MacOS X Sandvine Fix

 

Warning: It is highly recommended that you do this at a local console.

Step 1
Open terminal

Step 2
Run the command:

sudo mkdir /Library/StartupItems/Firewall

Step 3
Save the following to the file /Library/StartupItems/Firewall/Firewall

#!/bin/sh
## Boot Script for firewall
#####################################
#
# Replace 55259 with your BitTorrent port and 55339 with your bittorrent port+100
#
#####################################

# Purge existing rules, this blanks any existing rules
/sbin/ipfw -f flush

########
# Basic Settings
########

# Allow everything on the localhost (127.0.0.1)
/sbin/ipfw -f add 00100 allow ip from any to any via lo0

# Now check for spoofing attacks via localhost, and deny them
/sbin/ipfw -f add 00110 deny from 127.0.0.0/8 to any in
/sbin/ipfw -f add 00120 deny from any to 127.0.0.0/8 in
/sbin/ipfw -f add 00130 deny from 224.0.0.0/3 to any in
/sbin/ipfw -f add 00140 deny from any to 224.0.0.0/3 in

# Setup stateful filtering
# allows any estabilshed outbound connections to recieve data on the same port
/sbin/ipfw -f add 25000 check-state
/sbin/ipfw -f add allow tcp from any to any established
/sbin/ipfw -f add allow tcp from any to any out setup keep-state
/sbin/ipfw -f add allow udp from any to any out keep-state
/sbin/ipfw -f add allow icmp from any to any out


# Block RST Packets on your BitTorrent Port
/sbin/ipfw -f add deny tcp from any to me 55259-55359 tcpflags rst

# Allow new incoming BitTorrent connections
/sbin/ipfw -f add pass tcp from any to any 55259
/sbin/ipfw -f add pass udp from any to any 55259

Step 4
Append any of the following rules to the file.

Apple File Sharing
# Allow AppleShare File Sharing
/sbin/ipfw -f add allow tcp from any to me 548 keep-state setup
/sbin/ipfw -f add allow tcp from any to me 427 keep-state setup
Samba/Windows File Sharing
# Allow Microsoft SMB file sharing
/sbin/ipfw -f add pass tcp from any to me 135-139
/sbin/ipfw -f add pass udp from any to me 135-139

# Allow direct-hosted SMB w/out NetBIOS
/sbin/ipfw -f add pass tcp from any to me 445
/sbin/ipfw -f add pass udp from any to me 445
iTunes sharing
# iTunes library sharing
/sbin/ipfw -f add allow tcp from any to me 3689 setup
/sbin/ipfw -f add allow udp from any to me 3689 keep-state
VNC
# Allow VNC
/sbin/ipfw -f add pass tcp from any to me 5900

More filters coming soon...

Step 5
Save the following in the file /Library/StartupItems/Firewall/StartupParameters.plist

{
Description = "Firewall";
Provides = ("Firewall");
Requires = ("Network");
OrderPreference = "None";
Messages =
{
start = "Starting NAT/Firewall";
stop = "Stopping NAT/Firewall";
};
}

Step 6
Run the following commands:

sudo chown root /Library/StartupItems/Firewall/Firewall
sudo chmod 755 /Library/StartupItems/Firewall/Firewall
sudo chown root /Library/StartupItems/Firewall/StartupParameters.plist
sudo chmod 644 /Library/StartupItems/Firewall/StartupParameters.plist

Step 7
Close all open applications and reboot your computer.

Step 8
Configure your torrent client to use a static outgoing (source) port or an outgoing port range.  This port range should start with your bittorrent port (e.g. 55259), and extend to your bittorrent port+100. (e.g. 55359)

Troubleshooting: If you cannot connect to the internet after doing this fix, open terminal and run the following commands:

sudo rm /Library/StartupItems/Firewall/StartupParameters.plist
sudo rm /Library/StartupItems/Firewall/Firewall

Then reboot and please let me know.

Home 

waffle recipes