Router IP gets banned all the time

[Mr_T]

Hi,

I think this is affecting more people ...

I regularly get my internal router IP blocked with the result that incoming connections get marked at [FAKE] even they are not fake.

The setup on the router is easy (it's a Novell BorderManager)

PublicIP: a.b.c.d

PrivateIP: k.l.m.n

port forwarded: 9999

Appropriate filters are set - works like a charm. I see incoming connection, I can connect, download, upload - everything works. Every incoming connection has the PrivateIP for uTorrent and not the public one of the original sender. If a FAKE is identified as such it will be banned - but it is known as the PrivateIP of the router!

I already set bt.allow_same_ip *true but this does_not help. Logger continues to log:

IpFilter blocked peer k.l.m.n

... a thousand times a day!

This is only if using ipfilter.enable true ... it does not log it if this is set to false. But I also don't want to leave that off.

It is just that if a FAKE connects and is banned, the PrivateIP is banned - thus not allowing any more incoming connections.

Any way to work around this? Any plans to exclude local (LAN) addresses from being banned? Or how does uTorrent handles blocked local connections?

I know this creates another risk - but it would be good to have at least have this option.

Thanks ... Mr_T

[Ultima]

Yep reported before.

http://forum.utorrent.com/viewtopic.php?id=11057

http://forum.utorrent.com/viewtopic.php?id=11149

[Mr_T]

I found them - after longer searching.

But there should at least be an option to not_ban_lanIP ... as said - I can imagine that many people have this issue (most of them without knowing as it continues to work) as most of the routers are not real_routers but implement an ip-forwarding capability to to PAT or reverse NAT for single ports. Even big firewalls implement it (like PIX) this way and do hide the originators IP.

I switched off ipfilters and the people connect again, upload and download goes to nice rates.

[Mr_T]

Another comment ....

if hte router IP gets blocked, the network checker does not work anymore and you get small yellow triangle instead of the green checkmark.

Seeing that many people have this issue - it might come from that here. So - my advise - please look at this as it most likely will solve other peoples issues with forwarding and not seeing incoming connections as well.

[Stone]

http://forum.utorrent.com/viewtopic.php?id=458

-Please don't double post.

[Mr_T]

As no really good reaction on other posts - this is posted under BUGS - as it is one more people are affected by and deserves at least some attention not just nasty comments.

If people would actually write something useful into the title and not just "this sucks" or "help ..." ... one could find a post.

And in the end you wonder by yourself where all the leechers are coming from if inbound connections are getting blocked by ipfilter OR why people complain about bad perfromance - sure, if you don't allow anyone (as they are blocked) to connect to you performance will suffer quite a bit. This makes ipfilter useless for people behind a router (if not transparent).

It really isn't that difficult to have persistent exceptions.

[DreadWingKnight]

For ipfilter blocking incoming connections that come through the router, that isn't a bug in the IPFilter support. It's a bug in the router.

Unless you have a very specific reason to, you should not have RFC1918 addresses blocked in ipfilter at all, so it's as much user error as it is anything else.

I have my router's IP blocked in my ipfilter and do not get any problems with incoming connections.

[Mr_T]

Well - bad expressed in my last comment (shame on me) I did not mean incoming connections are blocked - they get banned after some time. They are working fine - I just see that if one gets banned no more are possible - not for any torrent which is running - as the one that gets banned is my_router_address which is used for every single incoming connection. This is bad and makes me a damn leecher. The router IS_NOT the issue as incoming connections are working fine.

No, I don't block private address ranges (if you are refering to cat 1/2 address ranges 10., 172.16., 192.168.). The router IP gets banned by itself after some time if ipfilter is active and some incoming connection are banned because of distributing bad data. This does_not happen if ipfilter is disabled.

[rseiler]

Since this appears now to be the master thread referencing the other older ones, I thought I'd post here.

I've noticed the same thing, and while it may or may not matter to anything that 192.168.1.1 is listed practically on every other line of the log, it's cluttering things up. I'd like the log to reflect only the real addresses.

Rather than delete that line every single time in ipfilter.dat, which due to the frequency of updates would be cumbersome, not to mention that the line includes some 192.167.* IPs I want to keep (192.167.224.000 - 192.168.255.255), is there something that can be configured in the router, perhaps, to workaround the problem? Apparently there's nothing in uTorrent that can be set, though we have had a year of updates since these threads, so perhaps there is now, I don't know.

I noticed the guy in this thread (http://forum.utorrent.com/viewtopic.php?id=9595) did something like that, but I think he was talking about a firewall (which unlike a router blocks outgoing access in addition to incoming), and I think he has a static external IP (mine's not).

[jewelisheaven]

Hrm, what version are you using. uT has been auto-banning LAN IP and WAN IP on your currently running port for... a while now.

As far as your question of where to put it.. I think you're confusing two separate things. ipfilter is for keeping peers from connecting to you. The Logger tab allows you to specify what messages you see. Generally speaking most people don't need anything enabled, but enabling "Errors" allows you to know when things fail that you expect to work (webui, rss, etc), verbose is for... well other things (good mesasges), and peer traffic... most things inconsequential to everyday usage.

If you are annoyed at seeing said ipfilter / rangeblock messages you can feel free to test the new 1.8 line which has added and changed the way certain messages appear / are viewed. Merry Christmas or a Happy Festivus

[Switeck]

I found a messy workaround for this that sort-of works for me...add my internet ip to ipfilter.dat

...and possibly add all LAN ips as well to ipfilter.dat

Out of sight, out of mind!

µTorrent just needs to do a better job of recognizing what ip it's running on (both LAN and internet ip) and then quit hammering it.

[rseiler]

@jewelisheaven, thanks for responding. You certainly have a greater grasp of this topic than me, so please bear with me.

I'm using 1.7.5. I don't have anything checked on a right-click in the Logging tab -- I'm only talking about the IPs listed there as a result of matches made against a range listed in Ipfilter. I do want to see the IPs listed there, just not the one for my router.

It sounds like with 1.8 though ("move IpFilter and RangeBlock blocked messages to Peer Traffic") that I'm not going to be see any of them listed unless I enable Peer Traffic, which I wouldn't do ordinarily since it's too much detail, but there's now finer control so that you can make it list only the IPs blocked by IPFilter like 1.7.5 does without checking anything. But wouldn't that still leave the same issue of seeing my router's address among those IPs (given that 192.168.x.x is in IPFilter, which it is in most lists)?

@Switeck, the approach I've taken for now is to liberate the search-and-replace script here:

http://www.microsoft.com/technet/scriptcenter/resources/qanda/feb05/hey0208.mspx

I then added it to the batch file I use to retrieve the ipfilter. The line looks like this:

cscript replace.vbs "%APPDATA%\uTorrent\ipfilter.dat" "192.168.255.255" "192.167.255.255"

So the snippet I quoted in my first message becomes "192.167.224.000 - 192.167.255.255" and 192.168.x.x is ignored.