How can I effectively block torrenting?

My WNR1000v3 is serving six people and two of them have decided that despite my warnings they're going to torrent heavily all day.

Not dealing with that crap I decided to reserve their IPs and set up port blocking 1000-65535 at all times of the day.

However.... looking at the log reveals that stuff is still going through. Half of the entries are saying:

[LAN access from remote] from <externalIP>:16001 to 192.168.1.7:18946 Friday, Oct 12,2012 22:47:05

and half are saying:

[Service blocked: BlockTorrents] from source 192.168.1.7, Friday, Oct 12,2012 22:46:26

Is this because of uPNP? Or does the 'block services' feature Netgear has only work with outgoing connections? Is there something that I'm missing?

If it is indeed uPNP, how could I effectively block their torrenting without hurting everyone's use of services like Skype, Playstation Network, etc.?

Chauncellor

Posted 2012-10-13T03:05:13.607

Reputation: 133

Block them completely in the router, no internet access for breaking your rules, but they will defy you one way or another by hard re-setting the router. No good solution I can see other than get new roommates. – Moab – 2012-10-13T17:56:04.917

A combination of blocking those ports and putting their IPs as complete lowest on QoS has effectively improved the situation. – Chauncellor – 2012-10-13T19:52:59.313

Answers

You're seeing incoming connections to their machines from other BitTorrent clients.

BT is notoriously hard to block nowadays; BT clients have had many things added to them over the years to evade such blocks as this.

The best thing you can do is to use QoS features of your router to limit the bandwidth that they consume. QoS does take a significant amount of time and experimentation to set up correctly, but is worth it especially in a circumstance like this.

This extended QoS tutorial is the best I've ever seen. It's geared toward Tomato, but you should be able to adapt it to any home router that provides QoS features, with varying degrees of success.

Michael Hampton

Posted 2012-10-13T03:05:13.607

Reputation: 11 744

Thanks so much. I was afraid of this. I'd love to flash tomato or dd-wrt onto this router but it's (sadly) unsupported. – Chauncellor – 2012-10-13T03:14:14.170

Home routers are very cheap; if yours doesn't have QoS capability, go buy another one. – Michael Hampton – 2012-10-13T03:15:08.367

It does have QoS and a decent amount of options - though not as many as the open-source ones. – Chauncellor – 2012-10-13T03:18:07.833

1Stop serving those two people, or to extend what Michael Hampton said, go buy a second router, put them on it, then lock down QoS like you're trying to simulate a 300 baud modem. :) – Mark Allen – 2012-10-13T03:59:54.430