OUTBOUND FILTERING AND BIT TORRENT bitlord

I am using a bit torrent client called bit lord.

I set up outbound filtering on my firewall to only allow access to
ports 80 and 443 for web surfing,

Now , obviously , bit lord wont work.

Question :

which outbound ports do i need to open ?

since bitlord is connecting to peers which can have any port set as
the server port then it appears i have to allow outbound traffic to
all TCP Ports in order to allow bitlord to connect,

IS this correct ?

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

navti wrote:

> I am using a bit torrent client called bit lord.
>
> I set up outbound filtering on my firewall to only allow access to
> ports 80 and 443 for web surfing,
>
> Now , obviously , bit lord wont work.
>
> Question :
>
> which outbound ports do i need to open ?


If you can't answer this question yourself (including RTFM and taking a look
at your log file), then you shouldn't try to run a firewall.

> since bitlord is connecting to peers which can have any port set as
> the server port then it appears i have to allow outbound traffic to
> all TCP Ports in order to allow bitlord to connect,
>
> IS this correct ?

No, it's pure nonsense, showing that you don't even understand what TCP
states and stateful filtering are. Please do yourself a favor and stop
thinking that you could run a firewall.

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On 16 May, 13:54, "Sebastian G." wrote:
> navti wrote:
> > I am using a bit torrent client called bit lord.
>
> > I set up outbound filtering on my firewall to only allow access to
> > ports 80 and 443 for web surfing,
>
> > Now , obviously , bit lord wont work.
>
> > Question :
>
> > which outbound ports do i need to open ?
>
> If you can't answer this question yourself (including RTFM and taking a look
> at your log file), then you shouldn't try to run a firewall.
>
> > since bitlord is connecting to peers which can have any port set as
> > the server port then it appears i have to allow outbound traffic to
> > all TCP Ports in order to allow bitlord to connect,
>
> > IS this correct ?
>
> No, it's pure nonsense, showing that you don't even understand what TCP
> states and stateful filtering are. Please do yourself a favor and stop
> thinking that you could run a firewall.

wow. thanks. I dont have a stateful firewall. I have a SOHO firewall.
A Netgear DG834G to be precise,

It allows basic packet filtering rules only.

So I have to open up outbound traffic to certain TCP ports.

Looking at the logs I can see that Bitlord is making outbound
connections to many many different TCP ports,

The only way I can get it to work is to allow all outbound TCP.

inbound traffic is not an issue as BitLord will work quite happily
with outbound connections only,

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

navti wrote:


> wow. thanks. I dont have a stateful firewall. I have a SOHO firewall.
> A Netgear DG834G to be precise,


What's that supposed to mean? Almost any SOHO firewall should do stateful
filtering, and a Netgear DG834G clearly should.

> It allows basic packet filtering rules only.


This just means that you can't refer to the TCP states in your ruleset. A
bit limiting, but not relevant for your case.

> So I have to open up outbound traffic to certain TCP ports.


Ehm... yes. I wonder why you even limited outbound connections.

> inbound traffic is not an issue as BitLord will work quite happily
> with outbound connections only,

Doubtful. But again, this is a case of RTFM.

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On 16 May, 14:55, "Sebastian G." wrote:
> navti wrote:
> > wow. thanks. I dont have a stateful firewall. I have a SOHO firewall.
> > A Netgear DG834G to be precise,
>
> What's that supposed to mean? Almost any SOHO firewall should do stateful
> filtering, and a Netgear DG834G clearly should.
>
> > It allows basic packet filtering rules only.
>
> This just means that you can't refer to the TCP states in your ruleset. A
> bit limiting, but not relevant for your case.
>
> > So I have to open up outbound traffic to certain TCP ports.
>
> Ehm... yes. I wonder why you even limited outbound connections.
>
> > inbound traffic is not an issue as BitLord will work quite happily
> > with outbound connections only,
>
> Doubtful. But again, this is a case of RTFM.

inbound traffic is not an issue i can assure you.

it works fine with all inbound traffic denied,

my manual tells me it only needs outbound connections to work.

so i set up a basic filter to allow TCP outbound to ports 6000-7000

and i block everything else

i look in the logs and i look at my bitlord client

what do i see ?

i see that some outbound connections are working ie those to peers
listening on ports in the range 6000-7000

so i can get some traffic

i see that traffic to peers listening on other TCP ports are blocked

i increase thse scope of my filter to allow TCP 1000-65535 and i get
most traffic

some is still filtered to peerfs using TCP ports outside that range

so the only way i can see is to allow ALL TCP traffic outbound

have you actually tried this yourself ?

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On 16 May, 14:55, "Sebastian G." wrote:
> navti wrote:
> > wow. thanks. I dont have a stateful firewall. I have a SOHO firewall.
> > A Netgear DG834G to be precise,
>
> What's that supposed to mean? Almost any SOHO firewall should do stateful
> filtering, and a Netgear DG834G clearly should.
>
> > It allows basic packet filtering rules only.
>
> This just means that you can't refer to the TCP states in your ruleset. A
> bit limiting, but not relevant for your case.
>
> > So I have to open up outbound traffic to certain TCP ports.
>
> Ehm... yes. I wonder why you even limited outbound connections.
>
> > inbound traffic is not an issue as BitLord will work quite happily
> > with outbound connections only,
>
> Doubtful. But again, this is a case of RTFM.

inbound connections are not reqquired,

it works with outbound connections only.

if i open up TCP ports 6000-7000 i can connect to some peers.

if i open up TCP ports 1000-65000 i can connect to most peers

if i open up ALL TCP ports I can connect to ALL peers

therefore with my firewall (which doesnt allow me to filter by
application ) i surely must allow ALL OUTBOUND TCP traffic for BitLord
to work fully.

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

navti wrote:


>>> inbound traffic is not an issue as BitLord will work quite happily
>>> with outbound connections only,
>> Doubtful. But again, this is a case of RTFM.
>
> inbound connections are not reqquired,


Sure they are. Just consider peers with the same setup...

> therefore with my firewall (which doesnt allow me to filter by
> application )


Well, why and how should it?

> i surely must allow ALL OUTBOUND TCP traffic for BitLord
> to work fully.


I still wonder where your problem is.

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On May 16, 11:10 am, navti wrote:
> On 16 May, 14:55, "Sebastian G." wrote:
>
>
>
>
>
> > navti wrote:
> > > wow. thanks. I dont have a stateful firewall. I have a SOHO firewall.
> > > A Netgear DG834G to be precise,
>
> > What's that supposed to mean? Almost any SOHO firewall should do stateful
> > filtering, and a Netgear DG834G clearly should.
>
> > > It allows basic packet filtering rules only.
>
> > This just means that you can't refer to the TCP states in your ruleset. A
> > bit limiting, but not relevant for your case.
>
> > > So I have to open up outbound traffic to certain TCP ports.
>
> > Ehm... yes. I wonder why you even limited outbound connections.
>
> > > inbound traffic is not an issue as BitLord will work quite happily
> > > with outbound connections only,
>
> > Doubtful. But again, this is a case of RTFM.
>
> inbound connections are not reqquired,
>
> it works with outbound connections only.
>
> if i open up TCP ports 6000-7000 i can connect to some peers.
>
> if i open up TCP ports 1000-65000 i can connect to most peers
>
> if i open up ALL TCP ports I can connect to ALL peers
>
> therefore with my firewall (which doesnt allow me to filter by
> application ) i surely must allow ALL OUTBOUND TCP traffic for BitLord
> to work fully.- Hide quoted text -
>
> - Show quoted text -

I'm curious... you've not yet stated WHY you are limiting your
OUTBOUND connections... of course you want your inbound limited... you
don't want everyone connecting to you, you want to connect to everyone
else...

RedForeman

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On May 16, 5:15 pm, "Sebastian G." wrote:
> navti wrote:
> >>> inbound traffic is not an issue as BitLord will work quite happily
> >>> with outbound connections only,
> >> Doubtful. But again, this is a case of RTFM.
>
> > inbound connections are not reqquired,
>
> Sure they are. Just consider peers with the same setup...
>
i dont need to open any inbound ports on my firewall

@@@@@@@@@@@@@@@@@
http://dessent.net/btfaq/#terms

BitTorrent will usually work fine in a NAT (network address
translation) environment, since it can function with only outbound
connections. Such environments generally include all situations where
multiple computers share one publicly-visible IP address, most
commonly: computers on a home network sharing a cable or xDSL
connection. If you are unsure of whether you have NAT or not, then try
this link which will try to determine if you are behind a NAT gateway.
@@@@@@@@@@@@@@@@@@

i am using NAT,

> > therefore with my firewall (which doesnt allow me to filter by
> > application )
>
> Well, why and how should it?
>
checkpoint does,

> > i surely must allow ALL OUTBOUND TCP traffic for BitLord
> > to work fully.
>
> I still wonder where your problem is.

my problem is that i want to filter outbound traffic at my router,

if i attempt to filter TCP outbound BitLord stops functioning,

it only works fully if i allow TCP outbound to all ports.

i think i should ask this question on alt.torrents instead

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

navti wrote:
> my problem is that i want to filter outbound traffic at my router,
>
> if i attempt to filter TCP outbound BitLord stops functioning,
>
> it only works fully if i allow TCP outbound to all ports.
>
> i think i should ask this question on alt.torrents instead

That is the reason why it does not make much sense to filter output
connections if you want to use BitTorrents. Outbound filtering only
works if you have a very strict narrow security policy. Application
based filtering is not part of that. BitTorrents won't fit into this. If
you want tight security with outbound filtering don't use BitTorrents.
If you want to use BitTorrents, don't filter outbound traffic.

If you want, buy an expensive firewall with application-based filtering.
But for protocols like those used for BitTorrents it won't help you much
I guess. The reason why it uses all ports is to circumvent filtering.
Trying to filter software which is designed to circumvent it is
obviously not effective.

Gerald

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On May 16, 6:48 pm, RedForeman wrote:
> On May 16, 11:10 am, navti wrote:
>
>
>
> > On 16 May, 14:55, "Sebastian G." wrote:
>
> > > navti wrote:
> > > > wow. thanks. I dont have a stateful firewall. I have a SOHO firewall.
> > > > A Netgear DG834G to be precise,
>
> > > What's that supposed to mean? Almost any SOHO firewall should do stateful
> > > filtering, and a Netgear DG834G clearly should.
>
> > > > It allows basic packet filtering rules only.
>
> > > This just means that you can't refer to the TCP states in your ruleset. A
> > > bit limiting, but not relevant for your case.
>
> > > > So I have to open up outbound traffic to certain TCP ports.
>
> > > Ehm... yes. I wonder why you even limited outbound connections.
>
> > > > inbound traffic is not an issue as BitLord will work quite happily
> > > > with outbound connections only,
>
> > > Doubtful. But again, this is a case of RTFM.
>
> > inbound connections are not reqquired,
>
> > it works with outbound connections only.
>
> > if i open up TCP ports 6000-7000 i can connect to some peers.
>
> > if i open up TCP ports 1000-65000 i can connect to most peers
>
> > if i open up ALL TCP ports I can connect to ALL peers
>
> > therefore with my firewall (which doesnt allow me to filter by
> > application ) i surely must allow ALL OUTBOUND TCP traffic for BitLord
> > to work fully.- Hide quoted text -
>
> > - Show quoted text -
>
> I'm curious... you've not yet stated WHY you are limiting your
> OUTBOUND connections... of course you want your inbound limited... you
> don't want everyone connecting to you, you want to connect to everyone
> else...
>
> RedForeman

i have my reasons.

anyway it appears bitlord needs all TCP OUTBOUND allowed to function
properly,

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

navti wrote:


> BitTorrent will usually work fine in a NAT (network address
> translation) environment, since it can function with only outbound
> connections.


You're ignoring the fact that then you can't connect with any peers of the
same setup, thereby limiting your connectivity.

>>> therefore with my firewall (which doesnt allow me to filter by
>>> application )
>> Well, why and how should it?
>>
> checkpoint does,


"someone stupid does" (or did you mean "someone allows me to do something
stupid") sure is an argument...

>>> i surely must allow ALL OUTBOUND TCP traffic for BitLord
>>> to work fully.
>> I still wonder where your problem is.
>
> my problem is that i want to filter outbound traffic at my router,


And WHY do you want that? You're just shooting yourself in the foot, nothing
more.

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On May 17, 12:19 am, "Sebastian G." wrote:
> navti wrote:
> > BitTorrent will usually work fine in a NAT (network address
> > translation) environment, since it can function with only outbound
> > connections.
>
> You're ignoring the fact that then you can't connect with any peers of the
> same setup, thereby limiting your connectivity.

you havent a clue dude. so shut it,

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On May 16, 7:19 pm, "Sebastian G." wrote:
> navti wrote:
> > my problem is that i want to filter outbound traffic at my router,
>
> And WHY do you want that? You're just shooting yourself in the foot, nothing
> more.

Remember, he has his reasons....

....ever get the feeling, ppl don't ask the real questions, only come
up with scenarios that are just too weird for words?

RedForeman

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On May 16, 6:19 pm, "Sebastian G." wrote:
> navti wrote:
> > BitTorrent will usually work fine in a NAT (network address
> > translation) environment, since it can function with only outbound
> > connections.
>
> You're ignoring the fact that then you can't connect with any peers of the
> same setup, thereby limiting your connectivity.
>
> >>> therefore with my firewall (which doesnt allow me to filter by
> >>> application )
> >> Well, why and how should it?
>
> > checkpoint does,
>
> "someone stupid does" (or did you mean "someone allows me to do something
> stupid") sure is an argument...
>
> >>> i surely must allow ALL OUTBOUND TCP traffic for BitLord
> >>> to work fully.
> >> I still wonder where your problem is.
>
> > my problem is that i want to filter outbound traffic at my router,
>
> And WHY do you want that? You're just shooting yourself in the foot, nothing
> more.

Why don't you block all incoming ports and do port forwarding with the
services you need? I don't think it makes much sense to filter
outbound ports especially when you are in a NAT environment. I work
with several SonicWall firewalls at work and they only filter incoming
connections, we don't run NAT either.

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On May 17, 4:24 am, navti wrote:
> On May 17, 12:19 am, "Sebastian G." wrote:
>
> > navti wrote:
> > > BitTorrent will usually work fine in a NAT (network address
> > > translation) environment, since it can function with only outbound
> > > connections.
>
> > You're ignoring the fact that then you can't connect with any peers of the
> > same setup, thereby limiting your connectivity.
>
> you havent a clue dude. so shut it,

Who doesn't have a clue?

Go read the specs on BitLord, and you'll find that it does NOT require
anything special, like all other torrent software, even limewire and
gnutella are similar...

Why does BitLord use only one incoming TCP port?
You can use a single TCP port for all your torrents, no matter how
many are simultaneously downloading or uploading, 10 or 100.



RedForeman

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

Hexalon wrote:


> Why don't you block all incoming ports and do port forwarding with the
> services you need?


1. Because I'm directly connected to a PPPoE dial-up.
2. Because I'm particularly running varying services on ports >1024. Indeed,
for ports <= 1024 I'm blocking everything unless matched with a state table
entry or a specific service being used from a specific location (DNS
replies, FTPS server on LAN).

But it's not that this would be needed. And neither that this has anything
to do with his trial of blocking *outgoing* traffic.

> I don't think it makes much sense to filter
> outbound ports especially when you are in a NAT environment.


Yes and no.

Yes, it's indeed generally a stupid idea.

No, because you should employ egress filtering and state tracking. You might
also limit specific services (f.e. blocking SMTP totally, deliver mail via
SUBMISSION instead).

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On May 17, 6:11 pm, "Sebastian G." wrote:
> Hexalon wrote:
> > Why don't you block all incoming ports and do port forwarding with the
> > services you need?
>
> 1. Because I'm directly connected to a PPPoE dial-up.
> 2. Because I'm particularly running varying services on ports >1024. Indeed,
> for ports <= 1024 I'm blocking everything unless matched with a state table
> entry or a specific service being used from a specific location (DNS
> replies, FTPS server on LAN).
>
> But it's not that this would be needed. And neither that this has anything
> to do with his trial of blocking *outgoing* traffic.
>
> > I don't think it makes much sense to filter
> > outbound ports especially when you are in a NAT environment.
>
> Yes and no.
>
> Yes, it's indeed generally a stupid idea.
>
> No, because you should employ egress filtering and state tracking. You might
> also limit specific services (f.e. blocking SMTP totally, deliver mail via
> SUBMISSION instead).

sorry for being rude but you needlessly started it by saying i wasnt
fit to run a firewall just because i asked a legitimate question.

i want to run bit-torrent but i am concerned about security,

the question is can you run bittorrents and remain secure ?

can you be hacked by a BT peer ?

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

navti wrote:


> sorry for being rude but you needlessly started it by saying i wasnt
> fit to run a firewall just because i asked a legitimate question.


Your question was not legitimate in a technical sense. Whatever your
original problem was, you've drawn a wrong conclusion and then asked how to
implement it. I just pointed out that your conclusion is wrong, and asked if
you might rather state the original problem. Since blocking outgoing traffic
is generally stupid, and in combination with P2P technology it becomes
obviously stupid.

(Well, except if you're running a SOCKS proxy. But then your question would
have been totally different.)

Then again, you've shown a big lack of competence by not differing between
traffic and connections, as well as state (which is important for both
stateful filtering and NAT). Any serious firewall implementation is heavily
concerned with these, so I doubt you have any clue about this really works.

And, even further, your information was obviously incomplete. Only port 80
and 443 for web surfing? What happened to DNS? Why are you ignoring ICMP?
You're either over-simplifying or don't know what you're doing. Sorry to
tell you that directly.

> i want to run bit-torrent but i am concerned about security,

> the question is can you run bittorrents and remain secure ?

Yes. But this is not a matter of the firewall, but rather of the client.

> can you be hacked by a BT peer ?

If your client is exploitable: yes. And no firewall can save you from that.


Now, can we please turn back and come to your real problem: Why do you want
to indiscriminatingly filter outbound traffic/connections? What do you
intend to achieve?

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On May 17, 11:01 pm, "Sebastian G." wrote:
> navti wrote:
> > sorry for being rude but you needlessly started it by saying i wasnt
> > fit to run a firewall just because i asked a legitimate question.
>
> Your question was not legitimate in a technical sense.

ach just fuck off will you,

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On May 17, 6:19 pm, navti wrote:
> On May 17, 11:01 pm, "Sebastian G." wrote:
>
> > navti wrote:
> > > sorry for being rude but you needlessly started it by saying i wasnt
> > > fit to run a firewall just because i asked a legitimate question.
>
> > Your question was not legitimate in a technical sense.
>
> ach just fuck off will you,

real mature.

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On May 16, 5:36 am, navti wrote:
> I am using a bit torrent client called bit lord.
>
> I set up outbound filtering on my firewall to only allow access to
> ports 80 and 443 for web surfing,
>
> Now , obviously , bit lord wont work.
>
> Question :
>
> which outbound ports do i need to open ?
>
> since bitlord is connecting to peers which can have any port set as
> the server port then it appears i have to allow outbound traffic to
> all TCP Ports in order to allow bitlord to connect,
>
> IS this correct ?
to answer your original question to setup bitlord for connections to
outside peers u need to set up port forwarding on your router or port
filtering as u called it. your specific torrenting client uses ports
8075 for both tcp and udp protocol but ur overall problem with peers
is actually ur client. the bitlord client is not exactly favorable to
most trackers because it allows you to adjust your ratio. some
trackers actually require a minimum ratio to download from them so it
really is important to upload as much as u download. i would suggest
changing clients to possible azuerus or utorrent. I would recommend
utorrent for its ease of use and some tracker sites even have
tutorials for use with it. If you are stuck on using bitlord for
whatever reason my suggestion would most certainly not allow all tcp
connections to be port forwarded to you because that would basically
make the firewall useless but enabling some features on bitlord may
fix your connections problem.
>Muad'Dib
>Whirlpool Forums Addict
>In this skanky adware/pornware ridden BitComet clone do the following.
>In BitLord go to Options->Preferences->Advanc=AD ed->Connection
>Then uncheck both:
>Enable NAT/Firewall configuration for ICF/ICS (XP only)
>Enable Upnp Port Mapping (XP only)
and if for whatever reason you are using bitlord because you do want
to be able to edit your ratio status you can also download a program
called greedytorrent which will allow you to adjust your ratio for
your most probably bandwidth limited upload problems.
Hope this helps you

Re: OUTBOUND FILTERING AND BIT TORRENT bitlord

On May 26, 8:14 am, "blackfire...@gmail.com"
wrote:
> On May 16, 5:36 am, navti wrote:
>
> > I am using a bit torrent client called bit lord.
>
> > I set up outbound filtering on my firewall to only allow access to
> > ports 80 and 443 for web surfing,
>
> > Now , obviously , bit lord wont work.
>
> > Question :
>
> > which outbound ports do i need to open ?
>
> > since bitlord is connecting to peers which can have any port set as
> > the server port then it appears i have to allow outbound traffic to
> > all TCP Ports in order to allow bitlord to connect,
>
> > IS this correct ?
>
> to answer your original question to setup bitlord for connections to
> outside peers u need to set up port forwarding on your router or port
> filtering as u called it.

This is not actually true . It is a common misconception.
BitTorrents will work fine with just OUTBOUND TCP connections (try
it).
It is RECOMMENDED (but not REQUIRED) that you set up TCP port forward
at your router to the listening TCP torrent port for faster service.