Discussion in 'other firewalls' started by Avec, Dec 19, 2005.
Hi, I was wondering what would be a good firewall for using bitorrent?
Are you behind a router? You need the lightest running firewall, preferably inbond only if you intend to do heavy torrenting with over 500 tcp connections open.
Just forget ZoneAlarm and its deivates. Other than this one should work just fine.
Sygate 5.5.2710 or Kerio 2.They both allow max speeds and don't crash.
Does using P2P require any sort of protection other than exercising care with the files you download?
I have used ZoneAlarm and Sygate but never for file sharing! McAfee and Norton seem ok as far as I can tell, i have also used older versions of Anti-Hacker not very good in my limited experience, A
Peer Guardian with Anti P2P filter would give you a level of protection from the prying eyes of MPAA and RIAA to an extent, also keep other nasty IP's out.
Why not ZA for P2P?
It crashes with the amount of TCP connections needed for P2P. Or at least it consume too much memory and/or interferes with data transmissions that will either lose the connection or lock up the system.
Most of the problems have been fixed especially in version 6.1. I'll quote the related fixes
# Fixed - High vsmon CPU usage
# Fixed - System stability issues
# Fixed - Various other bug fixes
P2P is bane of all firewalls and routers, only good light inbound ones like CHX can survive 500+ connections without breaking sweat, or you have to get a Linux box with firewall. For hardware routers, only the top of the line D-Link Game Fuel series or Zyxel 500 with ability to handle 16000 connections can do justice to P2P and online gaming.
For hardware, you may also check Trendnet TEW-611BRP, cheaper than D-Link and Zyxel. It has the same Atheros Wifi chip, but not the same routing (wired) hardware. Nevertheless, it announces support of 4000 parallel NAT sessions, which should be sufficient for P2P.
ZoneAlarm + PG
A router works best. If you don't have one, CHX-1 does a nice job as it will not bog down with hundreds of connections.
is LnS good for p2p? cuz thats what i have now
Not really. eMule is still pain in the ZA's ass...
If you have no problems with P2P and it its fine . I found it ok aslong as SPI wasn't enabled.
I agree.It still fails the UDP test.But at least now it is usable.But you do lose some speed.
If you still have high usage, you should contact ZL's tech support so that they see where the problem lies for computers with your type of setup. Many people complained on the ZA forums about high usage when using P2P programs for version 5.5 but I haven't seen any since version 6.0 and 6.1 was released.
I agree that ZA still blocks some UDP connections but I know its not all because DHT for my BT programs still works fine meaning that not not all UDP connections are blocked. I am not sure if ZL is aware of the issue but you can certainly help report it to them.
For my router, I have an old box running a *BSD firewall that will handle up to 10000 connections only because it's just a 400 mhz cpu. (I understand a 1Ghz cpu would allow it to handle around 25000 connections) The most I've had it at is 6000+ connections.
LNS works very well as long as SPI is turned off. It can also be used to return your incoming ports back to stealth automatically when you close your P2P apps. If you use a router, you have to have port forwarding enabled to get good speeds and these are considered security risks. However, your only real security risk would be any flaws your P2P apps might have.
I have been able to max out my speeds for days nonstop using this. So far, I haven't had any nasties from heavy P2P with this combo. (Knock on wood!)
I use Freesco on an old Pentium box. It can be run from a floppy and it is capable of 16,000+ connections. I've been up to the 7000 - 8000 range running a couple of servers, and it works very well for me.
I use Tiny and I'v e tried loads of FW's before Tiny. Tiny is the only one where I don't have to change ports or whatever. It just uses the port that i put in my program. Found that great!
Could you explain why you think this?
I'm using Zone Alarm free (latest) and it works perfectly well with Bitornado.
eMule isn't bittorrent