GUIDE: Using Linux to Beat Comcast’s BitTorrent Throttling

For those savvy enough to have switched over to Linux, this step-by-step guide will prove once again that Linux really does offer users almost complete control over their OS.

It’s no secret that Comcast and other ISPs are actively throttling BitTorrent, but how to circumvent the practice is always subject to debate.

Some find protocol header encryption fairly successful, others use TOR or an SSH or a VPN Tunnel to disguise their traffic. Using TOR for file-sharing is discouraged by many who think it should only be used for academic or freedom of speech concerns and not to download a copy of “The Love Guru.” But, as is usual, Linux users have OS control options that just aren’t available to Windows and MAC users.

For Linux users can apparently block the fake reset packets most commonly employed to throttle BitTorrent by employing a simple rule found in the Linux iptables.

From TuxTraining:

If you are using a Red Hat Linux derivative, such as Fedora Core or CentOS, then you will want to edit /etc/sysconfig/iptables. First, make a backup of this file. Next, open this file in your favorite text editor. Replace the current contents with this, substituting 6883 with your BitTorrent port number:

(Note: the values state, reject, dport and tcp-flags begin with a double dash )

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
#Comcast BitTorrent seeding block workaround
-A INPUT -p tcp —dport 6883 —tcp-flags RST RST -j DROP
-A INPUT -m state —state ESTABLISHED,RELATED -j ACCEPT
#BitTorrent
-A INPUT -m state —state NEW -m tcp -p tcp —dport 6883 -j ACCEPT
-A INPUT -m state —state NEW -m udp -p udp —dport 6883 -j ACCEPT
-A INPUT -j REJECT —reject-with icmp-host-prohibited
COMMIT

Reload your iptables firewall with service iptables restart. You should now see a great improvement in your seeding.

If you are using Ubuntu or another non-Red Hat Linux derivative, then place the following in a file and execute that file as root.

#!/bin/sh
#Replace 6883 with you BT port
BT_PORT=6883
#Flush the filters
iptables -F
#Apply new filters
iptables -A INPUT -i lo -j ACCEPT
#Comcast BitTorrent seeding block workaround
iptables -A INPUT -p tcp –dport $BT_PORT –tcp-flags RST RST -j DROP
iptables -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
#BitTorrent
iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport $BT_PORT -j ACCEPT
iptables -A INPUT -m state –state NEW -m udp -p udp –dport $BT_PORT -j ACCEPT
iptables -A INPUT -j REJECT –reject-with icmp-host-prohibited

If you are using Gentoo or another distro, it is important that your iptables rules includes this line, feel free to change the port number (or make it a range of ports).

-A INPUT -p tcp —dport 6883 —tcp-flags RST RST -j DROP

Your firewall is now configured and you should have great upload speed now. You will have to run this script every boot, by the way. One easy way is to call the script at the end of /etc/rc.local.

Let me know if you find it successful.

([email protected])