HA! I’ve done what I’ve seen so many people say CAN’T be done. I’ve effectively used the BEFSX41 Linksys Broadband Firewall Router to block Torrents and now you can too. First thing I should mention though is that this is personal and has nothing to do with CertGuard. It took me a while to figure it out, but after months of battling relatives who show no regard to “Intellectual Property Rights”, I can say that it is possible if you follow these steps.
There are two major sections to this post; the first is “OUTGOING” and the second “INCOMING”. The reason for this is because you’re going to want to block traffic in both directions, but you cannot block both directions using the same methods.
OUTGOING
First, log into your BEFSX41 Firewall Router. I’m assuming you’ve done this before and that you’re familiar with the Linksys GUI.
Second, verify that you have the most updated version of the Firmware. At the time of this writing, Version 1.52.15 is the most current firmware available, so it should work on anything newer than that version.
Now that your firmware is updated, click on the “Restrict Access” tab at the top of the page. We’ll be methodically making changes from top to bottom to make this easier.
In the box next to “Enter Policy Name: ” give your policy a name. I named my policy “Upper Ports” because I’m blocking all incoming ports in the upper port range.
Next, click on the “Edit List” button next to “PCs: ” (directly below your newly named policy). This will open a new window titled “List of PCs”. In that window, click the checkbox next to “All MAC Addresses and IP Addresses”. Then click “Apply”, then “Close”.
Below that, there are two option buttons appropriately labeled “Deny” and “Allow”. Make sure that the “Allow” option is chosen. Otherwise, you will have effectively disabled internet access to all the computers in your network.
Below that are the “Days” of the week and Times. I just chose “Everday” and “24 Hours” because I can’t stand the thought of having illegal materials on my network. But that shoice is up to you.
Here’s the part you need to pay close attention to. See the label on the left that states “Blocked Services”? To the right of that are two dropdowns and 4 text boxes. Ignore those for now, but remember they’re there. Below the previously mentioned boxes, is a button labeled “Add/Edit Service”…Click that and you will see a new window pop up titled “Port Services”. In that window is a series of other text boxes, dropdowns, and a list box with default services listed. Below “Service Name”, enter in an appropriate name for your service. I called mine “UPPER” but the name is irrelevant to what you’re trying to accomplish, just remember what you name it. Next, select “TCP & UDP” in the “Protocol” dropdown and finally, enter the range of ports you want to block. I chose 4000 to 65000 as a general set of ports figuring that I can modify as needed later. Now, just click the “Add” button. You should now see the Service you just added in the list box on the right. Click “Apply”, then “Close”.
Now, you’re back at the main window (hopefully still on the “Restrict Access” tab). Remember those boxes next to the “Blocked Services” label? Click on the first one and select the Service you created in the previous window. It should have automatically populated both boxes next to it with the port ranges you (also) entered in the previous window.
That’s it for this page! Although you can enhance blocking with the boxes below that, it’s not necessary for this task. So, scroll to the bottom and click on “Save Settings”. Hopefully you still have internet access. If not, then you’re currently reading this as a cached page. To undo what you just did, all you need to do is scroll up and click on “Edit List”, then uncheck the “All MAC Addresses…” box and save your settings again.
If you’ve still got internet access, then congratulations!! You’ve effectively blocked all outgoing ports based on the criteria you created. Now, let’s kick it up a notch and block the nasty pests that keep knocking at your door looking for that PC with the Torrent software.
INCOMING
First thing you’re going to need to do is monitor your logs for excessive activity to a number of specific ports. On my network, I nailed down a couple of specific ports (including, but not limited to: 22788, 14199, 11623, and 54959) that all the incoming traffic was hitting, but you may just want to block all UPPER ports like we did previously; just to be on the safe side. So, let’s get to it.
First, click on the “Applications & Gaming” Tab. The first sub-tab you should see is titled “Port Range Forwarding”. There may, or may not be, any default Applications listed, so just go to the first blank row and start entering the following data:
- Application: UPPER
- Start: 4000 (or whatever port you decide to start at)
- End: 65000 (or whatever port you decide to end at)
- TCP UDP: Both
- IP Address: 192.168.1.### (Where ### = an IP Address that does NOT exist on your network) Yes, you’re going to send these punks to a fake IP within your network so that they can’t find what they’re looking for.
- Enabled: TRUE / Checked
Now, save your settings and move to the next sub-tab “Port Triggering” and enter the following data:
- Application: UPPER
- Triggered Range
- Start Port: 4000 (or whatever port you decide to start at)
- End Port: 65000 (or whatever port you decide to end at)
- Forwarded Range
- Start Port: 0
- End Port: 0
Save your settings and move on to the next sub-tab “UPnP Forwarding”. Now, I’ve been told that if you want to prevent applications from finding other ports to use, you disable “UPnP Forwarding”. Unfortunately, the only apparent way to do that here is to just make sure all the “Enabled” boxes on the right are UN-Checked. So, do that and Save your settings.
That should have done the trick. If not, let me know and I’ll check to see if I missed something or skipped a step (sorry, doing this from memory after fighting with it over and over again for the past few weeks).
Copyright 2006-2009