pf and bittorrent - BSD

This is a discussion on pf and bittorrent - BSD ; Hello, I've got an obsd pf gateway. Behind it is a centos5 client that i want to be able to use bittorrent. I've added rules to my pf.conf redirecting incoming bittorrent ports 6881 through 6999 to the centos box, and ...

+ Reply to Thread
Results 1 to 9 of 9

Thread: pf and bittorrent

  1. pf and bittorrent

    Hello,
    I've got an obsd pf gateway. Behind it is a centos5 client that i want
    to be able to use bittorrent. I've added rules to my pf.conf redirecting
    incoming bittorrent ports 6881 through 6999 to the centos box, and allowing
    outgoing traffic, yet i get no downloads, and errors when trying to connect
    to the trackerless server or something like that. Does anyone have this
    working?
    Thanks.
    Dave.



  2. Re: pf and bittorrent

    On Aug 1, 7:38 am, "Dave" wrote:
    > Hello,
    > I've got an obsd pf gateway. Behind it is a centos5 client that i want
    > to be able to use bittorrent. I've added rules to my pf.conf redirecting
    > incoming bittorrent ports 6881 through 6999 to the centos box, and allowing
    > outgoing traffic, yet i get no downloads, and errors when trying to connect
    > to the trackerless server or something like that. Does anyone have this
    > working?
    > Thanks.
    > Dave.


    You need to allow incoming traffic from ports 6881 to 6999.

    G. Aubert.


  3. Re: pf and bittorrent

    Hello,
    Thanks for your reply. Here are my pf rules for bittorrent.

    bittorrent = "192.168.0.4/32"
    bittorrent_port = "6881:6999"

    # bittorrent
    rdr on $ext_if inet proto tcp from any to any port $bittorrent_port ->
    $bittorrent port $bittorrent_port
    rdr on $ext_if inet proto udp from any to any port $bittorrent_port ->
    $bittorrent port $bittorrent_port

    # bittorrent
    pass in quick on $ext_if inet proto tcp from any to $bittorrent port
    $bittorrent_port flags S/Sa keep state
    pass in quick on $ext_if inet proto udp from any to $bittorrent port
    $bittorrent_port keep state

    # bittorrent
    pass out quick on $int_if inet proto tcp from any to $bittorrent port
    $bittorrent_port Flags S/SA keep state
    pass out quick on $int_if inet proto udp from any to $bittorrent port
    $bittorrent_port keep state

    Thanks.
    Dave.

    "Guillaume Aubert" wrote in message
    news:1185960213.004600.90550@r34g2000hsd.googlegro ups.com...
    > On Aug 1, 7:38 am, "Dave" wrote:
    >> Hello,
    >> I've got an obsd pf gateway. Behind it is a centos5 client that i
    >> want
    >> to be able to use bittorrent. I've added rules to my pf.conf redirecting
    >> incoming bittorrent ports 6881 through 6999 to the centos box, and
    >> allowing
    >> outgoing traffic, yet i get no downloads, and errors when trying to
    >> connect
    >> to the trackerless server or something like that. Does anyone have this
    >> working?
    >> Thanks.
    >> Dave.

    >
    > You need to allow incoming traffic from ports 6881 to 6999.
    >
    > G. Aubert.
    >




  4. Re: pf and bittorrent

    Dave wrote:
    > Hello,
    > I've got an obsd pf gateway. Behind it is a centos5 client that i want
    > to be able to use bittorrent. I've added rules to my pf.conf redirecting
    > incoming bittorrent ports 6881 through 6999 to the centos box, and allowing
    > outgoing traffic, yet i get no downloads, and errors when trying to connect
    > to the trackerless server or something like that. Does anyone have this
    > working?


    I see you are discussing this else-thread, but for reference, here are
    the germane parts of my pf.conf for BitTorrent:

    BitTorrent="50001"

    # BitTorrent
    rdr on $ext_if inet proto { udp, tcp } from any to $ext_if port
    $BitTorrent -> ($int_if:network) port $BitTorrent

    # Allow BitTorrent traffic, and shortcut the rest of the rules
    pass in quick on $ext_if inet proto { tcp, udp } from any to any port
    $BitTorrent

    I'm not sure if this is ideal or not, but it works. In the past I had
    to redirect to specific internal hosts, but the wildcarding seem to work
    ok. Note I changed the BitTorrent port to 50001. I found I did not
    seem to need a range. I'm probably not letting myself connect to as
    many peers, but (as I said) this works Good Enough for me.

    --
    clvrmnky

    Direct replies will be blacklisted. Replace "spamtrap" with my name to
    contact me directly.

  5. Re: pf and bittorrent

    Hi,
    Thanks for your reply. I'd prefer to use the standard ports, so as to
    assure maximum compatibility. I've added the rules, which bittorrent client
    do you use is it on a linux box and how is it invoked?
    Thanks.
    Dave.

    "Clever Monkey" wrote in message
    news:Rx4si.20322$13.3835@nnrp.ca.mci.com!nnrp1.uun et.ca...
    > Dave wrote:
    >> Hello,
    >> I've got an obsd pf gateway. Behind it is a centos5 client that i
    >> want to be able to use bittorrent. I've added rules to my pf.conf
    >> redirecting incoming bittorrent ports 6881 through 6999 to the centos
    >> box, and allowing outgoing traffic, yet i get no downloads, and errors
    >> when trying to connect to the trackerless server or something like that.
    >> Does anyone have this working?

    >
    > I see you are discussing this else-thread, but for reference, here are the
    > germane parts of my pf.conf for BitTorrent:
    >
    > BitTorrent="50001"
    >
    > # BitTorrent
    > rdr on $ext_if inet proto { udp, tcp } from any to $ext_if port
    > $BitTorrent -> ($int_if:network) port $BitTorrent
    >
    > # Allow BitTorrent traffic, and shortcut the rest of the rules
    > pass in quick on $ext_if inet proto { tcp, udp } from any to any port
    > $BitTorrent
    >
    > I'm not sure if this is ideal or not, but it works. In the past I had to
    > redirect to specific internal hosts, but the wildcarding seem to work ok.
    > Note I changed the BitTorrent port to 50001. I found I did not seem to
    > need a range. I'm probably not letting myself connect to as many peers,
    > but (as I said) this works Good Enough for me.
    >
    > --
    > clvrmnky
    >
    > Direct replies will be blacklisted. Replace "spamtrap" with my name to
    > contact me directly.




  6. Re: pf and bittorrent

    I think BitTorrent don't use UDP

    This is my old rules :

    rdr on $ext_if proto tcp from any to ($ext_if) port 6881:6889 -> $P2P
    port 6881:*

    pass in quick on $ext_if proto tcp from any to $user_ip port
    6880><6890 flags S/SA keep state

    But now I use only one port with uTorrent with success :

    rdr on $ext_if proto tcp from any to ($ext_if) port $PORT -> $user_ip
    port $PORT

    pass in quick on $ext_if proto tcp from any to $user_ip port $PORT
    keep state

    G. Aubert.



  7. Re: pf and bittorrent

    Guillaume Aubert wrote:

    > I think BitTorrent don't use UDP


    There are at least two common extensions to the basic BT protocol
    that use UDP:

    * The client and tracker can optionally communicate over UDP. Given
    the simple request/reply protocol, this makes sense, but despite
    fairly widespread client support, UDP trackers are rare.

    * The "trackerless" mode introduced by the mainline client has the
    nodes communicate over UDP.

    --
    Christian "naddy" Weisgerber naddy@mips.inka.de

  8. Re: pf and bittorrent

    Dave wrote:
    > Thanks for your reply. I'd prefer to use the standard ports, so as to
    > assure maximum compatibility. I've added the rules, which bittorrent client
    > do you use is it on a linux box and how is it invoked?
    > Thanks.
    >

    Nope, I use a fancy GUI on OS X. OBSD just has to forward those packets
    to the right host.

    Contrary to my last comment, if I change the ruleset to rdr BT traffic
    to a specific hostort, I (surprise!) get more peer connections.

    I think folks recommend using the non-default ports because so many ISPs
    will block them. I suspect traffic-shaping is becoming more common,
    so this is unlikely to be an issue over time. Though, I guess this is
    why many apps recommend you bump the port you use to a single
    "ephemeral" port. Since you announce your IP and port to peers, they
    know which one to talk to you back on.
    --
    clvrmnky

    Direct replies will be blacklisted. Replace "spamtrap" with my name to
    contact me directly.

  9. Re: pf and bittorrent

    Dave wrote:

    > Thanks for your reply. I'd prefer to use the standard ports, so as to
    > assure maximum compatibility.


    I think it needs pointing out that BitTorrent isn't tied to any
    particular port numbers. Port 6881 and subsequent ones is just the
    default setting where the Mainline client listens for incoming
    connections.

    (Note that there are trackers that explicitly refuse clients that
    use the default port numbers, because these can be a target for
    filtering/traffic shaping by ISPs, so "to assure maximum compatibility"
    you actually want to use a different range.)

    There are three subcommunications to consider:
    (1) The local client connects to the remote tracker. The port number
    is specified in the tracker URL in the torrent file.
    (2) The local client connects to a remote client. The connection will
    be from an ephemeral port to whatever port the remote client has
    specified via the tracker.
    (3) A remote client connects to the local client. The connection
    will be from some random port to whatever port the local client
    has specified via the tracker.

    --
    Christian "naddy" Weisgerber naddy@mips.inka.de

+ Reply to Thread