Port forwarding not needed with cable modem? Router recommendation?

[NeoIsis]

Hi, I'd like to first thank folks for all their work on this. I am new at this whole thing.

I have a PC running Windows XP SP2

Comcast Cable Internet

cable modem but no router

McAffee firewall & Windows firewall.

1. I just want to confirm what I read on the portforward.com site that i do NOT need to forward ports or have a static IP do it if I have no router, only a cable modem.

I have Comcast cable internet. I used to have a modem that had some router functions but when I was having trouble with my connection they replaced the router with a Motorola Surfboard which I understand is (at least USUALLY) just a plain cable modem ( apparently it can be remotely programmed by the ISP to make private IP addresses, but my IP address is not within the range listed for that problem) http://forum.portforward.com/YaBB.cgi?board=Knowledge;action=display;num=1139203595

2. I am thinking I should maybe have a router for security reasons and because I would like to share this Internet connection for my laptop. Any recommendations for what I should get? (The desktop is a PC and my laptop is a Mac, in case that makes any diff. A mixed marriage.)

Thanks y'all!

[DreadWingKnight]

1. I just want to confirm what I read on the portforward.com site that i do NOT need to forward ports or have a static IP do it if I have no router, only a cable modem.

Some cablemodems have built in routers as you're aware, but if the IP address you have is not in the ranges defined in RFC1918, yours is not a router.

I have Comcast cable internet.

Known bittorrent-hostile ISP

2. I am thinking I should maybe have a router for security reasons and because I would like to share this Internet connection for my laptop. Any recommendations for what I should get?

Linksys WRT54GL or WRT350N because of the high quality firmwares available for them.

(The desktop is a PC and my laptop is a Mac, in case that makes any diff. A mixed marriage.)

No difference, the standards exist for a reason.

[NeoIsis]

Hey DreadWingKnight, Thanks for your answer!

I had seen so many comments emphasizing how essential it is to fwd ports without mentioning any exception that I started to wonder. (I'm sure it's probably not often stated explicitly because it is assumed to be totally obvious it's not needed without a router / LAN. I finally <i>did</i> find the obvious stated on portforward.com......but then I still wanted to make absolutely sure....)

Tx for router recommendation too

re Comcast I wonder the way peers seem to disappear so quickly, if I could be seeing some throttling. However that could be normal for all I know, as I said I am new at this and am just trying to read and understand how it is supposed to work.

[Switeck]

If you're seeing peers or seeds disconnect 30-38 seconds after first appearing, then you're almost certainly seeing BitTorrent throttling of the type ComCast uses. It may not be your local ComCast section doing it...as we are all at the mercy of the weakest 'link' ISP-wise.

I'm on ComCast, and I see lots of peers being reset every 30-38 seconds. FEW survive longer than that, of which most are encrypted.

[jewelisheaven]

I'm on ComCast, and I see lots of peers being reset every 30-38 seconds. FEW survive longer than that, of which most are encrypted.

I guess I'm lucky most of the swarms I'm on have some generous swedes and japanese peers then. The funny thing is I really don't see much of this disconnection-- peers stay connected for over an hour usually-- but then again I'm on the competitor's lines now (time warner).

Edit: I have however noted that I did get better sustained upload with comcrap. The way TW reduces my efficiency in the swarm is to reset my modem every 2-10 minutes based upon time of day and average upload speed. The interruption lasts between 4 and 60 seconds usually, with outages longer than that happening every week or so.

[NeoIsis]

Yes, that is just exactly what I am seeing (edited:peers being disconnected after 30 seconds or so)

Is there anything I can do on my end to make that less likely? How do you deal with it? Or do you just have to hope for peers that are in the lands of Sverige and Nihon and Encryption?)

[Switeck]

I have no real solution for this, since forcing encryption and turning off legacy connections tends to make things worse...since MANY peers/seeds don't use and even WON'T use encryption.

Currently, all I have is my observations that outgoing encrypted connections seem at least a little less likely to die off in <1 minute. This is if I have fewer than 20 total connections AND half open rate is less than 20.

I am not on particularly "busy" torrents with 100's of seeds+peers. Instead, all combined, the torrents I am running have fewer than 60 potential connections. Of those, I am connected to typically less than 10 at a time...sometimes 5 or less. This despite 10+ trying to connect to me about every 5 minutes.

My half open rate is only 1 at the moment. I've tried it set to 0, 1, 2, 4, and 8...and 8 seems to make things a tiny bit worse. Hard to say for certain that 8 is "worse", as many of the peers I'm trying to connect to seem to be firewalled...so I'm wasting my time trying to connect to them. (This would not in any way be ComCast's fault, but their crippling method may detect that activity and speed up its connection kill-rate.)

Zero definitely makes things worse, especially if there's even a single "disconnect-reconnect" BitComet/BitLord/BitSpirit peer active. Only older BitComet versions...roughly before v0.0.7.0 seem to exhibit this behavior, but they're still painfully too common. What happens is the reconnecter pops in-and-out rather fast and in the next half-minute I tend to lose a LOT of my incoming connections. Sometimes if I ban the reconnecter using ipfilter.dat things improve slightly...but that may just be an illusion too.

[kurahashi]

iptables -A INPUT -p tcp –dport $TORRENT_CLIENT_PORT –tcp-flags RST RST -j DROP

Ofcourse, you need linux (compatibile) router and no guarantees it will work... but it does look reasonable. The only problem is if Comcast is inserting RSTs to the outgoing packets . In that case, all torrent user around the worid would have to cut the RSTs incoming from Comcast... impossible to do, ofcourse. But, I'd personally implement it at home - if I only knew the complete IP ranges of home (BT throttled) comcast users. Anybody know it, by chance?

[jewelisheaven]

Comcast holds a whole /8 if im not mistaken

Edit: I like your sig, kurahashi-san

[Firon]

No, no, no. Ignoring RSTs will not work. BOTH sides need to do it. If you do it on one side, nothing happens.

[Switeck]

And it's not just ComCast doing it now too.

[kurahashi]

Comcast holds a whole /8 if im not mistaken

If you mean 68.0.0.0/8 then definitely no, it's "only" 68.32.0.0/12

Edit: I like your sig, kurahashi-san

Why, thank you

No, no, no. Ignoring RSTs will not work. BOTH sides need to do it. If you do it on one side, nothing happens.

That's why I'm thinking to do it as not a comcast user.

Now, if I connect with comcast peer (who has turned on RST ignoring too) then everything should be fine... theoretically. I know, the chances are very low, but on the other hand - if I can, then why not to do it.

And it's not just ComCast doing it now too

So, who's next? I can add another set of IP ranges to my firewall rules, no problem