Shorewall users - May 2005 - BitTorrent uploads enabled?

I''m seeing what may be sort of strange behavior - My machine is behind
a
Shorewall firewall, which, in the rules section, includes:

AllowBitTorrent, any source, any dest

I''m wondering - how is my machine behind the firewall able to upload,
since
no port forwarding related to bittorrent is taking place? (Just to clarify - 
it IS uploading)

I looked at the AllowBitTorrent rule, however, and didn''t seem like it
was
doing any such thing.  Any advice on why this might be happening?

On Saturday 21 May 2005 23:05, Luke St.Clair wrote:
> I''m seeing what may be sort of strange behavior - My machine is
behind a
> Shorewall firewall, which, in the rules section, includes:
>
> AllowBitTorrent, any source, any dest
AFAIK, AllowBitTorrent is not a standard action. So you created it yourself?
What are the contents? How is your policy from lokal network to internet?
>
> I''m wondering - how is my machine behind the firewall able to
upload, since
> no port forwarding related to bittorrent is taking place? (Just to clarify
> - it IS uploading)
>
> I looked at the AllowBitTorrent rule, however, and didn''t seem
like it was
> doing any such thing.  Any advice on why this might be happening?
It connects to a "tracker", get''s a list of other hosts and
opens a connection
to them from inside. connection gets established, e voila! It starts 
uploading.


Btw, I would use DNAT rules in this style:

DNAT           net       loc0:192.168.1.100   tcp     6881:6889 -      all
DNAT           net       loc0:192.168.1.100   tcp     -         6881:6889 all

It will speed up things.

HTH,
Alex


>
>
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe:
> https://lists.shorewall.net/mailman/listinfo/shorewall-users Support:
> http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm

> I''m wondering - how is my machine behind the firewall able to
upload,
 > since no port forwarding related to bittorrent is taking place? (Just to
 > clarify - it IS uploading)

Long Answer:
http://btfaq.com/serve/cache/25.html

"BitTorrent will usually work fine in a NAT (network address 
translation) environment, since it can function with only outbound 
connections. Such environments generally include all situations where 
multiple computers share one publicly-visible IP address, most commonly: 
computers on a home network sharing a cable or xDSL connection.

However, you will get better speeds if you allow incoming connections as 
well. To do this you must use the "port forwarding" feature of
whatever
is performing the NAT/gateway task. For example, if you have a cable or 
DSL connection and a router/switch/gateway/firewall, you will need to go 
into the configuration of this device and forward ports 6881-6889 to the 
local machine that will be using BitTorrent. If your device makes it 
hard to enter a range of ports (if you must enter each one separately), 
then you can just do the first 10 or so ports, or however many 
simultaneous clients you plan to ever have open. If more than one person 
behind such a gateway wishes to use BitTorrent, then each machine should 
use a different port range, and the gateway should be configured to 
forward each port range to the corresponding local machine."

http://dessent.net/btfaq/#ports

"As of 3.2 and later, the range has been extended to 6881-6999. (These 
are all TCP ports, BitTorrent does not use UDP.) "


I think the best solution is to break up 6881-6999 into as many blocks 
as you have PCs that you wish to use bittorrent then create DNAT rules 
forwarding those ports.

For example...if you have two PCs you want to use bittorrent with.
DNAT           net       loc:192.168.1.2   tcp     6881:6888 -      all
DNAT           net       loc:192.168.1.2   tcp     -         6881:6888 all
DNAT           net       loc:192.168.1.3  tcp     6889:6999 -      all
DNAT           net       loc:192.168.1.3   tcp     -         6889:6999 all


Short Answer:
Bitorrent uses TCP, not UDP, and takes advantage of statetful firewalls 
ability to pass established connections.

Luke St.Clair wrote:
> I''m seeing what may be sort of strange behavior - My machine is
behind a
> Shorewall firewall, which, in the rules section, includes:
> 
> AllowBitTorrent, any source, any dest
> 
> I''m wondering - how is my machine behind the firewall able to
upload,
> since no port forwarding related to bittorrent is taking place? (Just to 
> clarify - it IS uploading)
> 
> I looked at the AllowBitTorrent rule, however, and didn''t seem
like it
> was doing any such thing.  Any advice on why this might be happening?
> 
> 
> _______________________________________________
> Shorewall-users mailing list
> Post: Shorewall-users@lists.shorewall.net
> Subscribe/Unsubscribe: 
> https://lists.shorewall.net/mailman/listinfo/shorewall-users
> Support: http://www.shorewall.net/support.htm
> FAQ: http://www.shorewall.net/FAQ.htm
> 
>