Port blocking, block all the ports not used except commonly used, however this is very easy to work around.
2 - Linux Firewall, Linux QoS/Net filter with a L7 Application Layer Packet Classifier to classify the P2P/Torrent packets and block them, however the problem is this it requires knowlege in Linux etc etc, Now I have some knowlege, I use Ubuntu at home and know it, but not indeph,

My 3rd, and this is where I need help, I was looking at running the connection Ad-Hoc, similar to a linux firewall but on windows,

Basicially I wanted to run a Wired Router to the internet into a dedicated windows machine and connect the windows machine to a wireless router to broadcast the internet and thus Ad hoc the network through the machine.

I am looking for a peice of software which we can use on the Ad Hoc machine which can comfortably monitor and notice P2P or Torrent traffic and block (it neets to work in a similar way as the L7 Application Layer Packet Classifier, most of those I can find classify the source of the packet by the port number.

I hope this makes help and cheers.


----------



## Hellfire8 (Feb 27, 2010)

I just had a thought and was wondering if this would work, say you operated a wifi network ad hoc through a machine,

so you had

Wired router providing internet to host Pc, host PC broadcasting wifi on a seperate router, if you had a simple software firewall on the host pc (the pc used for ad hoc) and blocked P2P apps would this still block P2P traffic/apps from the ad hoc connections? or would the ad hoc connections bypass the firewall on the host pc?

I hope this makes sense.


----------



## SirGeeO (Feb 14, 2010)

2 suggestions - Endian Firewall or Astaro Security Gateway 

I've used both, and these are both made to accomplish what you are inquiring about.
By the way, ASG gives you a license for a few years free, this gives you right to all of the bundled software. (Untangle Server isn't bad in this area either).

The host PC needs at least 2 NIC's, and maybe even 3. The 3rd would be specifically used for PC's that need to access information that IS being blocked by the firewall. - relatively speaking, it would be something like the DMZ. The wifi (2nd nic) would provide connections to the network you specify be behind this firewall for P2P protection. The 1st NIC would connect to WAN (or modem if present). Remember though, as I've had this problem, all the LAN's should be different in the 3rd octet. 
Ex: 
1st NIC - 192.168.1.x (x represent any number 1-254)
2nd NIC - 192.168.8.x 
3rd NIC - 192.168.254.x
As long as they are all on the same subnet (255.255.255.0 or different maybe in your case). This is a problem I had, and it almost hindered me from completely the fun project. 

This link should give you a broader perspective

http://www.ipcop.org/1.4.0/en/install/html/decide-configuration.html


----------



## bubblechaser33 (Mar 17, 2010)

a pfsense box with traffic shaping, ill assume the second option is just that.
http://doc.pfsense.org/index.php/Traffic_Shaping_Guide
pfsense web interface makes it really easy to setup and run a firewall


----------



## lsjames (Nov 20, 2009)

Please read this a article http://forum.lanctrl.com/viewtopic.php?f=10&t=386
It realy works.


----------

