Page 1 of 1
[Solved] allow DHT to funtions when firewall is on
Posted: 03 Sep 2016, 18:30
by xenos
I am using qBittorrent file transferring software as my main torrent client, it works if firewall is off, /etc/rc.d/rc.Firewall stop, but DHT nodes don't populate if rc.Firewall start.
Ports usually used for trackers are 1337 and 6969 and I already added them into rc.Firewall
Code: Select all
ALLOWED_PORTS="20 21 22 23 25 80 110 143 443 1337 6969 9000 50000"
50000 is the Port used for incoming connections, not sure what config I missed
Re: allow DHT to funtions when firewall is on
Posted: 03 Sep 2016, 18:37
by xenos
Just notice rc.Firewall doesn't open UDP
Code: Select all
for PORT in $ALLOWED_PORTS; do
$IPTABLES -A OUTPUT -p tcp --dport $PORT -m state --state NEW,ESTABLISHED -j ACCEPT
$IPTABLES -A INPUT -p tcp --sport $PORT -m state --state ESTABLISHED -j ACCEPT
done
Re: allow DHT to funtions when firewall is on
Posted: 04 Sep 2016, 04:39
by brokenman
Did opening allowing udp fix things for you?
Re: allow DHT to funtions when firewall is on
Posted: 05 Sep 2016, 11:41
by xenos
Sorry for late reply, it doesn't seems to work even after udp ports were opened,
Maybe problems on qBittorrent side? Loaded with GeoIP database not found in log. I tried Transmission with a popular torrent, but very slow speed, below 3 KB, not sure yet what is wrong.
Re: allow DHT to funtions when firewall is on
Posted: 05 Sep 2016, 16:09
by brokenman
Just to be thorough (you no doubt were) make sure you restart the firewall after making changes.
Re: allow DHT to funtions when firewall is on
Posted: 14 Sep 2016, 08:55
by xenos
Hi,
I end up with the following in my rc.Firewall, copy how allow DNS works in all directions, not really understand what it is doing, but now the port is working
running Tixati
Code: Select all
# torrent
$IPTABLES -A INPUT -p udp --dport 54321 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 54321 -j ACCEPT
$IPTABLES -A INPUT -p udp --sport 54321 -j ACCEPT
$IPTABLES -A INPUT -p tcp --sport 54321 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --dport 54321 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --dport 54321 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --sport 54321 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --sport 54321 -j ACCEPT
Could I write -p udp,tcp in one line instead of breaking them into two lines?
Re: [Solved] allow DHT to funtions when firewall is on
Posted: 14 Sep 2016, 12:43
by xenos
I did a little bit more experiments,
Code: Select all
$IPTABLES -A INPUT -p tcp --dport 54321 -j ACCEPT
# listen on 54321, allow them to established
$IPTABLES -A INPUT -p tcp --sport 54321 -j ACCEPT
# allow them to established if they (those who want to established connection) are coming from port 54321
$IPTABLES -A OUTPUT -p tcp --dport 54321 -j ACCEPT
# allow me to send out eg. http://www.internet.com:54321
$IPTABLES -A OUTPUT -p tcp --sport 54321 -j ACCEPT
# allow me to send out if I use port 54321 to go out
So, I skimp it to the following
Code: Select all
#torrent
$IPTABLES -A INPUT -p udp --dport 54321 -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport 54321 -j ACCEPT
$IPTABLES -A OUTPUT -p udp --sport 54321 -j ACCEPT
$IPTABLES -A OUTPUT -p tcp --sport 54321 -j ACCEPT
Re: [Solved] allow DHT to funtions when firewall is on
Posted: 15 Sep 2016, 01:37
by brokenman
Good job!