Hello ASG Gurus,
I need some help on this issue again. I am runng ASG 7.502. I have a Windows Home Server on which I have installed uTorrent client. Here is my ASG setup to allow uTorrent to connect on port 6890. The uTorrent client has a port setting which I have fixed to 6890.

I have arrived at this setup after lot of research on various websites about how to configure uTorrent but something is still not right and my head is spinning looking at the setup.

When uTorrent is running, it frequently causes portscan messages to be sent out by ASG. I am at a loss to explain why portscan messages are being generated since the port is fixed. Please guide me in the right direction.

Network (host):
homeserver: 192.168.200.10
Bound to Internal

Services:
BT_In: TCP/UDP 1024:65535->6890
BT_Services: TCP/UDP 1:65535->6890

DNAT:
Traffic Selector: Any->/BT_In/->External (WAN) (Address)
Destination Translation: homeserver ->/BT_Services/
No automatic filter rule
No Initial packet logging

Packet Filter:
Any ->/BT_Services/-> homeserver
homeserver ->/Any/-> Any


Thanks...
Arun Gupta

Hi Arun,
I suspect that the utorrent is trying to find additional ports to use.

Have a look at the live security display or the log and review what is happening.

Ian M

__________________
Home User licence - v8.0xx - AMD X2 5050e (45w CPU) with 4gb (idles at 37w),1 intel NIC, the onboard NIC and netgear gs108t with vlans
Home user licence - v7.507 -Intel N330 to run Astaro AP 30. Connected to internet via V8.001 ASG
Work essentials licence - v8.0xx - intel D with 1.5gb.

Thanks for reply. I looked at the live log and several dropped packets caught my attention:

80.216.82.60:50 → <My_WAN_IP>:6890

I am confused as to why incoming packets to port 6890 are being dropped? I have NAT and packet filter rules to allow these packets to port 6890. Otherwise I cannot see many dropped packets.

Thanks...
Arun Gupta

Hi Arun,
I suspect that the issue is going to be the 1024:65535 for incoming packets.

You can use that for outgoing, but you have no control over what the far end generates for incoming to you.

Ian M

__________________
Home User licence - v8.0xx - AMD X2 5050e (45w CPU) with 4gb (idles at 37w),1 intel NIC, the onboard NIC and netgear gs108t with vlans
Home user licence - v7.507 -Intel N330 to run Astaro AP 30. Connected to internet via V8.001 ASG
Work essentials licence - v8.0xx - intel D with 1.5gb.

If that doesn't solve your problem, please post the complete line from the packet filter log (not the live log) showing that such a packet was dropped. Also, please show a picture of the PF rule that should allow the packet.

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

Just a simple question but have you removed the Utorrent machine from the IDS ? There is the ability to stop it generating alarms and blocking the trafic.

It may well be the IDS is blocking the client, If the client tries a series of ports before if finds the open one it may be blocking it.

__________________
There are only 10 types of people in the world. Those that understand binary and those that dont.

Here is my final configuration which works and does not generate port scan messages:

Network:
Host: homeserver <My internal IP address of Windows Home Server>

Service:
BT_In: TCP/UDP Dport 6890 SrcPort 1:65535

NAT:
Traffic selector: Any BT_In External WAN address
Dest Translation: homeserver
No automatic packet filter rule
No logging

Packet Filter rules:
Any BT_In homeserver
homeserver Any Any

Intrusion Prevention:
Exceptions: Skip Anti-portscan Source Network homeserver

I have tested this configuration with uTorrent client 2.0 build 17668 and everything works fine. Thanks to stuartbe for pointing out the IDS exception.

The willingness to help newcomers is just exceptional in this forum and I am extremely thankful for this. It inspires me a lot to learn about the ASG product.

setup a dnat to the workstation and tell utorrent to use that port. torrent programs by default can your firewalls to try to find something open for two-way communication. This behavior is not unexpected given Astaro's default configuration and the program involved.

__________________
50 user home license:ASL 7.5x p-4 celey 2.53 2 gigs ram 80 gig hdd intel/3com nics

Astaro Authorized Reseller
Registered Microsoft Partner
Emmanuel Computer Consulting, L.L.C.
http://www.eccmd.com

Thanks William. I guess that is what I ended up doing. The problem I next ran into was that ASG was generating mass scale port scan messages (1200+ e-mail messages in about 18 hours).

Looking at the IDS log, I saw that whenever uTorrent was trying to rapidly open 4-6 connections to external servers on port 6890, ASG was generating port scan messages. I had allowed communication on port 6890 but I guess ASG still treats rapid successive connection attempts on any given port as port scan.

Yes. Best to disable PortScan detection for the IP of your P2P pc.

Barry

__________________
http://DealBert.net
Home & business end-user since v1.x

• ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
  
• ASL 7.5x, HP DL360G5, Xeon 5160, 3GB, RAID, gigE NICs, 50-IP Platinum License
  
• ASL 7.5x, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
  Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
  Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb