Hello,
I have a Windows 7 machine running qBittorent and I am behind a NAT. My question I think is more based on how the client works.
For example, it looks like default qBittorent uses port 8999 for connections. My home network is using Network Address Translation (NAT) so do I have to explicitly port forward to my Windows 7 machine or how does it work so others can download torrent files from me? I want to make sure I understand how the protocol and client works so I can properly run it the way it is suppose to be used. Also, I basically just want to understand it for my own benefit as well.
Thanks in advance for any answers as this is my first time using Bittorent.
Joe
Window7 And Network Question
-
Switeck
Re: Window7 And Network Question
Other BitTorrent clients try to connect to yours incoming on the port 8999 you set as qBT's listening port.
Except your home network's NAT (probably a router) gets in the way, and they all fail.
But...if you have Universal Plug-and-Play (UPnP) enabled in qBT, qBT might auto-forward the listening port on the router/gateway and incoming connections on port 8999 can reach qBT!
Incoming connections can also arrive via uTP STUN, but they have a much tougher time doing it. (It's pretty much only possible on busy public torrents and then only if you have PEX enabled.)
However even a hopelessly firewalled BitTorrent client can still upload/download with other BitTorrent clients if it can connect outgoing to them. This means the destination peers/seeds cannot be firewalled. (They'll have to have their port forwarded on their router.)
It's a little like telephones -- a firewalled peer or seed is like a telephone that never rings but can still call other phone numbers.
It all quits working when nobody answers their phone.
Except your home network's NAT (probably a router) gets in the way, and they all fail.
But...if you have Universal Plug-and-Play (UPnP) enabled in qBT, qBT might auto-forward the listening port on the router/gateway and incoming connections on port 8999 can reach qBT!
Incoming connections can also arrive via uTP STUN, but they have a much tougher time doing it. (It's pretty much only possible on busy public torrents and then only if you have PEX enabled.)
However even a hopelessly firewalled BitTorrent client can still upload/download with other BitTorrent clients if it can connect outgoing to them. This means the destination peers/seeds cannot be firewalled. (They'll have to have their port forwarded on their router.)
It's a little like telephones -- a firewalled peer or seed is like a telephone that never rings but can still call other phone numbers.
It all quits working when nobody answers their phone.
-
joedirgy
Re: Window7 And Network Question
Switech,
Thanks for your comment. I am just trying to understand this more as I have not yet figured it out myself.
How can other peers on a BitTorent network download Torrent files from you if you are behind a NAT firewall and therefore they cannot establish a direct connection to you. I can only see how this is possible if for example there is a trusted third party that you and that peer connect to and that third party will then setup that connection for you. Perhaps there is other documentation you can point me to that explains this?
Currently, it does not make sense to me unless trackers are being used or something like that as a trusted third party.
Thanks again,
Joe
Thanks for your comment. I am just trying to understand this more as I have not yet figured it out myself.
How can other peers on a BitTorent network download Torrent files from you if you are behind a NAT firewall and therefore they cannot establish a direct connection to you. I can only see how this is possible if for example there is a trusted third party that you and that peer connect to and that third party will then setup that connection for you. Perhaps there is other documentation you can point me to that explains this?
Currently, it does not make sense to me unless trackers are being used or something like that as a trusted third party.
Thanks again,
Joe
-
Switeck
Re: Window7 And Network Question
Once again, just like telephones, it doesn't matter who calls who both parties can talk once the phonecall connects.
So the firewalled peer (yours) calls the unfirewalled seed and then once the connection is made they can upload to you.
A NAT firewall doesn't prevent you from connecting to websites on the internet -- this is the same way.
STUN is something pretty incredible:
https://en.wikipedia.org/wiki/STUN
It uses UDP hole-punching:
https://en.wikipedia.org/wiki/UDP_hole_punching
...to bypass the NAT firewalls on both ends.
It's like 2 phones that never ring calling each other in the exact same second, so both see the connection as live.
Described in more detail here:
https://tools.ietf.org/html/rfc5128#section-3.3
It does require an initial 3rd party (in BitTorrent's case, another peer or seed that both firewalled peers are connected to) to introduce each other and time their outgoing connections to each other.
But once the connection is made, the initial 3rd party peer is no longer needed and costs it no extra bandwidth...so it's not acting as a proxy or VPN.
So the firewalled peer (yours) calls the unfirewalled seed and then once the connection is made they can upload to you.
A NAT firewall doesn't prevent you from connecting to websites on the internet -- this is the same way.
STUN is something pretty incredible:
https://en.wikipedia.org/wiki/STUN
It uses UDP hole-punching:
https://en.wikipedia.org/wiki/UDP_hole_punching
...to bypass the NAT firewalls on both ends.
It's like 2 phones that never ring calling each other in the exact same second, so both see the connection as live.
Described in more detail here:
https://tools.ietf.org/html/rfc5128#section-3.3
It does require an initial 3rd party (in BitTorrent's case, another peer or seed that both firewalled peers are connected to) to introduce each other and time their outgoing connections to each other.
But once the connection is made, the initial 3rd party peer is no longer needed and costs it no extra bandwidth...so it's not acting as a proxy or VPN.