Hello ASG Gurus,
I need some help on this issue again. I am runng ASG 7.502. I have a Windows Home Server on which I have installed uTorrent client. Here is my ASG setup to allow uTorrent to connect on port 6890. The uTorrent client has a port setting which I have fixed to 6890.

I have arrived at this setup after lot of research on various websites about how to configure uTorrent but something is still not right and my head is spinning looking at the setup.

When uTorrent is running, it frequently causes portscan messages to be sent out by ASG. I am at a loss to explain why portscan messages are being generated since the port is fixed. Please guide me in the right direction.

Network (host):
homeserver: 192.168.200.10
Bound to Internal

Services:
BT_In: TCP/UDP 1024:65535->6890
BT_Services: TCP/UDP 1:65535->6890

DNAT:
Traffic Selector: Any->/BT_In/->External (WAN) (Address)
Destination Translation: homeserver ->/BT_Services/
No automatic filter rule
No Initial packet logging

Packet Filter:
Any ->/BT_Services/-> homeserver
homeserver ->/Any/-> Any


Thanks...
Arun Gupta

Hi Arun,
I suspect that the utorrent is trying to find additional ports to use.

Have a look at the live security display or the log and review what is happening.

Ian M

__________________
Home Power User unlimited licence - v7.50x - AMD X2 5050e with 2gb,1 intel NIC, the onboard NIC and netgear gs108t with vlans.

Thanks for reply. I looked at the live log and several dropped packets caught my attention:

80.216.82.60:50 → <My_WAN_IP>:6890

I am confused as to why incoming packets to port 6890 are being dropped? I have NAT and packet filter rules to allow these packets to port 6890. Otherwise I cannot see many dropped packets.

Thanks...
Arun Gupta

Hi Arun,
I suspect that the issue is going to be the 1024:65535 for incoming packets.

You can use that for outgoing, but you have no control over what the far end generates for incoming to you.

Ian M

__________________
Home Power User unlimited licence - v7.50x - AMD X2 5050e with 2gb,1 intel NIC, the onboard NIC and netgear gs108t with vlans.

If that doesn't solve your problem, please post the complete line from the packet filter log (not the live log) showing that such a packet was dropped. Also, please show a picture of the PF rule that should allow the packet.

Cheers - Bob

__________________
ACE V7 - Astaro Preferred Partner since V3
Addicted to my iPhone!

Just a simple question but have you removed the Utorrent machine from the IDS ? There is the ability to stop it generating alarms and blocking the trafic.

It may well be the IDS is blocking the client, If the client tries a series of ports before if finds the open one it may be blocking it.

__________________
There are only 10 types of people in the world. Those that understand binary and those that dont.

Here is my final configuration which works and does not generate port scan messages:

Network:
Host: homeserver <My internal IP address of Windows Home Server>

Service:
BT_In: TCP/UDP Dport 6890 SrcPort 1:65535

NAT:
Traffic selector: Any BT_In External WAN address
Dest Translation: homeserver
No automatic packet filter rule
No logging

Packet Filter rules:
Any BT_In homeserver
homeserver Any Any

Intrusion Prevention:
Exceptions: Skip Anti-portscan Source Network homeserver

I have tested this configuration with uTorrent client 2.0 build 17668 and everything works fine. Thanks to stuartbe for pointing out the IDS exception.

The willingness to help newcomers is just exceptional in this forum and I am extremely thankful for this. It inspires me a lot to learn about the ASG product.

setup a dnat to the workstation and tell utorrent to use that port. torrent programs by default can your firewalls to try to find something open for two-way communication. This behavior is not unexpected given Astaro's default configuration and the program involved.

__________________
50 user home license:ASL 7.5x p-4 celey 2.53 2 gigs ram 80 gig hdd intel/3com nics
50 user home license:ASL 7.5x p-4 xeon 2.8 ghz HT, 2 gigs ram, 250 gig HDD, 2 x Intel gig-e, 3com 3c905B

Registered Microsoft Partner
Emmanuel Computer Consulting, L.L.C.
http://www.emmanuelcomputerconsulting.com

Thanks William. I guess that is what I ended up doing. The problem I next ran into was that ASG was generating mass scale port scan messages (1200+ e-mail messages in about 18 hours).

Looking at the IDS log, I saw that whenever uTorrent was trying to rapidly open 4-6 connections to external servers on port 6890, ASG was generating port scan messages. I had allowed communication on port 6890 but I guess ASG still treats rapid successive connection attempts on any given port as port scan.

Yes. Best to disable PortScan detection for the IP of your P2P pc.

Barry

__________________
http://DealBert.net
Home & business end-user since v1.x

• ASL 6.3x, HP DL145 Dual Opteron, 1GB RAM, 6 gigE NICs, 50-IP Platinum License
  
• ASL 7.3x, Dell PE1550 Dual PIII 1GHz, 1GB RAM, 2 NICs, 50-IP Platinum License
  
• ASL 7.5x, 17-watt fanless mini-ITX system: MSI IM-945GSE-A Atom n270, 2GB RAM, Morex T3310 case. 2 Intel GigE, 3 VLANs. 80G 5200rpm 2.5" HD
  Netgear GS108T gigE VLAN switch & Linksys WRT54G WAP
  Total network infrastructure: 27 watts. 100-IP Home User. FiOS 10mb/2mb