Jump to content

Tracker announces through SSH tunnel


Recommended Posts


I have the following problem:

My computer is on an intranet, behind proxy, firewall etc.

But, I have a root ssh access to a server, where every port is open.

My idea was the following: through SSH TCP forwarding I redirect a port from the server for the bittorrent connections. This works fine, but the problem is that the tracker cannot be connected because of the proxy, and because of that, i cannot get the peer list from the tracker.

The problem is that utorrent uses random source ports for http tracker announces (as any browser does). Somehow I have to force utorrent to use a specific source port for tracker announces, because I have to forward a port for tracker announces too, but I cannot do that if utorrent changes the source port every time.

Someone has an idea how to do that?

Thank you!


Link to comment
Share on other sites

I found a way which is not the perfect method, but it works:

First make a profile in Putty, then go to Putty --> Connection --> SSH --> Tunnel:

Source port: 8080


Dynamic X

Auto X

Press the "Add button"

Save the profile then connect to the SSH server.

When the connection to the SSH server made, it acts as a Sock4 or Sock5 proxy server, and all programs which set to use this Sock server, will going through the SSH tunnel.

Sock 4/5 settings on client side:


Port: 8080

Unfortunantely I was in passive state (even if I set the utorrent port to 8080), but nonetheless I can download with that method at almost line speed (~100Mbit/s) in the office :-)

If I will manage to get active, I will tell that too.


Link to comment
Share on other sites

Passive? As in can't get incoming connections? Putty lets you configure to have ports forwarded from the server you connect to if the server allows it. I haven't actually tried it though, no SSH server for me to test on. Let me know if it works out (unless you're having a different problem..): http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter3.html#using-port-forwarding

Link to comment
Share on other sites

Because I dont't want to play on the workplace network, I continued to solve the problem first at home:

1. I have a router PC which is NAT-ing for my local lan and sharing my internet connection. First I turned off NAT and the port forwarding service, this is how I made a smiliar environment as my office lan: there is no accepted inbound and outbound connections allowed (because the proxy catch it).

2. FIrst I do the same trick, like at my workplace: from the client I made an SSH connection to the server (which has all its ports open) and made a dynamic port forward to force the SSH server to act like a Socksv4/v5 proxy server.

This is - as at my worplace - worked fine: when I set my browser to use the sock server, everything started to work (without NAT or portforward or anything).

uTorrent also worked, but only in passive mode.

3. Because I have the right, and the server has all it's ports open, now I tried to forward some port from the server to the client and back to actually make my connection active:

I forwarded the server's port 60000 to my local 60000 port, and my local 60000 port to the server's 60000 port.

It means if there is any connection attempt goes to my server's 60000 port, it will be forwarded to my local ( 60000 port, and vice versa.

Now I set the incoming port in utorrent to 60000, set the proxy address to, checked to resolv names through the proxy server, but unchecked to use proxy for peer-to-peer.

Save, restart utorrent.

But the "port check page" still shows that I am passive.

I go to utorrent's advanced settings,

and set net.bind_ip and net.outgoing_ip to (because port 60000 is forwarded to and from the address) and set the net.outgoing_port to 60000

Save, restart utorrent.

But the "port check page" still shows that port is not forwarded, but it is forwarded.

I'am stucked at this point.

It seems I configured everything as it should, but it still sais I'am passive.


Link to comment
Share on other sites

Everything seems to be perfect:

1. the proxy mechanism works fine: utorrent and any other apllications can use it (even ftp) and it works.

2. The SSH port forwards are also working: any other apllication can use them, except utorrent.

I think the probelm is that even if I set net.bind_ip and net.outgoing_ip to utorrent actually not use them.

If I will have some time, I will trace this issue with wireshark on both end.


It seems utorrent listens on the proper ( port, but still no success.

The below image proove that every setting is fine:

1. On local machine, putty listens on (proxy port) and (outbound port).

2. On local machine, utorrent listens on (inbound port)

3. The server listens on (the inbound port forwarded to utorrent.



Link to comment
Share on other sites

I've made a picture which shows the situation, and what I want to achieve:


There is no firewall on the network, there is no internet connection sharing, or NAT. The server has an external interface which has all the ports open.

I forwarded the server's tcp port 50000 to client's 50000;

and forwarded client's 50001 ti server's 50001.

I've also forced the ssh server to act as a Socks server.

I want to make utorrent use the proxy server for only tracker announces, and use the local port 50000 for inbound connections, and the local 50001 for outbound connections.

From the client's point of view, here are the addresses:

The proxy server is: (no authentication needed)

The inbound port is at:

The outbound port is at:

After setting up the network I convigured uTorrent as the following:

Set inbound port to 50000

Set outbound port (net.outgoing_port) to 50001

Set net.bind_ip to

Set net.outgoing_ip to

Set proxy to, no authentication, use proxy to resolve addresses, and not to use proxy for peer-to-peer.

I think I set everything properly, but it do not work.

If I set to use proxy for peer-to-peer, it works in passive mode.

The port forwards are up and running, other programs can use it.

I even checked the interfaces with Wireshark and tcpview on both client and on server side, but it seems every port forward is set up and working properly.

I don't know where is the problem.


Link to comment
Share on other sites

Ahha :-)

I get it now, you mean that on the linux machine (server) I have to see something like, or public_ip:50000 instead of

Do you have any idea how to do that? Because I can write any IP to Putty's tunnel page, it always bounds to on the remote (server) side.

Thank you!


Link to comment
Share on other sites

It seems I managed to get this problem done, below you can read the sollution:

1. Set up an SSH connection in Putty with the below tunneling settings:

- Local ports accepts connections from other hosts [thick]

- Remote ports do the same [thick]

- Set up a dynamic port forward with source port 8080 (this will force the ssh server to act as a socks server)

- Set up a remote port forward with source port 50000, and Destination (this will forward the server's 50000 port to the local 50000 port. This could be changed if port 50000 is not open on the sever).

Note that the forwarded ports (remote port forward) on the server side are bound to the loopback interface by default, so you must first check your SSH server's config, and set "GatewayPorts yes" in it's config file (sshd.conf). By default GatewayPorts is set to no!

2. Connect via SSH (note that in deafult, only the root user can forward ports)

3. Set up utorrent with the following settings:

- Port used for incoming connections: 50000

- Proxy server: Socks5

- Proxy address:

- Proxy port: 8080

- Select resolv hostnames through proxy

- Do not select Authentication, and Use proxy for peer to peer

Go to advanced settings an set bt.allow_same_ip to "true"

Restart uTorrent.

What we can achieve with this:

Now from behind a firewall and/or a proxy with even no direct internet connection we can managed to got utorrent working in active mode.

With the above settings the tracker announces are working, the peer list got downloaded, the utorrent port checker sais that the port forwards are OK, and the download starts and there are several incoming connections (flag I set) among the clients, and the uploads are also working fine.

Even my private tracker's stat sais that I'am active. :-)


Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...