Correct port to open, something wrong...
Page 1 of 1 (9 posts)
Tags:
None
Registered Member 
|
Hi !
According to the panel in Download Options Ktorrent use port 6881 TCP to listen and port 4444 UPD for DHT Network (referred to default setting, of course). On Iptables i have opened : -TCP range port from 6881 to 6889 -TCP port 6969 -UDP port 4444 All the setting permit in/out traffic. Now...Ktorrent give always the Status : Stalled, also the tracker figures out as "unconnectable"... This whit all the torrent, and all the tracker i have tried (5 total). With the firewall disabled, Ktorrent connect fast, and download/upload perfectly. So...what are exactly the correct port i should open ? tnx 
|
|
Moderator
|
|
|
Registered Member
|
Hi George, tnx for the reply
the port allowed for HTTP traffic in torrent are the same allowed for the browser (i think ?..) : 80, 8080, 8008, 8000, 8888 TCP These port were opened. Maybe i should open even the 443 TCP for the HTTPS ? (or set other port for the browser ?) Only one thing : in the "Local" settings (loopback) there are no port opened, but the client seem listen anyway...so i didn't touch these setting... is ok ? ################# and... tcp 0 1 [my IP address]:4022 10.0.1.128:1027 SYN_SENT 7457/ktorrent this what i get when the Manual Announce is active.... |
|
Moderator
|
Most trackers probably use other ports, in the infowidget you can see the tracker URL's. I currently have 2 torrents running one is on port 8082 the other one is on 3391.
We bind on all IP addresses, we do not bind on a specific IP address, so also on the loopback device.
Last edited by George on Fri May 26, 2006 8:10 am, edited 1 time in total.
|
|
Registered Member
|
yes, i think it's the problem, but... what is this "infowidget" thing ? I opened the .torrent file using an text editor, and the first row say : d8:announce77:http://name.tracker.org:6996 so, the port to open is 6996 TCP ? But no effect take place if i open this port, the status of the tracker is still the same. |
|
Moderator
|
The thing with the progress bars at the bottom of the up and download tabs. It has a tab named trackers, there you can see all the trackers.
It could be that the tracker isn't reachable. You need to make sure you can do outgoing TCP connections to the tracker at port 6996. |
|
Registered Member
|
I changed client, but always the same result : the tracker is still off-reach...
(tried BitTornado e ABC) so i think it's definitively a problem of iptable configuration... ? anyway, the port opened for Ktorrent are (theorically) correct : TCP 6881-6969 TCP 6996 (as the tracker needed) TCP for browser UDP 4444 in & out traffic allowed. |
|
Registered Member
|
Allowing outbound tcp connections to 6996 should do the trick, but it'd be worth confirming that your firewall isn't blocking the tracker requests.
Use a web-browser to connect to http://name.tracker.org:6996 or telnet name.tracker.org 6996 You won't get much useful info, but if it connects at all, then the firewall isn't blocking that port. If it fails, try it without the firewall again just to be sure the tracker is up. Note, the ports you set for ktorrent in your inbound firewall are mainly for other people's clients to talk to your ktorrent; if you want to connect to other clients, you're going to need to open for outbound ALL the ports they use - and there's an awful lot of those, as non-standard ports are a way to get past basic ISP port-based bandwidth limiting. You're probably going to need to allow all outbound ports from your linux box to practically be able to use a P2P app, or you're going to have a LOT of manual outbound ports to allow. |
|
Registered Member
|
Upon reflection, a quick rundown of how firewalls work help.
outbound connections: Your internet interface ---> Outside world inbound connections: You <--- Outside world A firewall sits between those two links. If you're sending a webpage request to say www.google.com:80 (the standard http port), that's an outbound connection. So your machine needs to be able to send data outbound to port 80, i.e. port 80 on the server. If you are hosting a webserver on your linux box, you would need to allow inbound port 80 requests, so that other people could send data through your firewall to the webserver daemon on port 80. Port 80 is the standard webserver port. There are a ton, usually listed under /etc/services. Blocking most inbound connections with a firewall is desirable, otherwise any daemon running on your box is accessible from the outside world. This can lead to people hacking your box if any daemon has a flaw, or that daemon allows access to files you'd rather they not have. Samba, for example. Of course, some daemons you want other people to access. Ktorrent running on port 6881 is one, for example. This is why you default block inbound connections, and only allow those ports you want, such as TCP traffic inbound to 6881. Blocking outbound connections by default means your box, i.e. you, cannot connect to any service/daemon running on the outside world. If you allow port 80 outbound, you'll be able to connect to servers running on the standard port, but nothing else. This is useful if you don't trust the applications on your box (i.e. spyware on windows) or you don't trust the users (if you're setting up a server for an ISP). In circumstances where you need to connect to a lot of other people in the outside world using non-standard ports, such as using a P2P app, you could spend forever manually adding all the ports to your allow list. Given it's linux and not particularly prone to spyware, and assuming it's largely a single user computer, you can reasonably safely allow any and all outbound traffic to any port, while still mostly blocking inbound traffic. Just keep an eye on the outbound logs for traffic you're not expecting. |
Page 1 of 1 (9 posts)
Bookmarks
Who is online
Registered users: Bing [Bot], daret, Google [Bot], sandyvee, Sogou [Bot]
