Incoming connections on random ports (iptables / firewall)

Mon Sep 05, 2011 1:40 am

I played a bit with iptables and set up my simple firewall. Everything seems to work fine, exept I see in my logs blocked incoming connections on various ports when I run KTorrent or qBittorrent.

The default policy of my iptables firewall is to accept all outgoing connections and drop all incoming connections:

And then I made four exception rules for incoming traffic:
1. Open torrent listening and DHT port on 33333 :

2. Open port 1900 (UPnP) to let application forward port 33333 on my router:

3. Open port 6771 for local peer discovery:

4. I'm not sure why Ktorrent and Qbittorrent use port 5353 (mDNS) but it's open:

So everything seems ok:
1. router says port 33333 is forwarded with UPnP/NATPMP
2. both applications QBT and KT don't report errors and speeds are good

However in iptables' logs I see blocked incoming tcp connections on various ports with RST flag when torrent applications are running. After some time there are rather many of them. Example:

Is everything really OK? Why they keep connecting on these ports?

sisquo Registered Member Posts 7 Karma 0	Incoming connections on random ports (iptables / firewall) Mon Sep 05, 2011 1:40 am I played a bit with iptables and set up my simple firewall. Everything seems to work fine, exept I see in my logs blocked incoming connections on various ports when I run KTorrent or qBittorrent. The default policy of my iptables firewall is to accept all outgoing connections and drop all incoming connections: Code: Select all `iptables -P INPUT DROP iptables -P OUTPUT ACCEPT` And then I made four exception rules for incoming traffic: 1. Open torrent listening and DHT port on 33333 : Code: Select all `iptables -A INPUT -p tcp -m tcp --dport 33333 -j ACCEPT iptables -A INPUT -p udp -m udp --dport 33333 -j ACCEPT` 2. Open port 1900 (UPnP) to let application forward port 33333 on my router: Code: Select all `iptables -A INPUT -p udp -m udp --dport 1900 -j ACCEPT iptables -A INPUT -p udp -m udp --sport 1900 -j ACCEPT` 3. Open port 6771 for local peer discovery: Code: Select all `iptables -A INPUT -p udp -d 239.192.152.143 -m udp --dport 6771 -j ACCEPT` 4. I'm not sure why Ktorrent and Qbittorrent use port 5353 (mDNS) but it's open: Code: Select all `iptables -A INPUT -p udp -d 224.0.0.251 -m udp --dport 5353 -j ACCEPT` So everything seems ok: 1. router says port 33333 is forwarded with UPnP/NATPMP 2. both applications QBT and KT don't report errors and speeds are good However in iptables' logs I see blocked incoming tcp connections on various ports with RST flag when torrent applications are running. After some time there are rather many of them. Example: Code: Select all Source Destination Protocol Src port Dst port Flag? SRC=99.232.106.155 DST=192.168.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=59321 DF PROTO=TCP SPT=51413 DPT=37595 WINDOW=0 RES=0x00 RST URGP=0 SRC=61.91.88.84 DST=192.168.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=16881 DPT=56132 WINDOW=0 RES=0x00 RST URGP=0 SRC=190.160.2.34 DST=192.168.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=TCP SPT=16883 DPT=60772 WINDOW=0 RES=0x00 RST URGP=0 SRC=24.241.224.94 DST=192.168.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=0 DF PROTO=TCP SPT=58413 DPT=51258 WINDOW=0 RES=0x00 RST URGP=0 SRC=189.114.229.131 DST=192.168.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=16882 DPT=50673 WINDOW=0 RES=0x00 RST URGP=0 SRC=67.168.196.84 DST=192.168.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=51413 DPT=45880 WINDOW=0 RES=0x00 RST URGP=0 SRC=61.91.88.84 DST=192.168.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=TCP SPT=16881 DPT=47019 WINDOW=0 RES=0x00 RST URGP=0 SRC=124.8.223.130 DST=192.168.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=TCP SPT=16882 DPT=35384 WINDOW=0 RES=0x00 RST URGP=0 SRC=81.218.49.43 DST=192.168.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=16883 DPT=54771 WINDOW=0 RES=0x00 RST URGP=0 SRC=81.218.49.43 DST=192.168.1.103 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=16883 DPT=48113 WINDOW=0 RES=0x00 RST URGP=0 Is everything really OK? Why they keep connecting on these ports?
George Moderator Posts 5421 Karma 1	Re: Incoming connections on random ports (iptables / firewal Mon Sep 05, 2011 5:22 pm Those are incoming reset packets, I would guess they are from failed connection attempts. You should let these through though, that way ktorrent will know quickly if a connect failed. Otherwise you will have to wait for the 30 second connection timeout, which will slow down connecting to peers.
sisquo Registered Member Posts 7 Karma 0	Re: Incoming connections on random ports (iptables / firewal Tue Sep 06, 2011 11:54 am Thanks for the answer. I will try to fix this problem somehow. In fact it seems my download speed is somehow affected. Solving it may be difficult because of various ports and ips of connections and the only common thing is rst flag (or ack fin/ack rst). It also surprises me than nobody mentioned about this problem anywhere because it clearly shows that forwarding/opening one port for listening/dht is not enough for torrents. EDIT: I also forgot to write in the first post that I have allowed all incoming related and established connections: Code: Select all `iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT`

Incoming connections on random ports (iptables / firewall)

Page 1 of 1 (3 posts)

Incoming connections on random ports (iptables / firewall)

Re: Incoming connections on random ports (iptables / firewal

Re: Incoming connections on random ports (iptables / firewal

Bookmarks

Who is online