[Libtorrent-devel] Firewalling with rTorrent - configurable
source port?
Anders Andersson
pipatron at gmail.com
Tue Oct 31 12:45:28 UTC 2006
On 10/31/06, Michael Alger <libtorrent at mm.quex.org> wrote:
>
> On Tue, Oct 31, 2006 at 12:14:15AM +0100, Anders Andersson wrote:
>
> > Hi! I'm very eager to try rTorrent, it looks really good, but I am a bit
> > anal about firewalling. I'm currently using uTorrent on a windows
> machine,
> > and I have configured it to use a static port for outgoing connections.
> I
> > use this port number in my external firewall to make sure that uTorrent
> can
> > connect to all trackers and peers no matter what port it needs to
> connect
> > to, but to maintain a nice and tight firewall for the rest of the
> machine.
>
> Am I reading this correctly: you have uTorrent set up to bind its
> _outgoing_ connections so that they originate from a single local port?
Yes, this is precisely what I'm looking for.
> Does rTorrent have a similar option, or does anyone have a suggestion on
> how
> > to let it connect to whatever ports it wants to but to keep the rest of
> the
> > system blocked? Does my question even make sense? I'm not sure it's even
> > possible to do it, but since it works very well in uTorrent, I assume
> the
> > concept would work even better in linux.
>
> I don't think rtorrent has an option to do this. You can restrict which
> port it _listens_ on for incoming connections by using the -p option
> Viktor referred to, or port_range in the configuration file.
>
> You can also have rtorrent bind _outgoing_ (as well as listening)
> connections to a specific IP (-b, bind), so you might be able to
> simulate the behaviour you're after by adding an additional IP to your
> local system and getting rtorrent to use that; then, allow that IP to
> make connections to the internet.
>
> The Linux netfilter suite (iptables) can also permit/deny traffic based
> on the local process ID amongst other factors; so you could potentially
> set up the local firewall to allow the rtorrent process to connect to
> whatever it wants.
>
Ah, yes, filtering on the PID would help a bit, but would still require me
to open up all outgoing ports from any process from that server on the
external firewall. Binding rTorrent to another IP sounds like an interesting
idea, but very 'cludgy'. The best solution for me would of course be a
configurable listening port for outgoing connections, but I know too little
C++ to add the modifications myself, and I don't even know if it would be
technically possible. I suppose the modifications would be trivial if I did,
except maybe for the CURL parts I saw in the source code.
Thanks for the reply,
Anders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://rakshasa.no/pipermail/libtorrent-devel/attachments/20061031/385ad710/attachment.html
More information about the Libtorrent-devel
mailing list