My bittorrent client does work very well, but to achieve that I have to set the following packet filter rule:

Source: MyIP -> Service:Any -> Destination:Any
allways allowed

I had to define this rule cos the ASG had blocked all packets sending from myIP with random outgoing ports. And these connection seems to be needed for using the bittorrent network.

Depending on the client, the SOURCE port may be predictable.

Barry

__________________
http://DealBert.net
Home & business end-user since v1.x

• ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
  
• ASL 7.3x, Dell PE1550 Dual PIII 1GHz, 1GB RAM, 2 NICs, 50-IP Platinum License
  
• ASL 7.5x, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
  Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
  Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb

Predictable source port? how?

I think the outgoing port could be the port the other torrentusers have on thei clients. So I have to select almost every port above 1024?

Each TCP connection has a SOURCE port and a DEST port.

If these are outgoing from your internal PC, then the SOURCE port is determined by the software or TCP stack on your PC; it is NOT the other user's port.

Therefore, if you BT client keeps it's outgoing connections on a single SOURCE port (or a range), you can create rules based upon that source port.

Vuze (nee Azureus), for example, makes all of it's outgoing connections on the same port you configure for incoming traffic.
e.g., I have it set for 56881, and I ran IPTraf, and I see all connections to my PC are to/from port 56881.

Therefore,
I have definitions for
TCP/UDP 1024:65535 → 56881
and
56881 → 1:65535

and I have PF rules (and NAT and QOS settings) to match.

Barry

__________________
http://DealBert.net
Home & business end-user since v1.x

• ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
  
• ASL 7.3x, Dell PE1550 Dual PIII 1GHz, 1GB RAM, 2 NICs, 50-IP Platinum License
  
• ASL 7.5x, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
  Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
  Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb

Thanks a lot for your explanation :-)

I am using Transmission, and do not find any switches to adjust the portrange. It seems to be accidentally.

__________________
- ASG 7.402 Home License [FSC Futro S400; 1GB DDR; 1Ghz AMD Geode NX; 4 Nic D-Link DFE-580TX]
- ASG 7.402 Home License [ASG 110/120 1GB DDR]
- ASG 7.450 BETA Home License [FSC Futro S500; 1GB DDR2; 1Ghz AMD Sempron 2100+]

Hi Barry

could you please explain me howto configure the NAT rule and the pf rules?
i try some but it didn´t work for me

THX A LOT and regards
ACID25

Hi ACID25

I am using utorrent and the NAT and PF will be the same (you have to change the ports and client ip that uses the torrent client)


Definitions:
------------
under network create client_A(basically the pc that uses the torrent )
Service: define the ports for utorrent (destination port :***x)


Packet Filter
--------
source :Any
service :utorrent
Destination: client_A

Nat
------
traffic source: Any
Traffic service :utorrent
traffic destination: external wan ip
Nat mode: DNAT
destination: client_A
destination service: nothing
automatic pf rule unchecked

Now if you configure the same but change the ports to the correct ones(i think bittorrent uses range of ports whereas utorrent uses one) and configure the client everything should work

hope that helps!

__________________

• R.T.F.M. – A hitchhiker's guide to IT
  
• How To Ask Questions The Smart Way

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000

Exactly as Wingman said.

It gets messier if you don't use a client that uses a single port for all torrents, so try to use one that does. Azureus/Vuze works fine for me, but uTorrent reportedly uses much less RAM.

However, Hans asked earlier about controlling outgoing traffic, so the outgoing rule could look like this:
source PC, service BitTorrentOUT, dest any, allow
where BitTorrentOUT is defined as
TCP/UDP
source port: port # you've configured in the client (e.g. 6881).
dest port 1024:65535

Barry

__________________
http://DealBert.net
Home & business end-user since v1.x

• ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
  
• ASL 7.3x, Dell PE1550 Dual PIII 1GHz, 1GB RAM, 2 NICs, 50-IP Platinum License
  
• ASL 7.5x, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
  Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
  Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb

Barry I haven't defined outgoing traffic and utorrent works fine. Is it something that you have to configure?

__________________

• R.T.F.M. – A hitchhiker's guide to IT
  
• How To Ask Questions The Smart Way

Running Astaro ASG virtual appliance | Home power user 100 IP license
Intel Dual Core 2.4GHz (800MHz) | 4GB (2 x 2GB) PC2-6400 800Mhz 5-5-5-18 | WD 160GB |3 x Intel Pro/1000

If you already have another rule for outgoing traffic (e.g. INT, ANY, ANY), then you're fine.
The original poster had asked though, so I wanted to make sure I covered that too.

Barry

__________________
http://DealBert.net
Home & business end-user since v1.x

• ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
  
• ASL 7.3x, Dell PE1550 Dual PIII 1GHz, 1GB RAM, 2 NICs, 50-IP Platinum License
  
• ASL 7.5x, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
  Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
  Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb