uTorrent rule ?

Discussion in 'LnS English Forum' started by -NiCeGuY-, Apr 6, 2007.

Thread Status:
Not open for further replies.
  1. -NiCeGuY-

    -NiCeGuY- Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    79
    Can sum1 teach me how to create rule 4 uTorrent ? ty 4 reply :D
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi -NiCeGuY- :)

    With the LNS enhanced rules set:

    1- check the port used by μTorrent in the setup of this program

    2- create a rule like this:

    Protocols: TCP or UDP
    Packets: in and out
    Address: From My @IP
    Local port : the same port used bu the μTorrent setup
    Remote ports: all
    Application: μTorrent <<= it's important to add this program in this specific rule

    3- Place this rule just before the rule "Block incomming connections"

    Save, apply and reboot the PC.

    μTorrent will used this specific rule rule for his server part and DHT.
    and the general rule "Allow most common internet programs" for the client part.

    This μTorrent specific rule used TCP (for uploading) and UDP for DHT.

    Try this and tell me if everythings is OK.

    :)
     
  3. -NiCeGuY-

    -NiCeGuY- Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    79
    Hi , Climenole , ty for reply :thumb:

    Im using Phant0m rule set , isn't still place before the rule "Block incomming connections" on Phant0m rule set ? see picture

    http://i128.photobucket.com/albums/p182/niceguy_hk/e4928903.jpg

    another question , my uTorrent use port 40345

    i created this rule b4 :

    Protocols: TCP or UDP
    Packets: in and out
    Address: From My @IP
    Local port : all
    Remote ports: all
    Application: μTorrent <<= it's important to add this program in this specific rule

    any problem of my uTorrent rule ? why i use "all" for my local port , b/c other BTers not connecting my PC@port 40345 with uTorrent (e.g.12350, 6890 , 42789 .....etc) , so my rule i set "all" on it , is it right ? or any good suggestion for me , tyvm :) :D
     
  4. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    HI -NiCeGuY- :)

    Your rule must give the server access only on the port used by μTorrent.

    Put the local port to 40345.
    Your µTorrent rule is for your PC not the PC of the other !!!

    This rule is for the SERVER part of this program.
    The CLIENT have to use a general rule like this:

    Protocol: TCP
    packets : in and out
    local ports : 1024 to 5000
    remote ports : all

    Applications: all (no entry in the left part of the application list of the rule.)

    The "www-http 1-80" rule must be modified according to this...


    Bye.
     
    Last edited: Apr 7, 2007
  5. -NiCeGuY-

    -NiCeGuY- Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    79
    As you said , i need enable this rule when using yr suggest that rule , right ?

    http://i128.photobucket.com/albums/p182/niceguy_hk/ea51ab2a.jpg

    Other question , when i input my local port@40345 , uTorrernt just can connect few peers , if i input "all" i can connect over 100+ peers , why ?

    under this rules:
    Protocols: TCP or UDP
    Packets: in and out
    Address: From My @IP
    Local port : all
    Remote ports: all
    Application: μTorrent <<= it's important to add this program in this specific rule

    This rule Work great , if my local port @ 40345 , just can connect few peers , and trackers needs to connect other ports (e.g. 6969 , 8080 , 80.....etc) , Am i need another rules 4 tracker's connection ?
    ty 4 reply :thumb:
     
  6. -NiCeGuY-

    -NiCeGuY- Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    79
    This rule is for the SERVER part of this program.

    under this rules:
    Protocols: TCP or UDP
    Packets: in and out
    Address: From My @IP
    Local port : 40345
    Remote ports: all
    Application: μTorrent <<= it's important to add this program in this specific rule


    The CLIENT have to use a general rule like this: (trakers)

    Protocol: TCP
    packets : in and out
    local ports : 1024 to 5000
    remote ports : all

    Applications: all (no entry in the left part of the application list of the rule.)

    thats mean uTorrent need these 2 rules to work , is it right ? :D

    If yes , where's this 2 rules 's place @ before/under? ty 4 reply
     
  7. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi

    The second rule correspond to the one used in the LNS enhanced rules set:
    "allow common internet programs"...

    This rule must be placed just after the "www-http 1-80"

    :)
     
  8. -NiCeGuY-

    -NiCeGuY- Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    79
    HI , Climenole , ty 4 reply :thumb:

    can i crate rules like this :

    This rule is for the SERVER part of this program.

    under this rules:
    Protocols: TCP or UDP
    Packets: in and out
    Address: From My @IP
    Local port : 40345
    Remote ports: all
    Application: μTorrent


    The Client have to use a 2 rule like this:

    (rules for trakers 1)

    Protocol: TCP or UDP
    packets : in and out
    Address: From My @IP
    local ports : 1024 to 5000
    remote ports : Equals or 80 , 8000
    Application: μTorrent

    &

    (rules for trakers 2)

    Protocol: TCP or UDP
    packets : in and out
    Address: From My @IP
    local ports : 1024 to 5000
    remote ports : Equals or 6969 , 8080
    Application: μTorrent

    Is it work ? let me know pls ! If i create rule as you said before :

    The CLIENT have to use a general rule like this: (trakers)

    Protocol: TCP
    packets : in and out
    local ports : 1024 to 5000
    remote ports : all

    Applications: all (no entry in the left part of the application list of the rule.)


    That's mean all applications(e.g. IE , Maxthon , FireFox ....etc)was under this rules & can use all port to connect to my PC@1024 to 5000 ? if so i think that not safety , let me know if i have something wrong , tyvm :thumb:
     
  9. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi -NiCeGuY- :)

    1- For the trackers you have to know that there is no standard(s) port(s).

    So the rules you create will works only for some of them.

    2- The general rule "Allow most common internet program":


    Protocol: TCP
    packets : in and out
    local ports : 1024 to 5000
    remote ports : all

    Applications: all (no entry in the left part of the application list of the rule.)


    is not less secure than a specific rule for each program, say one rule for browser, one for emailer, one for VoIP and so on.

    The rule of thumb here is to create the minimum of rules for a maximum of security. A general rule like the one we're talking about is secure and works for almost any programs connecting to internet.

    The security here is, in part, given by the "Stateful" feature of LNS... The packets are examined by LNS not only one by one but also they are examined to be sure they are in the sequence of a specific connection not from outside this connection.

    To give you an example we can look at a "simple" browser connection.
    When you type an URL in the navigation bar of your browser, the program make first a DNS request (in UDP) to translate this URL in his IP address and then make the connection:

    Your PC send to the web site server a connection request from the fisrt available local port in the 1024 to 5000 range, say the port 1256, to the remote server port, here the port 80 (Http) with this sequence:


    Your PC <<<====>>> The web server

    From port 1256 <<<====>>> Port 80 in "listening state"

    ======= SYN =========>>>

    <<<==== SYN ACK ========

    ======= ACK ==========>>> Connected !

    Here the connection is in the "Established state" and all packet of this connection will be exchanged between this local port, here 1256, and the remote port 80. Every packets have a sequence number and no foreign packets to this connection sequence will be accepted by LNS ...

    This is the same for all TCP connections ...

    In general, a specific rule is needed if:

    1- The program is a server or have a server feature like a p2p program
    2- The program used TCP and UDP
    3- The program used UDP only
    4- The program used local "non-standard" ports

    For all the others, a general rule is "ok".

    In the specific case of a Torrent program, the rule for the server part is placed before the blocking rule "Block incomming connection", so all packets comming from outside to connect to your PC are parsed by LNS : the ones for the torrent program are accepted and the other (to port 135, 445, and so on) are rejected...

    Not only the ones targeting an other local port than the one of your server but also all packets foreign to a real Torrent connection to your local server. One part of this job is done by LNS and the other by the features of your Torrent program as usual...

    If an incomming packet to your local Torrent server port is rejected by your torrent program there will be no more data exchanged between your local server and this remote connection. Request and all packets with the same "non-torrent" features will be rejected. No connection will be established from this remote location except if the packets corresponds to the torrent standards. This is the security job of your program.

    Since no connection is established between the remote "wong torrent packets" source, there is no data exchanged between your PC and this source so all packets from this location will be rejected by LNS.

    The security of your PC is done by the combination of the packets parsing of LNS AND the security feature of your program. LNS examined the validity of packets in regards to the internet protocols. The specific programs examined the validity of a packets data and format in regards to their own applications standards.

    There is two level of security here:

    The security from LNS at the "layer 4, the Transport layer" of the TCP-IP stack
    and
    the security from your program at the "layer 5, the application layer" of the TCP-IP stack.

    Ref.: http://en.wikipedia.org/wiki/TCP-IP

    This is not a question of "opening" or "closing" port(s) but a question of packets feature at the Internet Protocols level and packets data and format at the application level.

    For the client part, connection to others PC allowing connection for downloading or for trackers, the general rule will check if the packets in and out are in the sequence of this connection. Allowing "all remote ports" do not mean any ports and any packets from everywhere! The packets must respect the TCP protocol and LNS checked it (be sure of this!) ;-)

    Is it more clear now ?

    :)
     
    Last edited: Apr 8, 2007
  10. -NiCeGuY-

    -NiCeGuY- Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    79

    Hi , Climenole , yes , Im more & more clear NOW , tyvm , You'r my HERO lol :D :thumb:

    Protocol: TCP or UDP
    packets : in and out
    Address: From My @IP
    local ports : 1024 to 5000
    remote ports : all
    Application: μTorrent

    but client rule can i set applications@uTorrent ? is it OK ? or just for all applications
     
  11. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi -NiCeGuY- :)

    For the client part of μTorrent you have the choice to let this program examinded by the general rule "Allow most common internet program" or create a specific rule for this. Do what you prefer:

    choice 1 : a general rule for all programs in TCP like the rule in the LNS enhanced rule set or an equivalent ...

    choice 2 : a specific rule for the client part of μTorrent (and possibly some other programs) and the general rule in TCP for the others...

    choice 3 : a specific rule for each program and no general rule

    This last choice was mine months ago but I changed my mind: it's too much complicated and not more secure...

    In case 1 or 3 the specific rule must be placed just before the general rule
    to catch some remaining packets and avoid unwanted blocking... if some specific rule do not cover all possibilities.

    An example of this is for web browser:

    if you create a specific rule for Firefox for ports 80 (Http) and 443 (Https) this works for almost every connections of Firefox... except the use of passiv FTP when downloading (ports 20,21, and any port in a large range). In this case, a following general rule will catch and examine the browser "remaining" packets ...

    See the idea? ;)

    Important remark: this is for TCP packets. For UDP, a specific rule is always needed.
    There is no Stateful inspection here... and no general UDP rule like the one in TCP!

    :)
     
  12. -NiCeGuY-

    -NiCeGuY- Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    79
    I just try new rules for uTorrent , its work ! but still have some problem from log :

    My server rule of uTorrent

    Protocols: TCP or UDP
    Packets: in and out
    Address: From My @IP
    Local port : 40345
    Remote ports: all
    Application: μTorrent


    My Client rule for uTorrent :

    Protocol: TCP or UDP
    packets : in and out
    Address: From My @IP
    local ports : 1024 to 5000
    remote ports : all
    Application: μTorrent

    my question , pls see picture ( black = IP , so i covered )

    http://i128.photobucket.com/albums/p182/niceguy_hk/966ccd2e.jpg

    I saw many "Stateful Packet Inspection: Table is full." & "Stateful Packet Inspection: No connection was found." from uplink & downlink , wht 's meaning of these ?
     
  13. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi -NiCeGuY- :)

    You say :

    « I saw many "Stateful Packet Inspection: Table is full." & "Stateful Packet Inspection: No connection was found." from uplink & downlink , wht 's meaning of these ? »

    When the Stateful inspection is done you have these entries in the log...
    Absolutly normal...

    You talk about :

    Table is full ?
    No connection was found ? :eek:

    Where you see this? In the log ? In μTorrent ?

    Are you able to download via μTorrent or not ?

    :)
     
  14. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    When the number of simultaneous connections is reached (256), the state ‘Table is full’ SPI loggings will appear, e-mail Frederic asking for the configurable SPI registry tweak.

    And as for the ‘No connection was found’ SPI loggings, in short this can very well mean SPI is functioning as it should. :)
     
  15. -NiCeGuY-

    -NiCeGuY- Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    79
    Yes , i saw in LnS's log , and i downloaded form uTorrent's offical site

    Hi , Phant0m , Wht is "SPI" ?

    I understand now , ty Phant0m & Climenole answered my question , tyvm :thumb:
     
  16. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi -NiCeGuY- :)

    Yous say: "Hi , Phant0m , Wht is "SPI" ?"

    I guess Phant0m is a real phantom indeed: he's still disappear ! :eek:
    (or returned to the planet Mars !!! :eek: )

    ;)

    SPI : Stateful Packet Inspection.


    :)
     
  17. -NiCeGuY-

    -NiCeGuY- Registered Member

    Joined:
    Mar 5, 2007
    Posts:
    79
    lmao & tyvm :D
     
Thread Status:
Not open for further replies.