# Firewall and Bittorrent

## TheWart

Does anyone have any ideas wht I can't connect to anyone or anything with BT?

I have shorewall, with port 6881-6999 open, along with 6969, as that is the one Bittorrent listens on according to the BT faq.

But I still get timeouts when trying to connect to a tracker,

BTW, i am using Shorewall.

----------

## TheWart

bump

This must be a weird issue.....

----------

## think4urs11

Hi!

It's a german site but nevertheless it should be clear what has to be configured.

http://bittorrent-faq.de/#ss2.9

HTH

T.

----------

## TheWart

Thanks for the link.

I have all that opened up, but it is still a no go (and yes, I did restart shorewall  :Wink: )

I guess I could take shorewall off of boot (i,e. have no firewall and see what happens)

UPDATE:

Sure enough, I took off my firewall, and it still timed out to the tracker.

Maybe my school is blocking those ports (although, I don't know why, as they don't bother to block the common fs ones like kazaa etc).

----------

## TheWart

I am sorry for replying to my own post, but I figured I might as well bump it...

Does anyone know how to tell Bittorrent what ports to use?

I am trying it like this:

```

aaron@dasboxen:btdownloadcurses.py --minport 4662 --maxport 4670 HL2-Walls.zip.torrent

These errors occurred during execution:

error: Too many args - 0 max.

run with no args for parameter explanations

```

----------

## funkmankey

if you give it any flags at all, you have to include the responsefile flag that specifies the torrent file, e.g....

```
/usr/bin/btdownloadgui.py --minport 6500 --maxport 6600 --responsefile something.torrent
```

(hence your 'too many args error)

I recommend using bittorrent-mxs, it will let you adjust some of the options in the middle of downloading (but not the port of course!)

----------

## TheWart

 *funkmankey wrote:*   

> if you give it any flags at all, you have to include the responsefile flag that specifies the torrent file, e.g....
> 
> ```
> /usr/bin/btdownloadgui.py --minport 6500 --maxport 6600 --responsefile something.torrent
> ```
> ...

 

Ahh.

I ran:

```

aaron@DasBoxen personal $ btdownloadgui.py --minport 4662 --maxport 4670 --responsefile HL2-Walls.zip.torrent

```

But it still times out to the stupid tracker.

this is really strange (I have even tried diff files, in case it is just the one tracker)

These are the stupid ports I had open for XMule, which was working.

----------

## funkmankey

that is mighty bizarre! have you tried checking the first line of the torrent file itself and see what port the tracker is on (not always 6969...)? the download gui will also offer that info under its "details" link.

in the end there is always tcpdump ^_^

----------

## TheWart

 *funkmankey wrote:*   

> that is mighty bizarre! have you tried checking the first line of the torrent file itself and see what port the tracker is on (not always 6969...)? the download gui will also offer that info under its "details" link.
> 
> in the end there is always tcpdump ^_^

 

Yea, it is very strange.

I checked the Tracker port, and it is 6969.

It is not like I am dying for bittorrent, but I am sure you knwo how frustrating it is to not know why something on the comp is not working  :Smile: 

ANyway, what is this tcpdump you speak of?

----------

## funkmankey

simple test:

```
%telnet tracker.wherever 6969
```

if it is able to connect, you would see something like this

```
Escape character is '^]'.
```

otherwise, try bittorrent (or the above telnet) while tcpdump is running

```
%sudo tcpdump port 6969
```

to observe network traffic to/from port 6969 directly. requires af_packet kernel module and also libpcap, I think.

and yes, I know all about that sort of frustration ^_^

----------

## TheWart

Okay, I ran tcpdump as you indicated, and this was the output:

```

tcpdump port 6969

tcpdump: listening on eth0

12:54:42.363858 A021196.N1.Vanderbilt.Edu.33157 > 207.44.248.22.6969: S 2123739903:2123739903(0) win 5840 <mss 1460,sackOK,timestamp 14175100 0,nop,wscale 0> (DF)

12:54:45.362529 A021196.N1.Vanderbilt.Edu.33157 > 207.44.248.22.6969: S 2123739903:2123739903(0) win 5840 <mss 1460,sackOK,timestamp 14178100 0,nop,wscale 0> (DF)

12:54:51.361616 ... > 207.44.248.22.6969: S 2123739903:2123739903(0) win 5840 <mss 1460,sackOK,timestamp 14184100 0,nop,wscale 0> (DF)

12:55:03.359793 ... > 207.44.248.22.6969: S 2123739903:2123739903(0) win 5840 <mss 1460,sackOK,timestamp 14196100 0,nop,wscale 0> (DF)

12:55:27.356143 ... > 207.44.248.22.6969: S 2123739903:2123739903(0) win 5840 <mss 1460,sackOK,timestamp 14220100 0,nop,wscale 0> (DF)

12:56:15.348849 ... > 207.44.248.22.6969: S 2123739903:2123739903(0) win 5840 <mss 1460,sackOK,timestamp 14268100 0,nop,wscale 0> (DF)

12:57:12.203452 ... > 207.44.248.22.6969: S 2274845912:2274845912(0) win 5840 <mss 1460,sackOK,timestamp 14324963 0,nop,wscale 0> (DF)

12:57:15.202750 ... > 207.44.248.22.6969: S 2274845912:2274845912(0) win 5840 <mss 1460,sackOK,timestamp 14327963 0,nop,wscale 0> (DF)

```

(I edited out my addy)

And even though BT said it timed out, it kept adding entries like this....

Now I am not network admin, but I don't really see anything out of the ordinary.

----------

## think4urs11

hmm

not a single packet in you trace is coming FROM the tracker.

Seems to as if either the outgoing traffic is blocked somewhere OR the incoming traffic is blocked somewhere before your eth0.

----------

## TheWart

 *Think4UrS11 wrote:*   

> hmm
> 
> not a single packet in you trace is coming FROM the tracker.
> 
> Seems to as if either the outgoing traffic is blocked somewhere OR the incoming traffic is blocked somewhere before your eth0.

 

Hmm.

This is my shorewall rules file:

```

ACCEPT   net            fw              tcp     5190

ACCEPT   net            fw              tcp     6881:6999

ACCEPT   net            fw              tcp     6969

#ACCEPT  net            fw              tcp     4670

ACCEPT   net            fw              udp     4672

ACCEPT   net            fw              udp     4665                                                                                                  

```

It must be the university.

I think I'll just ask them what, if any, ports they have hardwired shut.

----------

## TheWart

Well, I did email them, and they said that port 6969 is the port of "a well known trojan," gatecrasher, was what they called it I think.

Soooo, I guess I am out of luck when it comes to bittorrent.

That sucks.  Thanks for the help all.

----------

## funkmankey

dnno if there is any sort of proxy type thing available for BT?

or you could try to make nice with the people running a particular tracker and ask them to run it on some alternate port instead (e.g. I've seen a lot running on 7979...)

such an annoying thing, 'cos you really only need to get 1 peer from the tracker and then I think that peer can give you other peers/seeds that it knows about even if the tracker goes down.

----------

## Squinky86

I agree- there should be a way to proxy bittorrent, but I haven't found it yet.  Heh, the school admins blocked AIM addresses, so I set my home computer up as a proxy that let people connect.  I don't know how to get around PORT blocking, though...

----------

## funkmankey

I have to admit that the official windows AIM client is amazing in one respect: when you hit that auto-connect-network-search-button in the config, if even the tiniest hole exists in a firewall it will find it and use it.

good point squinky, a simple ssh port-forward, or even squid is a good solution, if you/friend/family have some remote machine to run it on.

----------

## ry00

i used to hav that time out problem with bittorrent from behind my school firewall. but after  i specify my port number as the port  number that appears from PC's outside the firewall. 

e.g, my IP number when i connect into irc. 

it finally works. 

and another thing, i use bittorrent-theshadow at port 6666.

 *Quote:*   

> btdownloadcurses.py --minport 6666 --maxport 6667 --ip ..... --url http://torent
> 
> 

 

hope that help  :Smile: 

----------

