Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 15 replies
  • Subscribers 2 subscribers
  • Views 3304 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Azureus Problem (DNAT, Packet Filtering)

Tucker
Hi there,

This problem has been driving me crazy, but I cannot connect to any peers, I have researched this problem in depth reading quite a few posts and trying different configurations however the only success I have had has been getting a confirmation that the port is open and NAT is directing it.

Definitions
Torrent In (Dest: 56881 Source: 1:65535) TCP/UDP
Torrent Out (Dest: 1:65535 Source: 56881) TCP/UDP

Network: 
PC running Azureus: 192.168.1.10 (Statically Assigned to MAC by DHCP)

NAT
Name: Torrent
Traffic Source: Any
Traffic Service: Torrent In (Dest: 56881 Source: 1:65535)
Traffic Dest: External (WAN) (Address)

NAT Mode: DNAT
Destination: PC running Azureus
Dest Service: (Nothing)


Packet Filter
Source: Any
Service: Torrent In (Dest: 56881 Source: 1:65535)
Dest: PC running Azureus
Action: Allow
Time Event: Always

Those are the settings I currently have and Azureus is set up to listen on 56881, however no peers can be connected but NAT reports as fine.

The packet filter log reports this while Azureus is running, in great quantity. I have set up PC to (Bind to local port) to 56881 before I did this the port was random in the ranges of 3000 - 4000. Should the dstip peers not be connecting on port 56881, not their own port?

 
2009:05:07-15:56:52  ulogd[3116]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth1" dstmac="00:13:20:a9:6c:97" srcmac="00:a0:cc:24:ff:a1" srcip="192.168.1.10" dstip="24.154.216.11" proto="6" length="48" tos="0x00" prec="0x00" ttl="127" srcport="56881" dstport="32924" tcpflags="SYN" 
2009:05:07-15:56:54  ulogd[3116]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth1" dstmac="00:13:20:a9:6c:97" srcmac="00:a0:cc:24:ff:a1" srcip="192.168.1.10" dstip="24.154.216.11" proto="6" length="48" tos="0x00" prec="0x00" ttl="127" srcport="56881" dstport="32924" tcpflags="SYN" 
2009:05:07-15:56:54  ulogd[3116]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth1" dstmac="00:13:20:a9:6c:97" srcmac="00:a0:cc:24:ff:a1" srcip="192.168.1.10" dstip="72.0.219.171" proto="6" length="48" tos="0x00" prec="0x00" ttl="127" srcport="56881" dstport="32400" tcpflags="SYN" 
2009:05:07-15:56:55  ulogd[3116]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth1" dstmac="00:13:20:a9:6c:97" srcmac="00:a0:cc:24:ff:a1" srcip="192.168.1.10" dstip="77.31.192.6" proto="6" length="48" tos="0x00" prec="0x00" ttl="127" srcport="56881" dstport="49550" tcpflags="SYN" 
2009:05:07-15:56:57  ulogd[3116]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth1" dstmac="00:13:20:a9:6c:97" srcmac="00:a0:cc:24:ff:a1" srcip="192.168.1.10" dstip="77.31.192.6" proto="6" length="48" tos="0x00" prec="0x00" ttl="127" srcport="56881" dstport="49550" tcpflags="SYN" 
2009:05:07-15:56:57  ulogd[3116]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60002" seq="0" initf="eth1" outitf="eth1" dstmac="00:13:20:a9:6c:97" srcmac="00:a0:cc:24:ff:a1" srcip="192.168.1.10" dstip="220.233.29.99" proto="6" length="48" tos="0x00" prec="0x00" ttl="127" srcport="56881" dstport="38915" tcpflags="SYN" 


Can anybody help please?


This thread was automatically locked due to age.
Parents
  • 0
    Just to add to this I have found that when I change the packet filter rule from

    Packet Filter
    Source: Any
    Service: Torrent In (Dest: 56881 Source: 1:65535)
    Dest: PC running Azureus
    Action: Allow
    Time Event: Always

    TO

    Packet Filter
    Source: PC running Azureus
    Service: Any
    Dest: Any
    Action: Allow
    Time Event: Always

    It will work, but this does not seem ideal because it will allow any service. Can anyone help?
  • 0 in reply to Tucker
    Try
    Packet Filter
    Source: PC running Azureus
    Service: Torrent Out
    Dest: Any
    Action: Allow
    Time Event: Always
  • 0 in reply to BAlfson
    Haha, I was hoping somone would say that because reading through my problem I thought it might work and it did, however I wasnt sure because I was skeptical since for security isnt that creating a security breach?
  • 0 in reply to Tucker
    Is there a way to use bittorrent without creating a security breach? [;)] I don't really know any tricks because I don't use it.

    Cheers - Bob
  • 0 in reply to BAlfson
    lol. Well what I really want to know is that only allowing External clients on Any:Any socket into 192.168.1.10:56881 socket and only that socket and computer?

    Also thanks for your help, I really appreciate it [:)]

    P.S. Oh btw I added your idea, I didnt replace the other packet filter rule. So I now have two packet filter rules
    Any > Torrent In > PC
    PC > Torrent Out > Any
Reply
  • 0 in reply to BAlfson
    lol. Well what I really want to know is that only allowing External clients on Any:Any socket into 192.168.1.10:56881 socket and only that socket and computer?

    Also thanks for your help, I really appreciate it [:)]

    P.S. Oh btw I added your idea, I didnt replace the other packet filter rule. So I now have two packet filter rules
    Any > Torrent In > PC
    PC > Torrent Out > Any
Children
  • 0 in reply to Tucker
    Ok, I have what I think to be a new problem.

    The only rule I have now is a packet rule

    PC > Torrent Out > Any

    and I can successfully connect to tracker/peers and download/upload over Azureus, however there is now no NAT rule and when I test NAT i get "Testing port 56881 ... 
    NAT Error - Connect attempt to (My External IP):56881 (your computer) timed out after 20 seconds. This means your port is probably closed."

    I am also getting spammed with connection attempts in packet filter log 

    2009:05:07-17:55:21  ulogd[3116]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="eth0" outitf="eth0" dstmac="00:a0:cc:24:ff:a1" srcmac="00:00:00:00:00:00" srcip="67.213.71.130" dstip="(My Ip)" proto="6" length="64" tos="0x00" prec="0x00" ttl="48" srcport="41220" dstport="56881" tcpflags="SYN" 


    Why is this happening?