[Solved] allow DHT to funtions when firewall is on

Post here if you are a new Porteus member and you're looking for some help.
xenos
Black ninja
Black ninja
Posts: 40
Joined: 20 Aug 2016, 22:20
Distribution: Porteus
Location: Blackhole

[Solved] allow DHT to funtions when firewall is on

Post#1 by xenos » 03 Sep 2016, 18:30

I am using qBittorrent file transferring software as my main torrent client, it works if firewall is off, /etc/rc.d/rc.Firewall stop, but DHT nodes don't populate if rc.Firewall start.

Ports usually used for trackers are 1337 and 6969 and I already added them into rc.Firewall

Code: Select all

ALLOWED_PORTS="20 21 22 23 25 80 110 143 443 1337 6969 9000 50000"
50000 is the Port used for incoming connections, not sure what config I missed :cry:
Last edited by xenos on 14 Sep 2016, 09:01, edited 1 time in total.

xenos
Black ninja
Black ninja
Posts: 40
Joined: 20 Aug 2016, 22:20
Distribution: Porteus
Location: Blackhole

Re: allow DHT to funtions when firewall is on

Post#2 by xenos » 03 Sep 2016, 18:37

Just notice rc.Firewall doesn't open UDP

Code: Select all

   for PORT in $ALLOWED_PORTS; do
   $IPTABLES -A OUTPUT -p tcp --dport $PORT -m state --state NEW,ESTABLISHED -j ACCEPT
   $IPTABLES -A INPUT -p tcp --sport $PORT -m state --state ESTABLISHED -j ACCEPT
   done

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: allow DHT to funtions when firewall is on

Post#3 by brokenman » 04 Sep 2016, 04:39

Did opening allowing udp fix things for you?
How do i become super user?
Wear your underpants on the outside and put on a cape.

xenos
Black ninja
Black ninja
Posts: 40
Joined: 20 Aug 2016, 22:20
Distribution: Porteus
Location: Blackhole

Re: allow DHT to funtions when firewall is on

Post#4 by xenos » 05 Sep 2016, 11:41

Sorry for late reply, it doesn't seems to work even after udp ports were opened, :shock:
Maybe problems on qBittorrent side? Loaded with GeoIP database not found in log. I tried Transmission with a popular torrent, but very slow speed, below 3 KB, not sure yet what is wrong.

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: allow DHT to funtions when firewall is on

Post#5 by brokenman » 05 Sep 2016, 16:09

Just to be thorough (you no doubt were) make sure you restart the firewall after making changes.
How do i become super user?
Wear your underpants on the outside and put on a cape.

xenos
Black ninja
Black ninja
Posts: 40
Joined: 20 Aug 2016, 22:20
Distribution: Porteus
Location: Blackhole

Re: allow DHT to funtions when firewall is on

Post#6 by xenos » 14 Sep 2016, 08:55

Hi,
I end up with the following in my rc.Firewall, copy how allow DNS works in all directions, not really understand what it is doing, but now the port is working :D :D running Tixati

Code: Select all

   # torrent
   $IPTABLES -A INPUT -p udp --dport 54321 -j ACCEPT
   $IPTABLES -A INPUT -p tcp --dport 54321 -j ACCEPT
   $IPTABLES -A INPUT -p udp --sport 54321 -j ACCEPT
   $IPTABLES -A INPUT -p tcp --sport 54321 -j ACCEPT
   $IPTABLES -A OUTPUT -p udp --dport 54321 -j ACCEPT
   $IPTABLES -A OUTPUT -p tcp --dport 54321 -j ACCEPT
   $IPTABLES -A OUTPUT -p udp --sport 54321 -j ACCEPT
   $IPTABLES -A OUTPUT -p tcp --sport 54321 -j ACCEPT
Could I write -p udp,tcp in one line instead of breaking them into two lines?

xenos
Black ninja
Black ninja
Posts: 40
Joined: 20 Aug 2016, 22:20
Distribution: Porteus
Location: Blackhole

Re: [Solved] allow DHT to funtions when firewall is on

Post#7 by xenos » 14 Sep 2016, 12:43

I did a little bit more experiments,

Code: Select all

$IPTABLES -A INPUT -p tcp --dport 54321 -j ACCEPT
# listen on 54321, allow them to established

$IPTABLES -A INPUT -p tcp --sport 54321 -j ACCEPT
# allow them to established if they (those who want to established connection) are coming from port 54321

$IPTABLES -A OUTPUT -p tcp --dport 54321 -j ACCEPT
# allow me to send out eg. http://www.internet.com:54321

$IPTABLES -A OUTPUT -p tcp --sport 54321 -j ACCEPT
# allow me to send out if I use port 54321 to go out
So, I skimp it to the following

Code: Select all

#torrent
$IPTABLES -A INPUT -p udp --dport 54321 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 54321 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --sport 54321 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --sport 54321 -j ACCEPT

User avatar
brokenman
Site Admin
Site Admin
Posts: 6105
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v4 all desktops
Location: Brazil

Re: [Solved] allow DHT to funtions when firewall is on

Post#8 by brokenman » 15 Sep 2016, 01:37

Good job!
How do i become super user?
Wear your underpants on the outside and put on a cape.

Post Reply