Tracker announces through SSH tunnel

[dchardware]

Hi,

I have the following problem:

My computer is on an intranet, behind proxy, firewall etc.

But, I have a root ssh access to a server, where every port is open.

My idea was the following: through SSH TCP forwarding I redirect a port from the server for the bittorrent connections. This works fine, but the problem is that the tracker cannot be connected because of the proxy, and because of that, i cannot get the peer list from the tracker.

The problem is that utorrent uses random source ports for http tracker announces (as any browser does). Somehow I have to force utorrent to use a specific source port for tracker announces, because I have to forward a port for tracker announces too, but I cannot do that if utorrent changes the source port every time.

Someone has an idea how to do that?

Thank you!

Dchard

[Switeck]

I doubt it'd work, but uTorrent can set what outgoing port/s it uses in advanced settings.

The problem is, that's probably only for peer/seed connections not tracker updates.

[dchardware]

I found a way which is not the perfect method, but it works:

First make a profile in Putty, then go to Putty --> Connection --> SSH --> Tunnel:

Source port: 8080

Destination: 127.0.0.1:8080

Dynamic X

Auto X

Press the "Add button"

Save the profile then connect to the SSH server.

When the connection to the SSH server made, it acts as a Sock4 or Sock5 proxy server, and all programs which set to use this Sock server, will going through the SSH tunnel.

Sock 4/5 settings on client side:

Address: 127.0.0.1

Port: 8080

Unfortunantely I was in passive state (even if I set the utorrent port to 8080), but nonetheless I can download with that method at almost line speed (~100Mbit/s) in the office :-)

If I will manage to get active, I will tell that too.

Dchard

[GTHK]

Passive? As in can't get incoming connections? Putty lets you configure to have ports forwarded from the server you connect to if the server allows it. I haven't actually tried it though, no SSH server for me to test on. Let me know if it works out (unless you're having a different problem..): http://the.earth.li/~sgtatham/putty/0.60/htmldoc/Chapter3.html#using-port-forwarding

[dchardware]

Because I dont't want to play on the workplace network, I continued to solve the problem first at home:

1. I have a router PC which is NAT-ing for my local lan and sharing my internet connection. First I turned off NAT and the port forwarding service, this is how I made a smiliar environment as my office lan: there is no accepted inbound and outbound connections allowed (because the proxy catch it).

2. FIrst I do the same trick, like at my workplace: from the client I made an SSH connection to the server (which has all its ports open) and made a dynamic port forward to force the SSH server to act like a Socksv4/v5 proxy server.

This is - as at my worplace - worked fine: when I set my browser to use the 127.0.0.1:8080 sock server, everything started to work (without NAT or portforward or anything).

uTorrent also worked, but only in passive mode.

3. Because I have the right, and the server has all it's ports open, now I tried to forward some port from the server to the client and back to actually make my connection active:

I forwarded the server's port 60000 to my local 60000 port, and my local 60000 port to the server's 60000 port.

It means if there is any connection attempt goes to my server's 60000 port, it will be forwarded to my local (127.0.0.1) 60000 port, and vice versa.

Now I set the incoming port in utorrent to 60000, set the proxy address to 127.0.0.1:8080, checked to resolv names through the proxy server, but unchecked to use proxy for peer-to-peer.

Save, restart utorrent.

But the "port check page" still shows that I am passive.

I go to utorrent's advanced settings,

and set net.bind_ip and net.outgoing_ip to 127.0.0.1 (because port 60000 is forwarded to and from the 127.0.0.1 address) and set the net.outgoing_port to 60000

Save, restart utorrent.

But the "port check page" still shows that port is not forwarded, but it is forwarded.

I'am stucked at this point.

It seems I configured everything as it should, but it still sais I'am passive.

Dchard

[GTHK]

Is your browser setup to go through the proxy..? Otherwise I have no idea :|

[dchardware]

Everything seems to be perfect:

1. the proxy mechanism works fine: utorrent and any other apllications can use it (even ftp) and it works.

2. The SSH port forwards are also working: any other apllication can use them, except utorrent.

I think the probelm is that even if I set net.bind_ip and net.outgoing_ip to 127.0.0.1 utorrent actually not use them.

If I will have some time, I will trace this issue with wireshark on both end.

MOD1:

It seems utorrent listens on the proper (127.0.0.1:50000) port, but still no success.

The below image proove that every setting is fine:

1. On local machine, putty listens on 127.0.0.1:8080 (proxy port) and 127.0.0.1:50001 (outbound port).

2. On local machine, utorrent listens on 127.0.0.1:50000 (inbound port)

3. The server listens on 127.0.0.1:50000 (the inbound port forwarded to utorrent.

Dchard

[DreadWingKnight]

3. The server listens on 127.0.0.1:50000 (the inbound port forwarded to utorrent.

So it binds to the loopback adapter and is unable to forward data on the public adapter?

[dchardware]

I've made a picture which shows the situation, and what I want to achieve:

There is no firewall on the network, there is no internet connection sharing, or NAT. The server has an external interface which has all the ports open.

I forwarded the server's tcp port 50000 to client's 50000;

and forwarded client's 50001 ti server's 50001.

I've also forced the ssh server to act as a Socks server.

I want to make utorrent use the proxy server for only tracker announces, and use the local port 50000 for inbound connections, and the local 50001 for outbound connections.

From the client's point of view, here are the addresses:

The proxy server is: 127.0.0.1:8080 (no authentication needed)

The inbound port is at: 127.0.0.1:50000

The outbound port is at: 127.0.0.1:50001

After setting up the network I convigured uTorrent as the following:

Set inbound port to 50000

Set outbound port (net.outgoing_port) to 50001

Set net.bind_ip to 127.0.0.1

Set net.outgoing_ip to 127.0.0.1

Set proxy to 127.0.0.1:8080, no authentication, use proxy to resolve addresses, and not to use proxy for peer-to-peer.

I think I set everything properly, but it do not work.

If I set to use proxy for peer-to-peer, it works in passive mode.

The port forwards are up and running, other programs can use it.

I even checked the interfaces with Wireshark and tcpview on both client and on server side, but it seems every port forward is set up and working properly.

I don't know where is the problem.

Dchard

[DreadWingKnight]

Binding the port you're forwarding to the tunneled machine via 127.0.0.1 on the tunnel host means that it's only listening on the loopback connection. The connection that goes to the internet doesn't have the port bound, so connections to it from the internet don't get forwarded back to the tunneled machine.

[dchardware]

Could you please specify where the problem is in your opinion? Because I don't get it.

Dchard

[DreadWingKnight]

In your netstat on your linux machine, you have a listen bound to 127.0.0.1

No network adapter in your system that has internet access can talk to that address.

[dchardware]

Ahha :-)

I get it now, you mean that on the linux machine (server) I have to see something like 0.0.0.0:50000, or public_ip:50000 instead of 127.0.0.1:50000?

Do you have any idea how to do that? Because I can write any IP to Putty's tunnel page, it always bounds to 127.0.0.1 on the remote (server) side.

Thank you!

Dchard

[DreadWingKnight]

That would be controlled largely by the SSH server software on the server side.

[dchardware]

It seems I managed to get this problem done, below you can read the sollution:

1. Set up an SSH connection in Putty with the below tunneling settings:

- Local ports accepts connections from other hosts [thick]

- Remote ports do the same [thick]

- Set up a dynamic port forward with source port 8080 (this will force the ssh server to act as a socks server)

- Set up a remote port forward with source port 50000, and Destination 127.0.0.1:50000 (this will forward the server's 50000 port to the local 50000 port. This could be changed if port 50000 is not open on the sever).

Note that the forwarded ports (remote port forward) on the server side are bound to the loopback interface by default, so you must first check your SSH server's config, and set "GatewayPorts yes" in it's config file (sshd.conf). By default GatewayPorts is set to no!

2. Connect via SSH (note that in deafult, only the root user can forward ports)

3. Set up utorrent with the following settings:

- Port used for incoming connections: 50000

- Proxy server: Socks5

- Proxy address: 127.0.0.1

- Proxy port: 8080

- Select resolv hostnames through proxy

- Do not select Authentication, and Use proxy for peer to peer

Go to advanced settings an set bt.allow_same_ip to "true"

Restart uTorrent.

What we can achieve with this:

Now from behind a firewall and/or a proxy with even no direct internet connection we can managed to got utorrent working in active mode.

With the above settings the tracker announces are working, the peer list got downloaded, the utorrent port checker sais that the port forwards are OK, and the download starts and there are several incoming connections (flag I set) among the clients, and the uploads are also working fine.

Even my private tracker's stat sais that I'am active. :-)

Dchard