Router firewall blocking connections even if it is disabled?

[kbl]

Hello,

I got "connectable no"/really slow transfer speeds problems since I reseted my router.

Everything has worked just fine for a year until I had to reset my router to default settings.

I have a cable connection(100mb in the block of flats) with a Buffalo Airstation WHR-G54S router. OS is a Vista business and software firewall F-Secure Client security.

After reseting buffalo I set the router clock, name/passwords, IP address, gateway, dns to access internet and WPA-TKIP AES encryption. I forwarded the port I am using in utorrent, but I can't get connections to my computer anymore.

The color of the network status light in µTorrent's status bar is yellow and sometimes it turn to green tick, but when I do the port portforward test it says ERROR for the port 51001, which i've forwarded.

My Speed guide settings are :

Upload max. 70kt/s

Connections per torrent 50

Active torrents 15

Upload slots 8

Connections 1200

Active downloads 15.

net.max_halfopen is set to 768.

Preferences > BitTorrent

[x] Use DHT

[x] Use DHT as default

[x] LPD

[x] Scrape

[x] PEX

[x] Restrict close connections

Preferences > Connection

[] uPNP

[] NAT-PMP

[] Radom port

[x] Conf Windows firewall

System info:

100mb/1,2,4? cable (4519.1 Kbit/s / 564.9 KB/sec in a foreign country) (21,79 Mbps in / ? out in own country)

Buffalo AirStation WHR-G54S + firewall disabled

Windows Vista + firewall disabled

F-Secure Client Security

I ran the ISP check it was all good.

So, I've done everthing as before, but it seems the router firewall doesn't let the incoming connections thru. Before i was able to download with 2,2mb/s speed and now it's about 1-60kb/s. I can connect only 2 or 3 peers from 11k!

The router firewall is disabled, but in the router tells this every second or two:

2008/12/17 06:35:30 FIREWALL UDP connection denied from 193.16x.xxx.xxx:138 to 193.1xx.xxx.xxx:138 (vlan1)

2008/12/17 06:35:29 FIREWALL UDP connection denied from 193.16x.xxx.xxx:138 to 193.1xx.xxx.xxx:138 (vlan1)

Here's some screens to help out to understand the situation:

Port Forward:

http://i.servut.us/i/nat.jpg

utorrent:

http://i.servut.us/i/utor2.jpg

DCHP:

http://i.servut.us/i/dchp.jpg

Firewall/Intrusion detecter:

http://i.servut.us/i/palomuuri.jpg

LOG:

http://i.servut.us/i/logi.jpg

I don't know what's causing the passive mode. Is it the router firewall?

What should I do? I've been thinking updating firmwire to tomato or dd-wrt, but would it help?

Please help!

[Switeck]

net.max_halfopen needs to be set MUCH LOWER -- preferably 8...but 50 at absolute most! And you *MUST* have already patched windows to handle such a high amount! (Microsoft often REMOVES that patch too!)

The global maximum of connections you allow is excessive for almost any line...and will likely cause your router problems.

You have about 20 megabit/second download?

Sounds like you incorrectly set uTorrent based on your max download.

uTorrent SHOULD be set based on your max sustainable UPLOAD.

2nd link in my signature for closest settings!

Your router is likely blocking uTorrent's DHT UDP packet traffic.

Check www.portforward.com ROUTERS section for how to configure both your router and modem.

Port forwarding to a dynamic DHCP address often DOES NOT WORK on many brands of routers, especially Linksys ones. (I don't recall if Buffalo uses same chipsets as Linksys.)

Any software firewall will likely need to be configured or UNINSTALLED as well.

[kbl]

Changing net.max_halfopen and The global maximum of connections already gave a huge boost!

I downloaded a test with 900kb/s speed!

I'm still "connectable no", but this satisfied me alot!

Now gotta just try to learn more about the functions of my router and find out is there more to do.

Thanks Switeck!

[Switeck]

What's the max upload you've seen in uTorrent?

...both peak and sustained for more than 1 minute amounts?

[kbl]

The download peak is about 2,8mb/s in and upload about 400kb/s out on domestic trackers.

The thing is that the 100mb connection is shared between all the inhabitants in the block of flats. So usually the upload speed is around 70kb/s.

I got a bit confused still because some releases with less peers comes with higher speed than ones that have over 10k peers. The one I'm d/l now and a release has 14,000 peers and I'm connected 30 of them? is that a normal amount?

I'm still a passive user behind NAT and I can only connect to people who are also?

[Switeck]

Based on a max upload speed of 70 KB/sec, the closest (but not over) match in the 2nd link in my signature is 700 kilobits/second upload settings.

You're probably getting high download speeds by connecting to a few local peers+seeds...the ones on >10 megabit/second connections. The other torrents that have >10k peers...probably have lots of peers that are on low-end broadband and/or set their global upload speed to 1 KB/sec.

Yes, 30 connections on a torrent is ok. It's not a good idea to connect to more than 100 peers+seeds at once on a single torrent anyway.

If you're stuck behind a router NAT, you can only download/upload with unfirewalled peers and seeds. Teredo/IPv6 can allow 2 firewalled peers to connect to each other, but it's a special exception...and most people's BitTorrent clients don't support that. (It was only added starting with uTorrent v1.8.)