Porteus

Porteus User Forum
https://forum.porteus.org/

[Solved] allow DHT to funtions when firewall is on

https://forum.porteus.org/viewtopic.php?f=81&t=6185

Page 1 of 1

[Solved] allow DHT to funtions when firewall is on

Posted: 03 Sep 2016, 18:30
by xenos
I am using qBittorrent file transferring software as my main torrent client, it works if firewall is off, /etc/rc.d/rc.Firewall stop, but DHT nodes don't populate if rc.Firewall start.

Ports usually used for trackers are 1337 and 6969 and I already added them into rc.Firewall

Code: Select all

ALLOWED_PORTS="20 21 22 23 25 80 110 143 443 1337 6969 9000 50000"
50000 is the Port used for incoming connections, not sure what config I missed :cry:

Re: allow DHT to funtions when firewall is on

Posted: 03 Sep 2016, 18:37
by xenos
Just notice rc.Firewall doesn't open UDP

Code: Select all

   for PORT in $ALLOWED_PORTS; do
   $IPTABLES -A OUTPUT -p tcp --dport $PORT -m state --state NEW,ESTABLISHED -j ACCEPT
   $IPTABLES -A INPUT -p tcp --sport $PORT -m state --state ESTABLISHED -j ACCEPT
   done

Re: allow DHT to funtions when firewall is on

Posted: 04 Sep 2016, 04:39
by brokenman
Did opening allowing udp fix things for you?

Re: allow DHT to funtions when firewall is on

Posted: 05 Sep 2016, 11:41
by xenos
Sorry for late reply, it doesn't seems to work even after udp ports were opened, :shock:
Maybe problems on qBittorrent side? Loaded with GeoIP database not found in log. I tried Transmission with a popular torrent, but very slow speed, below 3 KB, not sure yet what is wrong.

Re: allow DHT to funtions when firewall is on

Posted: 05 Sep 2016, 16:09
by brokenman
Just to be thorough (you no doubt were) make sure you restart the firewall after making changes.

Re: allow DHT to funtions when firewall is on

Posted: 14 Sep 2016, 08:55
by xenos
Hi,
I end up with the following in my rc.Firewall, copy how allow DNS works in all directions, not really understand what it is doing, but now the port is working :D :D running Tixati

Code: Select all

   # torrent
   $IPTABLES -A INPUT -p udp --dport 54321 -j ACCEPT
   $IPTABLES -A INPUT -p tcp --dport 54321 -j ACCEPT
   $IPTABLES -A INPUT -p udp --sport 54321 -j ACCEPT
   $IPTABLES -A INPUT -p tcp --sport 54321 -j ACCEPT
   $IPTABLES -A OUTPUT -p udp --dport 54321 -j ACCEPT
   $IPTABLES -A OUTPUT -p tcp --dport 54321 -j ACCEPT
   $IPTABLES -A OUTPUT -p udp --sport 54321 -j ACCEPT
   $IPTABLES -A OUTPUT -p tcp --sport 54321 -j ACCEPT
Could I write -p udp,tcp in one line instead of breaking them into two lines?

Re: [Solved] allow DHT to funtions when firewall is on

Posted: 14 Sep 2016, 12:43
by xenos
I did a little bit more experiments,

Code: Select all

$IPTABLES -A INPUT -p tcp --dport 54321 -j ACCEPT
# listen on 54321, allow them to established

$IPTABLES -A INPUT -p tcp --sport 54321 -j ACCEPT
# allow them to established if they (those who want to established connection) are coming from port 54321

$IPTABLES -A OUTPUT -p tcp --dport 54321 -j ACCEPT
# allow me to send out eg. http://www.internet.com:54321

$IPTABLES -A OUTPUT -p tcp --sport 54321 -j ACCEPT
# allow me to send out if I use port 54321 to go out
So, I skimp it to the following

Code: Select all

#torrent
$IPTABLES -A INPUT -p udp --dport 54321 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 54321 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --sport 54321 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --sport 54321 -j ACCEPT

Re: [Solved] allow DHT to funtions when firewall is on

Posted: 15 Sep 2016, 01:37
by brokenman
Good job!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/