Creasy Posted October 14, 2005 Report Share Posted October 14, 2005 Hello,I use µTorrent with Outpost firewall.When I put a rule http://forum.utorrent.com/viewtopic.php?t=205&highlight=firewall"Allow inbound TCP connections on the port specified in Network Options, Listening Options."It will become like that with Outpost:65532 for example.But :Tracker status become No connection established because the target computer has denied it(it is an English French approximate translation) If I put µTorrent in the Trusted Applications with Outpost (-> allow all)then, after a "Update tracker" :Have an idea to resolve that?I'll like to filter µTorrent with Outpost but I prefer the blue color Thank you by advance Link to comment Share on other sites More sharing options...
foreplay Posted October 14, 2005 Report Share Posted October 14, 2005 you need to modify that so its both inbound and outbound. then again it will probably block all the peers as well so unless you want to add them by hand i would just set it to allow all. Link to comment Share on other sites More sharing options...
chaosblade Posted October 14, 2005 Report Share Posted October 14, 2005 As foreplay said, Thats the blocked outbound bandwidth thats causing this. And as he said, Peer ports would be an issue too as they tend to be random, aswell as tracker ports.. Just allow uTorrent to access the entire range for inbound aswell as outbound. Link to comment Share on other sites More sharing options...
sethg Posted October 14, 2005 Report Share Posted October 14, 2005 Now this suggestion is something I don't understand. I thought that uTorrent does all its activity through one TCP port, both for trackers and for client connections. The previous two posts suggest otherwise. Forwarding all TCP ports is not practical, primarily due to security and secondarily there are other machines in the network that need particular inbound ports.Does uTorrent need any TCP ports forwarded besides the single port in the network dialog box? If so, what is the minimum quantity and what is the port range? Link to comment Share on other sites More sharing options...
juju Posted October 14, 2005 Report Share Posted October 14, 2005 Does uTorrent need any TCP ports forwarded besides the single port in the network dialog box? If so, what is the minimum quantity and what is the port range?no, it only needs one port... but 2 rules must be defined as bittorrent acts like a client AND a server :one for allowing inbound connections (as a client) from everyone/every port to your chosen portone for allowing outbound connections (as a server) from your chosen port to everyone Link to comment Share on other sites More sharing options...
chaosblade Posted October 14, 2005 Report Share Posted October 14, 2005 Ah, juju explained it a bit better. Link to comment Share on other sites More sharing options...
Creasy Posted October 14, 2005 Author Report Share Posted October 14, 2005 no, it only needs one port... but 2 rules must be defined as bittorrent acts like a client AND a server :one for allowing inbound connections (as a client) from everyone/every port to your chosen portone for allowing outbound connections (as a server) from your chosen port to everyoneI have try like that :Where the protocole is TCP and where the direction is INBOUND and where the local port is 1234Allow itANDWhere the protocole is TCP and where the direction is OUTBOUND and where the local port is 1234Allow itnot workingbut if I change the outbound rule like that :Where the protocole is TCP and where the direction is OUTBOUNDAllow itit's OK !because, in the blocked connexion Log, I can see when I try to update the tracker :(RDP and 2710 -> Remote port1906, 1907, 1908, ...,....,.... -> Local port ) Link to comment Share on other sites More sharing options...
Undesirable Posted October 14, 2005 Report Share Posted October 14, 2005 Torrent HTTP Connection RuleWhere the protocol is TCPand Where the direction is Outboundand Where the remote port is HTTPAllow itTorrent HTTPS Connection RuleWhere the protocol is TCPand Where the direction is Outboundand Where the remote port is HTTPSAllow itTorrent Network TCP Inbound RuleWhere the protocol is TCPand Where the direction is Inboundand Where the local port is 65532Allow itTorrent Network TCP Outbound RuleWhere the protocol is TCPand Where the direction is Outboundand Where the remote port is 1024-65535Allow itTorrent Network UDP Inbound RuleWhere the protocol is UDPand Where the direction is Inboundand Where the local port is 65532Allow itTorrent Network UDP Outbound RuleWhere the protocol is UDPand Where the direction is Outboundand Where the remote port is 1024-65535Allow itLocalhost Loopback Inbound RuleWhere the protocol is TCPand Where the direction is Inboundand Where the remote host is 127.0.0.1Allow itApplication UDP DNS ResolutionWhere the protocol is UDPand Where the remote host is the IP address for your DNS serverand Where the remote port is DNSAllow itTCP Inbound Blockall Coverage RuleWhere the protocol is TCPand Where the direction is InboundBlock itTCP Outbound Blockall Coverage RuleWhere the protocol is TCPand Where the direction is OutboundBlock itUDP Blockall Coverage RuleWhere the protocol is UDPBlock it Link to comment Share on other sites More sharing options...
chaosblade Posted October 14, 2005 Report Share Posted October 14, 2005 Huh. HTTPHTTPS PORT in TCP protocol ? Oo Link to comment Share on other sites More sharing options...
Undesirable Posted October 14, 2005 Report Share Posted October 14, 2005 Take or leave whatever part of it you wish. I got the information from here:http://www.outpostfirewall.com/forum/showthread.php?t=12542 Link to comment Share on other sites More sharing options...
Creasy Posted October 14, 2005 Author Report Share Posted October 14, 2005 HTTP and HTTPS certainly for the "Swing Web Interface" :This plugin lets you control Azureus remotely via a browser.For security it is advised that you set a username and password. HTTPS (SSL) access can also be configured. Not for µTorrent !! Link to comment Share on other sites More sharing options...
chaosblade Posted October 15, 2005 Report Share Posted October 15, 2005 Actually messages to the tracker and replys from it are HTTP GET messages. Link to comment Share on other sites More sharing options...
sethg Posted October 15, 2005 Report Share Posted October 15, 2005 OK, I think we have to distinguish between two different points of protection where such rules are deployed:1) the LAN border router, which typically performs NAT and may include a firewall, and2) the software firewall on each machine in the LAN.The rules Undesirable posted above are for a particular software firewall running on a LAN client. A NAT router is the gateway to the LAN and hides all local LAN IP addresses by changing the outgoing packets to make them appear to come from the same WAN IP address: the publicly routable IP address of the router. By keeping track of "transactions", it does the same address translation for incoming packets, so the remote host never knows the local LAN IP address it is really talking to. Though my question wasn't specific, I was asking about the more basic level of the border router.Specifically, my understanding is that uTorrent only uses a single local port, using the TCP protocol, which is bidirectional, for all communications with both trackers and clients. The remote port numbers can be anything. This means that for a border router providing NAT services, only one incoming TCP port has to be forwarded to a given LAN client to run uTorrent. If there is a firewall in that router, the rules have to allow incoming and outgoing TCP connections through that port. Since TCP is inherently bidirectional, all this really means is the router will forward all incoming TCP packets hitting that port to a specific port on a specific local machine, regardless of whether the TCP connection was initiated by the local machine or the remote host. In other words, that port can function as either a client or a server for intermediate-level protocols based on TCP (such as BitTorrent and SMTP). Is my understanding of uTorrent correct?UDP traffic is different, since UDP only defines a single packet going in a single direction. There is no connection to speak of, no handshakes and no state machine for the protocol. Some intermediate-level protocols, such as FTP, consist of a series of one-way UDP packets. To control these, the router either has to understand the specific protocol or use the "port triggering" concept. That is, an outgoing UDP packet is treated as opening a connection and incoming UDP packets to that port are forwarded instead of being dropped for a period of time.Software firewalls not only deal with ports and low-level protocols, but also intermediate-level protocols and applications. Software firewalls generally deal with low-level protocols such as TCP and UDP, intermediate level protocols such as HTTP and FTP, and some know about the application that is requesting network services, such as FireFox. This leads to a larger variety of possible rules compared to a router. Link to comment Share on other sites More sharing options...
drpiety Posted October 15, 2005 Report Share Posted October 15, 2005 65532 is the guys listening port i guess.Application UDP DNS Resolution Where the protocol is UDP and Where the remote host is the IP address for your DNS server and Where the remote port is DNS Allow it What is this good for ? Only in combination with the HTTP and HTTP rules ? I think this can be left away aswell. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.