Thread: [Fwbuilder-discussion] creating a Bittorrent rule in FWB
Brought to you by:
mikehorn
From: Claude J. <cla...@le...> - 2005-06-13 16:21:09
|
I'm currently downloading Fedora Core 4 bittorrent. In order to set it up, I created a new tcp service, called it bittorent and specified ports 6881-6889 for source and destination and applied a new rule to the outside interface permitting this service in both directions . I'm wondering if this is correct? It seems to be working, but I'm wondering if I created an unsafe situation, or overlooked something, or just plain did it all wrong. -- Claude Jones Bluemont, VA, USA |
From: Alexander R. <ru...@tu...> - 2005-06-13 18:07:34
|
Claude Jones wrote: > I'm currently downloading Fedora Core 4 bittorrent. In order to set it up, I > created a new tcp service, called it bittorent and specified ports 6881-6889 > for source and destination and applied a new rule to the outside interface > permitting this service in both directions . I'm wondering if this is > correct? It seems to be working, but I'm wondering if I created an unsafe > situation, or overlooked something, or just plain did it all wrong. Although bt is considered a client from your perspective it opens a tcp port to provide access for incoming requests from other clients. Thus your rule is (assuming you allow outgoing connections to any service): Source Destination Service Action ANY Your IP 6881-6889 (Source port 0) Accept Hth, Alex!!! |
From: Claude J. <cla...@le...> - 2005-06-13 19:43:25
|
On Monday 13 June 2005 2:07 pm, Alexander Runge wrote: > Claude Jones wrote: > > I'm currently downloading Fedora Core 4 bittorrent. In order to set it > > up, I created a new tcp service, called it bittorent and specified ports > > 6881-6889 for source and destination and applied a new rule to the > > outside interface permitting this service in both directions . I'm > > wondering if this is correct? It seems to be working, but I'm wondering > > if I created an unsafe situation, or overlooked something, or just plain > > did it all wrong. > > Although bt is considered a client from your perspective it opens a tcp > port to provide access for incoming requests from other clients. > Thus your rule is (assuming you allow outgoing connections to any service): > > Source Destination Service Action > ANY Your IP 6881-6889 (Source port 0) Accept > Thanks, Alex. For some reason, it's not working on a nearly identical second machine. The first machine works great. Any thoughts on what I've overlooked? I've read through the bittorrent faqs and through a couple of other pages I found, but couldn't get a solution. I don't think it's a firewall problem, but I though I'd ask here in case there's some firewall issue I'm not thinking of. -- Claude Jones Bluemont, VA, USA |
From: Alexander R. <ru...@tu...> - 2005-06-13 20:20:43
|
Claude Jones wrote: > On Monday 13 June 2005 2:07 pm, Alexander Runge wrote: > >>Claude Jones wrote: >> >>>I'm currently downloading Fedora Core 4 bittorrent. In order to set it >>>up, I created a new tcp service, called it bittorent and specified ports >>>6881-6889 for source and destination and applied a new rule to the >>>outside interface permitting this service in both directions . I'm >>>wondering if this is correct? It seems to be working, but I'm wondering >>>if I created an unsafe situation, or overlooked something, or just plain >>>did it all wrong. >> >>Although bt is considered a client from your perspective it opens a tcp >>port to provide access for incoming requests from other clients. >>Thus your rule is (assuming you allow outgoing connections to any service): >> >>Source Destination Service Action >>ANY Your IP 6881-6889 (Source port 0) Accept >> > > > Thanks, Alex. For some reason, it's not working on a nearly identical second > machine. The first machine works great. Any thoughts on what I've overlooked? > I've read through the bittorrent faqs and through a couple of other pages I > found, but couldn't get a solution. I don't think it's a firewall problem, > but I though I'd ask here in case there's some firewall issue I'm not > thinking of. > Claude, You don't happen to have a NAT router, do you? If so you have to forward different port ranges to your LAN machines. Have a look at theses bt client options (read man btdownloadcurses.py) --minport <arg> minimum port to listen on, counts up if unavailable (defaults to 6881) --maxport <arg> maximum port to listen on (defaults to 6999) If you have public IPs on your machines I can only guess that the port range you defined with fwbuilder does not match your bt configuration. Check with "netstat -anp" on which port the bt client really listens on. Alex!!! |
From: ryan <ry...@zo...> - 2005-06-20 12:11:36
|
I had the same problem. I took away the port range and did the below: -Forwarded TCP 6881 to the LAN IP running Bittorrent on the NAT tab. -Created an outbound NAT rule translating TCP port 6881. -On the policy tab, allowed TCP 6881 bi-directional from "any" to "any". -In the properties of the policy rule, I enabled "stateless". I tried the same thing only using ports 6881-6999, but it didn't work (my logs got flooded very quickly). Using individual ports seems to work great. ----- Original Message ----- From: "Claude Jones" <cla...@le...> To: <fwb...@li...> Sent: Monday, June 13, 2005 3:42 PM Subject: Re: [Fwbuilder-discussion] creating a Bittorrent rule in FWB > On Monday 13 June 2005 2:07 pm, Alexander Runge wrote: > > Claude Jones wrote: > > > I'm currently downloading Fedora Core 4 bittorrent. In order to set it > > > up, I created a new tcp service, called it bittorent and specified ports > > > 6881-6889 for source and destination and applied a new rule to the > > > outside interface permitting this service in both directions . I'm > > > wondering if this is correct? It seems to be working, but I'm wondering > > > if I created an unsafe situation, or overlooked something, or just plain > > > did it all wrong. > > > > Although bt is considered a client from your perspective it opens a tcp > > port to provide access for incoming requests from other clients. > > Thus your rule is (assuming you allow outgoing connections to any service): > > > > Source Destination Service Action > > ANY Your IP 6881-6889 (Source port 0) Accept > > > > Thanks, Alex. For some reason, it's not working on a nearly identical second > machine. The first machine works great. Any thoughts on what I've overlooked? > I've read through the bittorrent faqs and through a couple of other pages I > found, but couldn't get a solution. I don't think it's a firewall problem, > but I though I'd ask here in case there's some firewall issue I'm not > thinking of. > > -- > Claude Jones > Bluemont, VA, USA > > > ------------------------------------------------------- > This SF.Net email is sponsored by: NEC IT Guy Games. How far can you shotput > a projector? How fast can you ride your desk chair down the office luge track? > If you want to score the big prize, get to know the little guy. > Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 > _______________________________________________ > Fwbuilder-discussion mailing list > Fwb...@li... > https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion > |