TechTalkz.com Logo Ask the Experts!

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech Support Archives > Linux & Opensource > OpenBSD

pf and bittorrent

OpenBSD

 
 
Thread Tools Display Modes
Unread 15-09-2007, 07:40 AM   #1
Dave
Guest
 
Posts: n/a
pf and bittorrent

Hello,
I've got an obsd pf gateway. Behind it is a centos5 client that i want
to be able to use bittorrent. I've added rules to my pf.conf redirecting
incoming bittorrent ports 6881 through 6999 to the centos box, and allowing
outgoing traffic, yet i get no downloads, and errors when trying to connect
to the trackerless server or something like that. Does anyone have this
working?
Thanks.
Dave.



Sponsored Links
 
Unread 15-09-2007, 07:40 AM   #2
Guillaume Aubert
Guest
 
Posts: n/a
Re: pf and bittorrent

On Aug 1, 7:38 am, "Dave" <dmehle...@woh.rr.com> wrote:
> Hello,
> I've got an obsd pf gateway. Behind it is a centos5 client that i want
> to be able to use bittorrent. I've added rules to my pf.conf redirecting
> incoming bittorrent ports 6881 through 6999 to the centos box, and allowing
> outgoing traffic, yet i get no downloads, and errors when trying to connect
> to the trackerless server or something like that. Does anyone have this
> working?
> Thanks.
> Dave.


You need to allow incoming traffic from ports 6881 to 6999.

G. Aubert.

 
Unread 15-09-2007, 07:40 AM   #3
Dave
Guest
 
Posts: n/a
Re: pf and bittorrent

Hello,
Thanks for your reply. Here are my pf rules for bittorrent.

bittorrent = "192.168.0.4/32"
bittorrent_port = "6881:6999"

# bittorrent
rdr on $ext_if inet proto tcp from any to any port $bittorrent_port ->
$bittorrent port $bittorrent_port
rdr on $ext_if inet proto udp from any to any port $bittorrent_port ->
$bittorrent port $bittorrent_port

# bittorrent
pass in quick on $ext_if inet proto tcp from any to $bittorrent port
$bittorrent_port flags S/Sa keep state
pass in quick on $ext_if inet proto udp from any to $bittorrent port
$bittorrent_port keep state

# bittorrent
pass out quick on $int_if inet proto tcp from any to $bittorrent port
$bittorrent_port Flags S/SA keep state
pass out quick on $int_if inet proto udp from any to $bittorrent port
$bittorrent_port keep state

Thanks.
Dave.

"Guillaume Aubert" <aubertguillaume***********> wrote in message
news:1185960213.004600.90550@r34g2000hsd.googlegro ups.com...
> On Aug 1, 7:38 am, "Dave" <dmehle...@woh.rr.com> wrote:
>> Hello,
>> I've got an obsd pf gateway. Behind it is a centos5 client that i
>> want
>> to be able to use bittorrent. I've added rules to my pf.conf redirecting
>> incoming bittorrent ports 6881 through 6999 to the centos box, and
>> allowing
>> outgoing traffic, yet i get no downloads, and errors when trying to
>> connect
>> to the trackerless server or something like that. Does anyone have this
>> working?
>> Thanks.
>> Dave.

>
> You need to allow incoming traffic from ports 6881 to 6999.
>
> G. Aubert.
>



 
Unread 15-09-2007, 07:40 AM   #4
Clever Monkey
Guest
 
Posts: n/a
Re: pf and bittorrent

Dave wrote:
> Hello,
> I've got an obsd pf gateway. Behind it is a centos5 client that i want
> to be able to use bittorrent. I've added rules to my pf.conf redirecting
> incoming bittorrent ports 6881 through 6999 to the centos box, and allowing
> outgoing traffic, yet i get no downloads, and errors when trying to connect
> to the trackerless server or something like that. Does anyone have this
> working?


I see you are discussing this else-thread, but for reference, here are
the germane parts of my pf.conf for BitTorrent:

BitTorrent="50001"

# BitTorrent
rdr on $ext_if inet proto { udp, tcp } from any to $ext_if port
$BitTorrent -> ($int_if:network) port $BitTorrent

# Allow BitTorrent traffic, and shortcut the rest of the rules
pass in quick on $ext_if inet proto { tcp, udp } from any to any port
$BitTorrent

I'm not sure if this is ideal or not, but it works. In the past I had
to redirect to specific internal hosts, but the wildcarding seem to work
ok. Note I changed the BitTorrent port to 50001. I found I did not
seem to need a range. I'm probably not letting myself connect to as
many peers, but (as I said) this works Good Enough for me.

--
clvrmnky <mailto:spamtrap@clevermonkey.org>

Direct replies will be blacklisted. Replace "spamtrap" with my name to
contact me directly.
 
Unread 15-09-2007, 07:40 AM   #5
Dave
Guest
 
Posts: n/a
Re: pf and bittorrent

Hi,
Thanks for your reply. I'd prefer to use the standard ports, so as to
assure maximum compatibility. I've added the rules, which bittorrent client
do you use is it on a linux box and how is it invoked?
Thanks.
Dave.

"Clever Monkey" <spamtrap@clevermonkey.org.INVALID> wrote in message
news:Rx4si.20322$13.3835@nnrp.ca.mci.com!nnrp1.uun et.ca...
> Dave wrote:
>> Hello,
>> I've got an obsd pf gateway. Behind it is a centos5 client that i
>> want to be able to use bittorrent. I've added rules to my pf.conf
>> redirecting incoming bittorrent ports 6881 through 6999 to the centos
>> box, and allowing outgoing traffic, yet i get no downloads, and errors
>> when trying to connect to the trackerless server or something like that.
>> Does anyone have this working?

>
> I see you are discussing this else-thread, but for reference, here are the
> germane parts of my pf.conf for BitTorrent:
>
> BitTorrent="50001"
>
> # BitTorrent
> rdr on $ext_if inet proto { udp, tcp } from any to $ext_if port
> $BitTorrent -> ($int_if:network) port $BitTorrent
>
> # Allow BitTorrent traffic, and shortcut the rest of the rules
> pass in quick on $ext_if inet proto { tcp, udp } from any to any port
> $BitTorrent
>
> I'm not sure if this is ideal or not, but it works. In the past I had to
> redirect to specific internal hosts, but the wildcarding seem to work ok.
> Note I changed the BitTorrent port to 50001. I found I did not seem to
> need a range. I'm probably not letting myself connect to as many peers,
> but (as I said) this works Good Enough for me.
>
> --
> clvrmnky <mailto:spamtrap@clevermonkey.org>
>
> Direct replies will be blacklisted. Replace "spamtrap" with my name to
> contact me directly.



 
Unread 15-09-2007, 07:40 AM   #6
Guillaume Aubert
Guest
 
Posts: n/a
Re: pf and bittorrent

I think BitTorrent don't use UDP

This is my old rules :

rdr on $ext_if proto tcp from any to ($ext_if) port 6881:6889 -> $P2P
port 6881:*

pass in quick on $ext_if proto tcp from any to $user_ip port
6880><6890 flags S/SA keep state

But now I use only one port with uTorrent with success :

rdr on $ext_if proto tcp from any to ($ext_if) port $PORT -> $user_ip
port $PORT

pass in quick on $ext_if proto tcp from any to $user_ip port $PORT
keep state

G. Aubert.


 
Unread 15-09-2007, 07:41 AM   #7
Christian Weisgerber
Guest
 
Posts: n/a
Re: pf and bittorrent

Dave <dmehler26@woh.rr.com> wrote:

> Thanks for your reply. I'd prefer to use the standard ports, so as to
> assure maximum compatibility.


I think it needs pointing out that BitTorrent isn't tied to any
particular port numbers. Port 6881 and subsequent ones is just the
default setting where the Mainline client listens for incoming
connections.

(Note that there are trackers that explicitly refuse clients that
use the default port numbers, because these can be a target for
filtering/traffic shaping by ISPs, so "to assure maximum compatibility"
you actually want to use a different range.)

There are three subcommunications to consider:
(1) The local client connects to the remote tracker. The port number
is specified in the tracker URL in the torrent file.
(2) The local client connects to a remote client. The connection will
be from an ephemeral port to whatever port the remote client has
specified via the tracker.
(3) A remote client connects to the local client. The connection
will be from some random port to whatever port the local client
has specified via the tracker.

--
Christian "naddy" Weisgerber naddy@mips.inka.de
 
Unread 15-09-2007, 07:41 AM   #8
Christian Weisgerber
Guest
 
Posts: n/a
Re: pf and bittorrent

Guillaume Aubert <aubertguillaume***********> wrote:

> I think BitTorrent don't use UDP


There are at least two common extensions to the basic BT protocol
that use UDP:

* The client and tracker can optionally communicate over UDP. Given
the simple request/reply protocol, this makes sense, but despite
fairly widespread client support, UDP trackers are rare.

* The "trackerless" mode introduced by the mainline client has the
nodes communicate over UDP.

--
Christian "naddy" Weisgerber naddy@mips.inka.de
 
Unread 15-09-2007, 07:42 AM   #9
Clever Monkey
Guest
 
Posts: n/a
Re: pf and bittorrent

Dave wrote:
> Thanks for your reply. I'd prefer to use the standard ports, so as to
> assure maximum compatibility. I've added the rules, which bittorrent client
> do you use is it on a linux box and how is it invoked?
> Thanks.
>

Nope, I use a fancy GUI on OS X. OBSD just has to forward those packets
to the right host.

Contrary to my last comment, if I change the ruleset to rdr BT traffic
to a specific hostort, I (surprise!) get more peer connections.

I think folks recommend using the non-default ports because so many ISPs
will block them. I suspect traffic-shaping is becoming more common,
so this is unlikely to be an issue over time. Though, I guess this is
why many apps recommend you bump the port you use to a single
"ephemeral" port. Since you announce your IP and port to peers, they
know which one to talk to you back on.
--
clvrmnky <mailto:spamtrap@clevermonkey.org>

Direct replies will be blacklisted. Replace "spamtrap" with my name to
contact me directly.
 
Unread 15-09-2007, 07:42 AM   #10
Christian Weisgerber
Guest
 
Posts: n/a
Re: pf and bittorrent

Sponsored Links
Dave <dmehler26@woh.rr.com> wrote:

> Thanks for your reply. I'd prefer to use the standard ports, so as to
> assure maximum compatibility.


I think it needs pointing out that BitTorrent isn't tied to any
particular port numbers. Port 6881 and subsequent ones is just the
default setting where the Mainline client listens for incoming
connections.

(Note that there are trackers that explicitly refuse clients that
use the default port numbers, because these can be a target for
filtering/traffic shaping by ISPs, so "to assure maximum compatibility"
you actually want to use a different range.)

There are three subcommunications to consider:
(1) The local client connects to the remote tracker. The port number
is specified in the tracker URL in the torrent file.
(2) The local client connects to a remote client. The connection will
be from an ephemeral port to whatever port the remote client has
specified via the tracker.
(3) A remote client connects to the local client. The connection
will be from some random port to whatever port the local client
has specified via the tracker.

--
Christian "naddy" Weisgerber naddy@mips.inka.de

Sponsored Links
 
 

Thread Tools
Display Modes


Similar Threads
Thread Thread Starter Forum Replies Last Post
pf and bittorrent Dave OpenBSD 7 15-09-2007 07:40 AM
pf and bittorrent Dave OpenBSD 8 15-09-2007 07:23 AM
BITTORRENT PROBLEM neil FreeBSD 5 15-09-2007 05:25 AM
BitTorrent Optimized Microprocessor Announced Dark Star Technical Discussions 2 11-01-2007 05:28 PM
May the best BitTorrent Client for Windows is .... ab_6421 Software Releases 14 08-11-2006 08:54 AM


< Home - Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT. The time now is 03:47 AM.


vBulletin, Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © 2005-2016, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional