Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 28 replies
  • Subscribers 2 subscribers
  • Views 36444 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Bittorrent Client works, but...

HansDampf2008
My bittorrent client does work very well, but to achieve that I have to set the following packet filter rule:

Source: MyIP -> Service:Any -> Destination:Any 
allways allowed

I had to define this rule cos the ASG had blocked all packets sending from myIP with random outgoing ports. And these connection seems to be needed for using the bittorrent network.[:S]


This thread was automatically locked due to age.
  • 0 in reply to wingman
    Hi 

    thx for your help, so here´s what i did but it didn´t work for me

    vuze port is 6881
    service definitions OUT
    bittorent_OUT TCP/UDP 6881 → 1:65535
    service definitions IN
    bittorent_IN TCP/UDP 1024:65535 → 6881

    define the client pc under network

    create pf rules
    client -> bittorent_OUT -> any
    any -> bittorent_IN -> client

    and the NAT rule
    DNAT [bittorrent]
    Traffic selector: Any → bittorent_OUT → External (WAN) (Address)
    Destination translation: client

    mmh so what is wrong here, any hint are welcome, thx for helping me!!!

    best regards
    ACID25
  • 0 in reply to ACID25
    What's on the pf log?
    What do you mean "didn't work for me?" (no connection at all?ports are closed?)
  • 0 in reply to wingman
    Hi

    no connection all packets were "dropped"  

    2009:03:30-23:09:08 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="72.183.10.57" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="47" srcport="60565" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:08 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="83.249.183.11" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="48" srcport="55237" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:09 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="72.183.10.57" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="47" srcport="60565" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:09 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="222.123.128.6" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="39" srcport="12797" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:10 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="72.183.10.57" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="47" srcport="60565" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:11 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="75.60.209.83" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="113" srcport="3864" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:12 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="72.183.10.57" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="47" srcport="60565" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:13 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="58.166.247.177" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="100" srcport="3152" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:14 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="213.16.26.232" dstip="78.94.158.82" proto="6" length="48" tos="0x10" prec="0x20" ttl="118" srcport="1285" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:16 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="72.183.10.57" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="47" srcport="60565" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:19 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="78.154.212.184" dstip="78.94.158.82" proto="17" length="105" tos="0x08" prec="0x20" ttl="108" srcport="14285" dstport="14285" 

    2009:03:30-23:09:20 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="92.11.41.209" dstip="78.94.158.82" proto="17" length="95" tos="0x08" prec="0x20" ttl="116" srcport="32407" dstport="6881" 

    2009:03:30-23:09:20 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="60.49.126.255" dstip="78.94.158.82" proto="17" length="95" tos="0x08" prec="0x20" ttl="106" srcport="40227" dstport="6881" 

    2009:03:30-23:09:21 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="90.217.145.154" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="117" srcport="3108" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:23 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="92.14.195.178" dstip="78.94.158.82" proto="17" length="95" tos="0x08" prec="0x20" ttl="116" srcport="45135" dstport="6881" 

    2009:03:30-23:09:23 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="12.183.148.220" dstip="78.94.158.82" proto="6" length="52" tos="0x08" prec="0x20" ttl="109" srcport="63275" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:24 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="90.217.145.154" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="117" srcport="3108" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:26 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="12.183.148.220" dstip="78.94.158.82" proto="6" length="52" tos="0x08" prec="0x20" ttl="108" srcport="63275" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:26 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="122.53.10.167" dstip="78.94.158.82" proto="17" length="95" tos="0x08" prec="0x20" ttl="115" srcport="27341" dstport="6881" 

    2009:03:30-23:09:27 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="89.143.145.126" dstip="78.94.158.82" proto="6" length="64" tos="0x08" prec="0x20" ttl="53" srcport="56252" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:28 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="89.143.145.126" dstip="78.94.158.82" proto="6" length="64" tos="0x08" prec="0x20" ttl="53" srcport="56252" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:29 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="82.95.92.125" dstip="78.94.158.82" proto="6" length="64" tos="0x08" prec="0x20" ttl="53" srcport="35046" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:29 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="89.143.145.126" dstip="78.94.158.82" proto="6" length="64" tos="0x08" prec="0x20" ttl="53" srcport="56252" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:29 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="82.95.92.125" dstip="78.94.158.82" proto="6" length="64" tos="0x08" prec="0x20" ttl="53" srcport="35046" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:29 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="90.217.145.154" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="117" srcport="3108" dstport="6881" tcpflags="SYN" 

    2009:03:30-23:09:30 gw ulogd[3195]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth1" outitf="eth1" dstmac="00:04:75:c9:ff[:D]e" srcmac="00:00:00:00:00:00" srcip="89.143.145.126" dstip="78.94.158.82" proto="6" length="48" tos="0x08" prec="0x20" ttl="53" srcport="56252" dstport="6881" tcpflags="SYN" 


    regards
    ACID25
  • 0 in reply to ACID25
    change the nat rule to use your bittorrent_in service. You can see the traffic in your log file has the destination of 6881.
  • 0 in reply to dilandau
    change the nat rule to use your bittorrent_in service. You can see the traffic in your log file has the destination of 6881.


    great now it works thx a lot @dilandau [:)]

    regards and gn8
    ACID25
  • 0 in reply to ACID25
    I have:

    CLIENT - BittorrentOUT - Any

    Any - BittorrentIN - CLIENT

    BittorrentIN = TCP/UDP 1024:65535 → 58312

    BittorrentOUT =  TCP/UDP 58312 → 1024:65535


    DNAT : 
    DNAT [Bittorrent]
    Traffic selector: Any → BittorrentIN → CLIENT
    Destination translation: CLIENT BittorrentIN
    Automatic packet filter rule: ON
  • 0 in reply to otroean
    you  don't need to have automatic packet filter on and define all rules b yourself. Remember that you have to allow trackers to talk to the internet as well. 

    e.g Bitorrent might work but if none of the trackers is allowed you won't be able to download any files
  • 0 in reply to wingman
    you  don't need to have automatic packet filter on and define all rules b yourself. Remember that you have to allow trackers to talk to the internet as well. 

    e.g Bitorrent might work but if none of the trackers is allowed you won't be able to download any files


    I'm quite new at this, could you please explain how to make downloading with azureus possible? The download never starts and all the packets are dropped.
  • 0 in reply to otroean
    Definitions:
    ------------
    under network create torrent pc client(basically the pc that uses the torrent client)

    Packet Filter
    --------
    source :Any
    service :utorrent port
    Destination: torrent client pc

    packet filter
    --------------
    source: torrent client pc
    service: tracker ports (ports needed for trackers)
    Destination: tracker ips

    source: torrent client pc
    service:UDP port outgoing for torrent client
    Destination: Any

    source: torrent client pc
    service:TCP port outgoing for torrent client
    Destination: Any




    Nat
    ------
    traffic source: Any
    Traffic service :utorrent port
    traffic destination: external wan ip
    Nat mode: DNAT
    destination: utorrent client pc
    destination service: nothing
    automatic pf rule unchecked

    Now if you configure the same but change the ports to the correct ones(i think bittorrent uses range of ports whereas utorrent uses one) and configure the client everything should work


    If you keep the same procedure but replace the torrent port with the azureus  one you will be fine

    Things to replace:

    1)TCP port outgoing for torrent client
    2)UDP port outgoing for torrent client
    3)utorrent port


    Let me know how it goes!
  • 0 in reply to wingman
    Hi.
    Have to look at it tomorrow. I'll let you know when I have tried...

    thnxs