5

I work for a small IT company that fix mostly Windows computers, and lately we have an huge issue with Windows 10 updates.

When a new computer enters our network and starts downloading updates, it block internet for every other PC.

I've read that this is because of the new P2P mode, and if I manually disable that, in fact, it works.

But I can't manually disable a setting on every client pc everytime a new customer brings his pc.

Is there a way to block this behaviour with a firewall? I'm running Ubuntu Server with FireHol to manage internet inside my network, and currently I didn't setup any QoS since we have plenty of bandwidth and when we download something on a computer we would like to do that at full speed.

Any thoughts?

Improve this question
8
  • Some articles on the internet say that the service uses port 3544 and 7680 for the communication. Blocking those ports might work but it's not sure. If you allow just one client to take the full bandwidth, then the other clients won't have any. Are you sure the problem isn't there? P2P is mostly used for upload and not download.
    – Spokey
    Commented Apr 8, 2016 at 9:04
  • It blocks internet for every other PC? Looks like you may need to enable some additional QoS rules or bandwidth sharing / limiting rules so one computer cannot use all available bandwidth leaving the rest with none
    – Jeff
    Commented Apr 8, 2016 at 10:24
  • If they are connected to the network wirelessly, see this...lifehacker.com/…
    – Moab
    Commented Apr 13, 2016 at 17:22
  • @Jeff it blocks even internal network, literally everything. it's a pain. Fun fact: if a computer in my network starts torrent, i have not this issues. other PCs slows a bit, but still works
    – JohnKiller
    Commented Apr 19, 2016 at 8:57
  • @Moab i don't want to change settings on client computers. i want to change something at the router/gateway level.
    – JohnKiller
    Commented Apr 19, 2016 at 9:00

1 Answer 1

Reset to default
0

If it downloads via non SSL connection you can setup a proxy cache like squid.

Then you have a local server that won't go through the internet. Hopefully you have gigabit locally so it won't bog down your local network.

Second if you can place your client PC's on their own subnet then:

iptables -i eth0 (or etc) -s 192.168.100.1 -d ip/ms server name -j DROP

Setup your own PC with P2P for Windows 10 updates on so that it fetches updates from there instead of going to the internet. You can use iptables IP/port forwarding to forceable re-direct said update traffic to your local Windows 10 PC with P2P turned on.

If you have separate subnets for clients/work PC you can QoS just the appropriate subnet or just QoS the microsoft update server.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .