dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
28400
share rss forum feed


Dream Killer
Graveyard Shift
Premium
join:2002-08-09
Forest Hills, NY
kudos:1

3 edits

2 recommendations

How-to: Reddit YouTube firewall rule with MI424wr

I've got a couple of PM's asking how to do this and instead of copy pasting to everyone, I'll just post it here.

Summary:
According to this reddit post, by blocking 206.111.0.0/16 and 173.194.55.0/24, YouTube cache servers are bypassed and should result in a faster loading of YouTube clips.

Basically a firewall rule must be created to prevent outgoing connections to those IP addresses. This isn't a hard thing to do but it is confusing since the Verizon Router supplied with FiOS internet doesn't use CIDR mask notation but the full mask.

First step is to get to login your Verizon router. If the LAN IP address has not been changed, just type in 192.168.1.1 in your browser and it will load the login page. User name is "admin" and the default password is located in a label under the router. The router uses javascript to add a bunch of hidden characters for each letter so don't be alarmed that each key press shows up as 2-3 keypresses in the text field.

Second step is to get to the advanced rule firewall page. You can either click this link or manually navigate there using the steps.

Link: 192.168.1.1/index.cgi?active_page=9024 (this assumes your LAN IP is 192.168.1.1)

Manual navigation: On the top of the homepage, there's an icon "Firewall Settings". Click that and then click "Yes" to proceed. On the left hand pane, click "Advanced Filtering".

Step three: Add the rule.
In this page are two tables with a bunch of red "Add" links. The rule goes into one of two places on the bottom "Output" table. If you're internet connection from your ONT is through the coaxial cable, click the red "Add" button next to "Broadband Connection (Coax) Rules", obviously if the router is connected via ethernet connection from the ONT, click the red "Add" button next to "Broadband Connection (Ethernet) Rules".

On the next page, click the drop down menu next to "Destination Address". Choose the first option "User defined". The router will present a page called "Edit Network Object". Type in something meaningful for description. I called it "YouTube Cache IP"

Now click the red "Add" button on the bottom of the page. Network Object Type is "IP Subnet". Type 206.111.0.0 as the Subnet IP Address and 255.255.0.0 for Subnet Mask (this is "/16" in CIDR notation). Click "Apply"

Repeat the above step for an IP address of "173.194.55.0" and a Subnet Mask of 255.255.255.0 (/24).

Your page should now look like this:


Network Object


Click Apply. It will bouce you back to the "Add Advanced Filter" page. Under operation, select "Reject" as the method. Click Apply.

You're done! You're page should look like this:




That's it. Go check out if YouTube loads faster.

EDIT: Oops, firewall rules goes on the bottom table.

Aero 1

join:2007-07-27

someone buy this man a beer! thanks!



Onedollar

join:2001-08-27
Pomona, CA
kudos:6
reply to Dream Killer

Can someone translate to DDWRT based router? Yes i am lazy and too dumb to figure it out



shmee

join:2005-04-03
Phoenixville, PA

said by Onedollar:

Can someone translate to DDWRT based router? Yes i am lazy and too dumb to figure it out

1.) login to router
2.) go to "administration" tab
3.) on administration page, go to "commands" tab
4.) in commands text box copy paste the following:

iptables -I FORWARD -s 192.168.3.0/24 -d 173.194.55.0/24 -j DROP
iptables -I FORWARD -s 192.168.3.0/24 -d 206.111.0.0/16 -j DROP

5.) click "save firewall" button
6.) enjoy!

NickP65

join:2008-12-11
Trenton, NJ
reply to Dream Killer

I was under the impression that the rules were suppose to be INPUT rules not output ...



mking128

join:2005-08-10
College Point, NY
kudos:1

Setting up as stated above on the OUTPUT side to drop - save/close/exit. For good measures, reboot the router & PC's - enjoy YouTube without lags & buffering, etc. - works like a charm on our MI424 Rev.I router.



fxtr
Premium
join:2002-09-15
Reston, VA
reply to Dream Killer

Set up the rules to block the cache servers but now get 'This page cant be displayed.'



Dream Killer
Graveyard Shift
Premium
join:2002-08-09
Forest Hills, NY
kudos:1
reply to NickP65

said by NickP65:

I was under the impression that the rules were suppose to be INPUT rules not output ...

The rule is written from the point of view of the firewall and router's interface. The main thing to remember is whenever there's a device on the LAN side that requests a connection to a certain WAN IP, through NAT, it's an outgoing connection. It's a confusing concept because it doesn't follow the "download = input" and "output = upload" point of view we're so used to.


Dream Killer
Graveyard Shift
Premium
join:2002-08-09
Forest Hills, NY
kudos:1
reply to fxtr

said by fxtr:

Set up the rules to block the cache servers but now get 'This page cant be displayed.'

im not sure where it went wrong but make sure the subnet mask for the 173.194.55.0 block is only 255.255.255.0 and not 255.255.0.0. 173.194.4x.xx is where "youtube.com" redirects.

please post a screenshot of the rule.


fxtr
Premium
join:2002-09-15
Reston, VA

F.T.F.I. - Had checked Drop and not Reject.
All OK now.



fxtr
Premium
join:2002-09-15
Reston, VA
reply to Dream Killer

Click for full size
Click for full size
Click for full size
Click for full size
MI424WR-GEN3I Version I Firmware 40.2.1


Lex Luthor
Premium,Mod
join:2000-09-17
Hicksville, NY
kudos:3
reply to Dream Killer

When you say youtube "loads faster" what do you mean?

I have problems with Youtube HD video buffering on my Galaxy S3 when on wifi that's connected to Fios.

Will this fix that problem?



Dream Killer
Graveyard Shift
Premium
join:2002-08-09
Forest Hills, NY
kudos:1
reply to fxtr

said by fxtr:

MI424WR-GEN3I Version I Firmware 40.2.1

You wrote the rule kind of funny. Destination must be the WAN IP. You have them set as source. Also you set them as IP range.

Here's how the settings should look like:


Network Object

Note the object type.



Note that the IP blocks are destination addresses.


Dream Killer
Graveyard Shift
Premium
join:2002-08-09
Forest Hills, NY
kudos:1
reply to Lex Luthor

said by Lex Luthor:

When you say youtube "loads faster" what do you mean?

I have problems with Youtube HD video buffering on my Galaxy S3 when on wifi that's connected to Fios.

Will this fix that problem?

Allegedly. I think right now it's a placebo since I set the rule to log anytime the rule trips and I haven't got a hit while watching youtube off-peak or at peak hours.

Supposedly this bypasses youtube's caching servers. I'm not sure if the mobile website uses the same caching servers though.


fxtr
Premium
join:2002-09-15
Reston, VA
reply to Dream Killer

Changed to "destination"
Changed to IP subnet.
Thanx for the help!



Dream Killer
Graveyard Shift
Premium
join:2002-08-09
Forest Hills, NY
kudos:1

make sure your subnet masks are also correct =)


NickP65

join:2008-12-11
Trenton, NJ
reply to Dream Killer

Dream Killer - Thanks for explanation.


ChrisUK

join:2008-08-28
Falls Church, VA
reply to Dream Killer

I followed the OP's directions step-by-step, but YouTube still buffers on my PS3 via wifi. Do I need to add this rule to the "Wireless Access Point" section as well?

Chris



fxtr
Premium
join:2002-09-15
Reston, VA
reply to Dream Killer

Masks are correct. Youtube is not buffering now, was really slow last week. I will check it this evening when there should be more activity.



GeekNJ
Premium
join:2000-09-23
Waldwick, NJ
reply to Dream Killer

You selected Reject vs Drop. The description indicates Reject is Drop and send TCP Reset or ICMP Host Unreachable packets to sender.

Is there a need to send back the response?



Dream Killer
Graveyard Shift
Premium
join:2002-08-09
Forest Hills, NY
kudos:1

4 edits

1 recommendation

said by GeekNJ:

You selected Reject vs Drop. The description indicates Reject is Drop and send TCP Reset or ICMP Host Unreachable packets to sender.

Is there a need to send back the response?

The browser will react to REJECT faster since it knows the connection failed and won't wait for a timeout or keep retrying. You can go with whichever you prefer.

I always use REJECT because DROP can dramatically slow down applications. DROP should not normally be used anyway.


Jcink

join:2005-12-19
none
reply to Dream Killer

I have smoothwall and I blocked both IP ranges in there and still had buffering. I doubt it's smoothwall thing because it actually does block the IP addresses but I see no improvements. Is there any way to verify that it actually bypasses their cache servers or whatever?


batsona
Maryland

join:2004-04-17
Ellicott City, MD
Reviews:
·Vonage
·Verizon FiOS
reply to Dream Killer

I think what's being attempted here, is someone's determined which cache servers are the slowest somehow, and attempting to block them from being accessed by web-clients on the local LAN. At least I hope so.. ---just blocking huge portions of the Internet (Google's address space) might be hurting more than helping; figuring out Youtube's caching scheme is not trivial.



Dream Killer
Graveyard Shift
Premium
join:2002-08-09
Forest Hills, NY
kudos:1

said by batsona:

I think what's being attempted here, is someone's determined which cache servers are the slowest somehow, and attempting to block them from being accessed by web-clients on the local LAN. At least I hope so.. ---just blocking huge portions of the Internet (Google's address space) might be hurting more than helping; figuring out Youtube's caching scheme is not trivial.

I didn't do the research on how the Reddit poster determined which IP to block. I don't watch much youtube, though.


dennismurphy
Put me on hold? I'll put YOU on hold
Premium
join:2002-11-19
Parsippany, NJ
kudos:3
Reviews:
·Verizon FiOS

said by Dream Killer:

said by batsona:

I think what's being attempted here, is someone's determined which cache servers are the slowest somehow, and attempting to block them from being accessed by web-clients on the local LAN. At least I hope so.. ---just blocking huge portions of the Internet (Google's address space) might be hurting more than helping; figuring out Youtube's caching scheme is not trivial.

I didn't do the research on how the Reddit poster determined which IP to block. I don't watch much youtube, though.

Yeah, I tend to agree. Blocking an entire class B and class C address block to work around some slow caching servers is moderately looney. That's like using a machete to remove a splinter.

Max Greene

join:2000-12-22
Bayonne, NJ
reply to Dream Killer

And while this is helpful people need to be realistic as to what effect it will have. It will definitely improve things but it is not a complete fix and I know I still have some annoying issues with youtube videos loading.


ChrisUK

join:2008-08-28
Falls Church, VA
reply to dennismurphy

Please explain the down-side.

I haven't seen much improvement, but I haven't noticed any ill effects either.

Chris



HarleyYac
Lee
Premium
join:2001-10-13
Allendale, NJ
kudos:2
reply to Dream Killer

Has anyone just tried a different router? It is an Actiontec problem ? or just config ?



Dream Killer
Graveyard Shift
Premium
join:2002-08-09
Forest Hills, NY
kudos:1

I posted this in the Vz FiOS forum because my instructions are mi424wr specific but this can be interpreted for other routers. Some routers don't have GUI access to manipulate advanced firewall rules, though (ddwrt - rolleyes).

Theres a couple of threads cropping up here with instructions on how to apply rules like this since Karl put a link to the Reddit thread in his YouTube article on the front page news. Check the forum for your router's brand.



KCrimson
Premium
join:2001-02-25
Brooklyn, NY
kudos:1
reply to ChrisUK

said by ChrisUK:

Please explain the down-side.

I haven't seen much improvement, but I haven't noticed any ill effects either.

Chris

The downside is theoretical. The problem is that a large range of IP addresses are being blocked, and we don't know what Google plans to (or is currently using) many of those IP addresses FOR. Tomorrow, Google could put "Google-Amazing.com" somewhere in that address space, and none of those people who have installed that filter will be able to connect to it. Also, since we already know that Google is using SOME of those addresses for "back-end" servers that aren't specifically addressed directly by the users, we have no idea when even EXISTING Google services might (even LIKELY) start using some of those addresses (even "Google.com" itself).