Opening/Forwarding Ports in ICS

[DreamlaX]

Hi,

I've set up ICS on Win2k Pro, with only one client
(Linux). The client and the server can both access the
internet well enough.

However, since I've enabled ICS, I've noticed that nobody
can connect to me (on the Win2k Pro machine) through ports
6881-6889 (BitTorrent ports). Actually, nobody can connect
to me through any port. It can make the outgoing
connection on port 6969 to the BT tracker, but when it
listens on ports 6881 through 6889 it gets nothing, when I
know it should.

I went into the ICS setup and added BitTorrent to the
applications list, saying remote server port is 6969 (this
is the default port of the BT tracker), but the incoming
connections don't come from the tracker, they come from
other IP addresses, so putting ports 6881 to 6889 in the
incoming section won't do anything.

So I added 6 ports under Services (listed as 6 different
services), 6881 to 6886, and set the address of the server
to 192.168.0.1, which is the IP of the internet sharer,
i.e. my machine.

Still, though, BitTorrent can't seem to hear anything
coming through those ports.

Any ideas?

TIA - Dave.

 

[Matt \(IS Team\)]

Hi,

I've set up ICS on Win2k Pro, with only one client
(Linux). The client and the server can both access the
internet well enough.

However, since I've enabled ICS, I've noticed that nobody
can connect to me (on the Win2k Pro machine) through ports
6881-6889 (BitTorrent ports). Actually, nobody can connect
to me through any port. It can make the outgoing
connection on port 6969 to the BT tracker, but when it
listens on ports 6881 through 6889 it gets nothing, when I
know it should.

I went into the ICS setup and added BitTorrent to the
applications list, saying remote server port is 6969 (this
is the default port of the BT tracker), but the incoming
connections don't come from the tracker, they come from
other IP addresses, so putting ports 6881 to 6889 in the
incoming section won't do anything.

So I added 6 ports under Services (listed as 6 different
services), 6881 to 6886, and set the address of the server
to 192.168.0.1, which is the IP of the internet sharer,
i.e. my machine.

Still, though, BitTorrent can't seem to hear anything
coming through those ports.

Any ideas?

I'm intrigued why you didn't use the Linux box as the gateway, I would have,
it would be much better for your needs ...

Anyway...

Change it to one rule covering the range of ports required, you might need
to a second identical rule for UDP (depends on application requirements)...

Keep things nice and simple by opening the same ports used internally by the
application to the outside...

Having applied the config, check the XP box can still access the ports on
the Linux box, then try it from the outside world. A simple test is to
telnet to the port required, you'll probably not see any data, but if you
connect you know the port forwarding is working...

__
Matt

 

[Dreamlax]

-----Original Message-----



I'm intrigued why you didn't use the Linux box as the gateway, I would have,
it would be much better for your needs ...

Anyway...

Change it to one rule covering the range of ports required, you might need
to a second identical rule for UDP (depends on application requirements)...

Keep things nice and simple by opening the same ports used internally by the
application to the outside...

Having applied the config, check the XP box can still access the ports on
the Linux box, then try it from the outside world. A simple test is to
telnet to the port required, you'll probably not see any data, but if you
connect you know the port forwarding is working...

__
Matt


.

Hi Matt,

Thanks for your reply.

Well, I didn't use the Linux box because it didn't always
have Linux on it, it used to be Windows serving Windows.
In the end I am going to have three machines, two running
Linux, one being a router/firewall (probably going to run
SmoothWall), and the Windows machine.

But in the mean time I would really like to have this
working.

I can't add them as a range (to the Services), it only
takes one port for input, that's why I added several.
Basically, BitTorrent works like this:

1. You connect to a tracker through port 6969, using TCP.
2. BT gives the tracker all your details, IP address, what
parts of the download you already have and so on.
3. The tracker gives that information to the other clients
connected to it.
4. When a client sees that you have a piece of the
downloaded file that it doesn't have, it attempts to
upload a piece that you don't have first, so that you
return the favour after. However, these pieces come in
through 6881 and 6899 using TCP.

It connects to the tracker fine, but because ports 6881
through 6899 aren't open, none of the other clients can
get through. I can connect to other people well, and
upload, but it would be nice if they could return the
favour!

There is a web site that does a port scan if you give it a
range, and it will say if it got a response or not, but it
ALWAYS says it never gets a response. http://www.grc.com/.

Any further ideas?

Cheers,
Dave.

 

[Phillip Windell]

It connects to the tracker fine, but because ports 6881
through 6899 aren't open, none of the other clients can
get through. I can connect to other people well, and
upload, but it would be nice if they could return the
favour!

This is refered to as a "complex protocol" because of the random "subsequent
connections". The ports 6881-6899 are simply secondary connections that are
based off of the first intitial connection with 6969 and are part of the
same protocol session. I don't think ICS will do this. Even more advanced
NAT systems don't do this well.

There is a web site that does a port scan if you give it a
range, and it will say if it got a response or not, but it
ALWAYS says it never gets a response. http://www.grc.com/.

GRC is not dependable, but even if it was, this would show not anything
because nothing is going to be listening on those ports. Those are only
secondary connection ports and are not primary listening ports where the
cnnection is first initiated from.