for some reason i'm never able to get it past the magic 540 range. never. tried everything. limits are set to zero. upload is set to around 15k and download is set to unlimited.


router/firewall is obsd's pf. i can provide a copy of the set options if needed.

i have about 10 tasks, each task is reporting 3000 seeders along with about that number of leechers.

downloads are about 1/2 finished, again, about 500 connections, but 1k/sec.

fire up my ubuntu torrent. races in at much higher speeds. so i know nothing is bottle necked with bandwidth. i'm just lost as to why if the connections are avaiable, why aren't they being made?

Hmmm, is this a ktorrent problem or a ISP problem? Do you have this also with let say qbittorrent?

tried differnet isp's, different networks, even tried unloading my pf rules and also default scripts.


all the same, never goes past 540 or so.

same with differnet versions of kernels .
same results with different network cards .
same results with latest ktorrent and kde libs, etc etc.

same results with different clients.

and again ,right now, a whole new slew of torrents loaded, and statstics are report 513 connections.


i'd say it's a torrent thing if it's the same torrents ,but i'm reloading different torrents with different trackers and peers, and getting the same results.

!?!?

Why on earth would you want 500 connections to begin with? I only use 150 connections and I have gigabit internet.

More connections != better.

You are probably running into some limits of your operating system. The maximum number of open files per application is limited in linux, and this is probably the same in openbsd. And network connections are counted as open files.

i have openbsd recompiled for an insane amount of connections for tcpstack
i've recompield the linux kernel as well with higher values.


pf rules based from this , and i've tried a blank pf.conf with pass rules on both interfaces. same results.


# macros
ext_if="..."
wlan_if="..."
vpn_if="..."

kwanza_ipv4="(" $wlan_if ")"

ext_ipv4="(" $ext_if ")"
wlan_ipv4="(" $wlan_if ")"
wlan_network="..../24"

toys_ipv4="...."
pushpop_ipv4="...."
mi3_ipv4="...."

icmp_state="keep state"
syn_state="flags S/SA synproxy state"
tcp_state="flags S/SA modulate state"
udp_state="keep state"

my_ftp_proxy="...."
my_ssh="..."

bittorrent_tcp="...:..."
bittorrent_udp="..."
dcc="...:..."
gnutella="..."
openft_main="...."
openft_http="...."

### Stateful Tracking Options ###
ext_if_STO ="(max 9000, source-track rule, max-src-conn 2000, max-src-nodes 254)"
wlan_if_STO ="(max 250, source-track rule, max-src-conn 100, max-src-nodes 254, max-src-conn-rate 75/20)"
spamd_STO ="(max 500, source-track rule, max-src-conn 10, max-src-nodes 300, max-src-conn-rate 2/300, tcp.established 10)"
ssh_STO ="(max 10, source-track rule, max-src-states 10, max-src-nodes 5, max-src-conn-rate 20/60, overload <OVERLOAD_SSH> flush global)"

#tables
table <authpf_users> persist
table <BLACKLIST> persist file "/etc/blacklist"
table <SLOWQUEUE> persist file "/etc/slowqueue"
table <OVERLOAD_SSH> persist file "/etc/overloaded_ssh"

### Options
set debug urgent
set require-order yes
set block-policy drop
set loginterface $ext_if
set state-policy if-bound
set fingerprints "/etc/pf.os"
set ruleset-optimization none

# Timeout Options
set optimization aggressive
set timeout { frag 10, tcp.established 3600 }
set timeout { tcp.first 30, tcp.closing 30, tcp.closed 30, tcp.finwait 30 }
set timeout { udp.first 30, udp.single 30, udp.multiple 30 }
set timeout { other.first 30, other.single 30, other.multiple 30 }
set timeout { adaptive.start 5000, adaptive.end 10000 }

set skip on lo

# scrub
scrub log on $ext_if all random-id min-ttl 254 max-mss 1454 reassemble tcp fragment reassemble
#scrub in

### Queueing
altq on $ext_if priq bandwidth 200Kb queue { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 priq(default)

# nat/rdr
nat on $ext_if from !($ext_if) -> ($ext_if:0)
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat-anchor "authpf/*"
binat-anchor "authpf/*"
rdr-anchor "authpf/*"

### Routing
rdr on { $wlan_if, $vpn_if } \
proto tcp \
to port ftp \
-> 127.0.0.1 port $my_ftp_proxy
rdr on $wlan_if \
inet proto tcp \
from ! <authpf_users> \
to any port http \
-> $kwanza_ipv4 port http

# p2p
rdr on $ext_if \
inet proto tcp \
from any \
to $ext_ipv4 port $bittorrent_tcp \
-> $toys_ipv4 port $bittorrent_tcp
rdr on $ext_if \
inet proto udp \
from any \
to $ext_ipv4 port $bittorrent_udp \
-> $toys_ipv4 port $bittorrent_udp

rdr on $ext_if \
inet proto tcp \
from any \
to $ext_ipv4 port $dcc \
-> $toys_ipv4 port $dcc

rdr on $ext_if \
inet proto tcp \
from any \
to $ext_ipv4 port $gnutella \
-> $toys_ipv4 port $gnutella

rdr on $ext_if \
inet proto tcp \
from any \
to $ext_ipv4 port $openft_http \
-> $toys_ipv4 port $openft_http

rdr on $ext_if \
inet proto tcp \
from any \
to $ext_ipv4 port $openft_main \
-> $toys_ipv4 port $openft_main

anchor "ftp-proxy/*"
anchor "authpf/*" in on $wlan_if


# Block to/from illegal sources/destinations
block quick inet6
block in log quick from no-route to any
block in log quick on $ext_if from <SLOWQUEUE> to any probability 97%
block in quick on $ext_if from <BLACKLIST> to any
block in quick on $ext_if from any to 255.255.255.255
block return in quick on $wlan_if from any to <BLACKLIST>
block return in quick on $wlan_if from any to 224.0.0.1

# filter rules
block log quick from <abusers>
block all

#*
# allow outgoing packets to the internet
#pass out on $ext_if proto tcp all flags S/SA modulate state
pass out on $ext_if \
from $toys_ipv4 \
keep state \
queue (q_def, q_pri) \
label "wifi.vpn_from_toys $proto:$dstport"
pass out on $ext_if \
from $pushpop_ipv4 \
keep state \
queue (q_def, q_pri) \
label "wifi.vpn_from_pushpop $proto:$dstport"
pass out on $ext_if \
from $mi3_ipv4 \
keep state \
queue (q_def, q_pri) \
label "wifi.vpn_from_mi3 $proto:$dstport"
pass out on $ext_if proto tcp from $ext_if to any \
$tcp_state \
queue (q_def, q_pri) \
label "extif_out_from_other $proto:$dstport"
pass out on $ext_if proto { udp, icmp } all keep state

anchor "ftp-proxy/*"

pass quick on lo
pass in on $ext_if \
to $toys_ipv4 \
label "wifi.vpn_to_toys $proto:$dstport"
pass in on $ext_if \
to $pushpop_ipv4 \
label "wifi.vpn_to_pushpop $proto:$dstport"
pass in on $ext_if \
to $mi3_ipv4 \
label "wifi.vpn_to_mi3 $proto:$dstport"
antispoof quick for { lo, $wlan_if, $vpn_if}

#pass in on $ext_if inet proto tcp from any to ($ext_if) \
# port $tcp_services flags S/SA keep state

#pass in quick on $wlan_if inet proto udp \
# from <authpf_users> \
# to $kwanza_ipv4 port domain $udp_state $wlan_if_STO \
# label "wifi.named $proto:$dstport"
#

#allow http connection to local server
pass in quick on $wlan_if inet proto tcp \
from ! <authpf_users> \
to $kwanza_ipv4 port http $tcp_state \
label "wifi.disallow.http $proto:$dstport"

#allow (but limit) ssh connections
pass in quick on $wlan_if inet proto tcp \
from $wlan_if:network to $wlan_if port ssh \
$syn_state $ssh_STO \
label "wifi.allow.ssh $proto:$dstport"

pass in quick on $ext_if \
inet proto tcp \
from any \
to $toys_ipv4 port $dcc \
$tcp_state \
label "toys.dcc $proto:$dstport"
pass in quick on $ext_if \
inet proto tcp \
from any \
to $toys_ipv4 port $gnutella \
$tcp_state \
label "toys.gnutella $proto:$dstport"
pass in quick on $ext_if \
inet proto tcp \
from any \
to $toys_ipv4 port $openft_main \
$tcp_state \
label "toys.openft_main $proto:$dstport"
pass in quick on $ext_if \
inet proto tcp \
from any \
to $toys_ipv4 port $openft_http \
$tcp_state \
label "toys.openft_http $proto:$dstport"
pass in quick on $ext_if \
inet proto tcp \
from any \
to $toys_ipv4 port $bittorrent_tcp \
$tcp_state \
queue q_tor_out \
label "toys.bittorrent_tcp $proto:$dstport"

pass in quick on $ext_if \
inet proto udp \
from any \
to $toys_ipv4 port $bittorrent_udp \
$udp_state \
label "toys.bittorrent_udp $proto:$dstport"