What ports should be open?

[zshare]

Hi,

I am blocking all traffic (TCP and UDP, in/outbound) on ports below 1024, except for the tracker anounce - TCP HTTP, where needed. It is done with software firewall.

However, I noticed a lot of UDP packets to remote ports like 113 (AUTH) and 80 (HTTP), sometimes 20, 21, 52, 88 caused by µT to various IP addresses. Is it normal behaviour (for DHT purposes), and should I allow this in my firewall? I'm behind NAT and I cannot change this - maybe this is the reason, although I don't see why?

[µtorrent-Guest]

because other peers use these well known ports as their incomming port. probably to circumvent firewall or throttleing issues from their ISPs

[Firon]

Blocking ports below 1024 for µTorrent simply reduces the amount of legitimate peers you can connect to, and reduces DHT performance. Lots of people use ports below 1024 for one reason or another.

[zshare]

Ok, thanks, that's what I suspected to be the truth. So, you're suggesting me to freely connect to any remote port I can get?

This means I should enable UDP/TCP outbound traffic to all remote ports (1-65535)?

[Firon]

For µTorrent's process, yeah. You only need to allow incoming on the one port you specified, though.

[zshare]

Well sure, I know for that magical incoming port, but, as I said, I'm behind NAT, and there's no chance to get a public IP/port forwarding, so there's actually no benefit from opening any port in my firewall. I really hate it!!!!

Any news on NAT traversal?

Thanks for the fast answers!!!!

[Firon]

UDP NAT traversal is currently on hold (probably to fix everything else, implement other needed features, perfect the webui backend, etc)