crash893

trouble with rotuer

Recommended Posts

I'm starting to play around with BTS at my small biz for a dropbox alternative

I have an astaro utm 120 and FOR the life of me i can't get it to work from outside the building to a server inside the network

any instructions or port lists or instructions on how to setup portforwarding for this app?

Share this post


Link to post
Share on other sites

Search the forums, read the forums, read the official and unofficial FAQ, and read the instructions on the download page. It's all explained very well how to punch it through firewalls using UPnP or static NAT/PAT mappings.

Share this post


Link to post
Share on other sites

Search the forums, read the forums, read the official and unofficial FAQ, and read the instructions on the download page. It's all explained very well how to punch it through firewalls using UPnP or static NAT/PAT mappings.

thanks for taking the time to write that and not post a link to

Share this post


Link to post
Share on other sites

I don't think he was trying to be rude as you implied.

He probably could have posted the link, but he would have had to search for it first. I think he was trying to point out that your question has been answered here.

Share this post


Link to post
Share on other sites

Just open outgoing port 3000 udp. If you need a direct connection you need to port foreward the listening port.

Also make sure your fw isnt blocking bittorent traffic..

Share this post


Link to post
Share on other sites

My apologies, I've been trying to figure this out for a few days. And with a fledgling technology its probably best to answer as many questions as possible to help get it off the ground

Hopefully i just took it the wrong way and if so sorry.

@Jeronsoenmans, thanks ill give that a try

Share this post


Link to post
Share on other sites

I'm not sure if you solution worked but here is what i see in my router

15:43:07 Default DROP UDP 10.10.10.194 : 42816 → 71.163.111.175 : 61241

15:43:07 Default DROP UDP 10.10.10.116 : 42816 → 71.163.111.175 : 61241

15:43:07 Packet filter rule #12 UDP 10.10.10.116 : 42816 → 54.225.100.8 : 3000

15:43:07 Default DROP UDP 10.10.10.116 : 42816 → 75.145.94.57 : 42816

15:43:07 Packet filter rule #12 UDP 10.10.10.116 : 42816 → 54.225.196.38 : 3000

15:43:08 Default DROP UDP 10.10.10.194 : 42816 → 71.163.111.175 : 61241

15:43:08 Default DROP UDP 10.10.10.194 : 42816 → 71.163.111.175 : 61241

so its allowing my work machine to talk to whoever 54.225.100.8 is but the 71.161 address is my home computer and its not allowing that bceuase thats on a diffrent listening port

Am i missing something

Share this post


Link to post
Share on other sites

Ok so 10.10.10.116 can communicate with the tracker (54.x.x.x) on 3000. Thats a start. Now you make sure that your home client can do the same.

Do not create a direct connection just yet, so just ignore the listening port.

Also make sure that you enabled the (default on) option to use those trackers

Share this post


Link to post
Share on other sites

I got this working but I wanted to refine it just a little

So i have a rule now that

ANY internal IP on port 42816(randomly picked by me) can call out to any ip on port 3000

AND

ANY external IP on 42816 can talk to any internal ip on 42816

What I wanted to clear up was

1) is it always port 3000 for the sync servers (I assume thats what the 54.x.x.x server is)

2) what is the range of the 54.x.x.x servers so i can lock that down a little bit more

3) would it break anything if i just switched all my clients down to port 3000 and altered the rule that 3000 can go in and out?

Share this post


Link to post
Share on other sites

1) i think so yes.

2) interesting question for restrictive firewalls like mine :) right now i have outbound port 3000 open for all the btsync clients

3) did you mean you change your listening port to 3000 of all your clients, if so this isn't possible. Every client need his own unique incomming port in the lan, besides you can only port foreward one port to one client. port forewarding is a one to one relation.

There is one thing wrong with your setup:

ANY external IP on 42816 can talk to any internal ip on 42816

has to be:

ANY external IP on 42816 can talk to your btsync client ip with the listening port on 42816. (firewall rule) AND you need to create a port forewarding rule (look it op if you don't know what portforewarding means)

You can subtitute "any external IP" by all your known public ip's (like work, ...)

But like i said before, this port forewarding stuff is only needed when you want to create a direct connection.

Share this post


Link to post
Share on other sites

Okay, about minimum firewall requirements...

The relay and the tracker are found using DNS, these are the current settings for relay and tracker.

Note the TTL less than 5 minutes in both cases, this is the warning they need to give to change these.

;; ANSWER SECTION:

r.usyncapp.com. 203 IN A 67.215.231.242

r.usyncapp.com. 203 IN A 67.215.229.106

;; ANSWER SECTION:

t.usyncapp.com. 258 IN A 54.225.100.8

t.usyncapp.com. 258 IN A 54.225.196.38

t.usyncapp.com. 258 IN A 54.225.92.50

Normal operation is using the tracker to find peers and using direct connections between the peers to transfer data. All data is transferred using UDP packets.

Your BTSync has a port configured, say 20001.

The Peer has a port configured, say 20002.

The tracker has port 3000 configured.

The relay has port 3000 configured.

Requirements are:

  • Unsolicited packets must be able to travel from your port 20001 to the tracker on port 3000.
  • Solicited replies from the tracker on port 3000 to your port 20001 are required.
  • Unsolicited packets must be able to traverse your firewall from your port 20001 to Peer's port 20002
  • Solicited replies from Peer on port 20002 to your port 20001 are required.
  • The public port that the firewall presents must be the same as the BTSync configured port. If your firewall renumbers ports unpredictably only the relay server can be used.

This assumes your firewall uses the normal 'timeout' method of noticing solicited responses. The problem is that the firewall will not see the request for the first response as it travels via the tracker. It must not do anything "unfortunate" when it sees this "response".

If your firewall is broken in this way then unsolicited packets must be accepted both ways between UDP ports 20001 and 20002.

If your firewall cannot be fixed connections to the relay must be opened for all peers that need to communicate with you.

If you wish to use DHT you must accept unsolicited packets on your port 20001 from any address.

If you configure known peers you can turn off access to the tracker; no packets then need to go to the tracker (See http://forum.bittorrent.com/index.php?app=forums&module=forums&section=findpost&pid=49550 ).

Share this post


Link to post
Share on other sites

Very useful! This should be in the (unofficial) FAQ

Is this realy necessary:

"Unsolicited packets must be able to traverse your firewall from your port 20001 to Peer's port 20002"

because i only open outgoing port 3000 if i remember correctly. This mean that you need to open outgoing port for every peer his listening port?

Share this post


Link to post
Share on other sites

You need to have this port open for normal operation.

If you only open port 3000 all your traffic will go via the relay, this is likely a lot slower. Especially if the relay is half way round the world. Having the tracker on another continent isn't really a problem.

Remember this port is open for connections initiated from INSIDE, not for connections initiated from outside. So a blacklist is normally considered good enough control.

Share this post


Link to post
Share on other sites

Uh, dummy here. If my 2 devices are on the same network, everything works fine. But when I take my MacBook outside my office to mu network at home, or to any other network Nothing syncs. There are no setting or so in BTSync, cannot see a 'try' or whatever.

I'm afraid in Holland this doesn't work (?). Or is there a simple way one has to configure a router? above is like greek 2 me.

Share this post


Link to post
Share on other sites

and another dummy here. My son has a school project ..He has made a video (1.5gb) and wants to send the video to his project co worker. I suggested that they use BitTorrent Sync having used bit to my great satisfaction within our wlan environment. However this transfer is to a PC outside the wlan. They have both downloaded Bit Torrent. My son has the video in a folder and generated a secret. He has told his friend who has created a folder on his desktop and entered the secret against this folder. So far nothing has happened no synching has taken place. My son´s firewall has Bit Torrent incoming permitted. What else do they need to do? I have told my son that his friend should enter my sons IP address in the general tab - should he also give a port number and if so which one.

We will all be grateful for any advice

Share this post


Link to post
Share on other sites

What else do they need to do?

Are they both running the same version of Sync? i.e. if you've been running it for a while and not updated (latest version btw is 1.1.15), but your son's friend has only just downloaded, it may be that you're running incompatible versions of Sync.

Share this post


Link to post
Share on other sites
We will all be grateful for any advice

Put the same key into a your copy of BTSync too.

If you can communicate with one of them the other is having problems.

If you can communicate with both they'll bounce the file off you.

Share this post


Link to post
Share on other sites

Hi,

With the example of this post (BTSync port = 20001 and peer port = 20002), what is the firewall configuration if I want to use BTSync with known peers and direct connections only?

20001 to 20002 and 20002 to 20001 only?

Thank you

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.