Ticket #1185 (closed defect: invalid)

Opened 2 years ago

Last modified 2 years ago

Rtorrent doesn't use port-range

Reported by: Andrey Owned by: rakshasa
Priority: normal Milestone:
Component: libtorrent Version:
Severity: normal Keywords:
Cc:

Description

Rtorrent can connect to trackers , but doesn't view pirs. When I stop iptables, rtorrent rtorrent works normally. How to make that rtorrent used port_range?

.rtorrent.rc 

port_range = 2929-2929
port_random = no

Iptables rules 

:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
[0:0] -A INPUT -p tcp -m tcp --dport 2929 -j ACCEPT
[0:0] -A OUTPUT -p tcp -m tcp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT

netstat -tnp 

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 192.168.0.11:50985      90.190.163.216:113      ESTABLISHED 18218/rtorrent
tcp        0      0 192.168.0.11:40303      91.124.79.115:37892     ESTABLISHED 18218/rtorrent
tcp        0      0 192.168.0.11:56303      85.141.144.169:29954    ESTABLISHED 18218/rtorrent

Attachments

Change History

Changed 2 years ago by anonymous

The port_range only applies to the listen port, i.e. to incoming connections. For outgoing connections, the OS picks a random port.

Your IP suggests that you are behind a NAT router, make sure to forward the port properly at the router. Either way, this looks like a network configuration problem, not an rtorrent problem.

Changed 2 years ago by anonymous

To check if port_range works or not, do netstat -lnp, you should see rtorrent listening on the right port (26881 in this case): 

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
tcp        0      0 0.0.0.0:26881           0.0.0.0:*               LISTEN     15484/rtorrent

If you wish to capture outgoing connections in iptables somehow, use the "tos" setting in rtorrent to mark the packets and filter/act accordingly.

Changed 2 years ago by rakshasa

  • status changed from new to closed
  • resolution set to invalid

Not a bug.

Changed 2 years ago by anonymous

I can change TOS, but incoming packages doesn't keep TOS. It isn't a solve.

Changed 2 years ago by Andrey

I need a rule which allowed to pass to input packages through iptables.

Changed 2 years ago by anonymous

For incoming connections, the local dest port will be 2929. For outgoing connections, the port is indeterminate but you can use TOS to match packets.

For both incoming and outgoing, allow follow-up packets with state RELATED,ESTABLISHED (both in the INPUT and OUTPUT tables). You only have that in the OUTPUT table now, which won't work because you're blocking incoming packets for outgoing connections.

Changed 2 years ago by anonymous

Unless I'm severely mistaken, "-p tcp -m tcp -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT" is equivalent to "-p tcp -j ACCEPT" - all packets which aren't NEW should be ESTABLISHED.

Add/Change #1185 (Rtorrent doesn't use port-range)

Author


E-mail address and user name can be saved in the Preferences.


Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.