Is there a list of firewall settings that I should use with qbittorrent?
I'm testing private fw atm but may switch to another one.
Also what are the fw settings for upnp with qbittorrent?
Firewall settings
-
qbituser
Re: Firewall settings
Abit more clarification in this post:
Right now I've open up ports>1024 both ways for tcp/udp. And I've allowed ports 80,443 as well probably because it was there in the firewall logs.
What ports and direction do PEX/DHT and other qbittorrent protocols take?
Does qbittorrent create connections to a DNS server for name resolution?
What ports/direction should I open up for upnp?
Right now I've open up ports>1024 both ways for tcp/udp. And I've allowed ports 80,443 as well probably because it was there in the firewall logs.
What ports and direction do PEX/DHT and other qbittorrent protocols take?
Does qbittorrent create connections to a DNS server for name resolution?
What ports/direction should I open up for upnp?
-
Dayman
Re: Firewall settings
You usually want to open a single port (under settings->connection) for incoming UDP/TCP.
DHT/PEX uses the same port.
LSD (aka Local Peer Discovery) - should work out of the box (finding other peers); but if you also want to be found by other peers trough LSD, open UDP 6771. If you're behind a router, then don't open this port, not many routers can do multicast routing.
UPnP doesn't need any open ports, we have UPnP client not server.
Port 80 should be opened if you plan to use WebUI and connect to it from other locations.
Port 443 should be opened if you plan on using WebUI from other locations through HTTPS.
DHT/PEX uses the same port.
LSD (aka Local Peer Discovery) - should work out of the box (finding other peers); but if you also want to be found by other peers trough LSD, open UDP 6771. If you're behind a router, then don't open this port, not many routers can do multicast routing.
UPnP doesn't need any open ports, we have UPnP client not server.
Port 80 should be opened if you plan to use WebUI and connect to it from other locations.
Port 443 should be opened if you plan on using WebUI from other locations through HTTPS.
-
qbituser
Re: Firewall settings
Thanks for the reply.
Just to be sure, I'm not using the windows default fw but a fw with both outgoing and incoming filtering.
I noticed in the logs that the firewall was blocking incoming local port 1900 from the router 192.168.1.1 if I restricted the incoming port to just the bittorrent port (6881 default). I did not think torrent performance was affected either way during the short time I monitored the app.
In the logs, there were requests coming from remote ports <100 especially 80, 443 probably from people who used them to circumvent restrictions. Not sure whether I should condone this sort of thing.
There is a unofficial guide for comodo which says to open port 53 if there is no router. It doesn't mention the LSD port probably because it is from 2007:
http://forums.comodo.com/guides-cis/fir ... 677.0.html
Just to be sure, I'm not using the windows default fw but a fw with both outgoing and incoming filtering.
I noticed in the logs that the firewall was blocking incoming local port 1900 from the router 192.168.1.1 if I restricted the incoming port to just the bittorrent port (6881 default). I did not think torrent performance was affected either way during the short time I monitored the app.
In the logs, there were requests coming from remote ports <100 especially 80, 443 probably from people who used them to circumvent restrictions. Not sure whether I should condone this sort of thing.
There is a unofficial guide for comodo which says to open port 53 if there is no router. It doesn't mention the LSD port probably because it is from 2007:
http://forums.comodo.com/guides-cis/fir ... 677.0.html
Re: Firewall settings
If you use some special software firewall, just allow qBittorrent and that's all. You don't have to mess with the ports yourself, only let the program through.
On your router, you do have to enable UPnP for example. (Or disable that and set up your ports manually.)
On your router, you do have to enable UPnP for example. (Or disable that and set up your ports manually.)
-
qbituser
Re: Firewall settings
I could just open up all the ports bothways but it shouldn't be a bad thing to tighten up the rules. Might even learn things about certain apps.
Re: Firewall settings
To be honest, you don't even need a firewall on a home PC. Especially if you already have a router.
It's only important for servers.
(Don't listen to AV vendors who want to sell their product. Of course it's the "maximum protection" and whatnot. But that's just marketing bullsh*t.
Most of them just let anything through, because they don't want to annoy the user. And 95% of the users don't even know what app can they trust.)
Try it. Install Comodo (the only proper DENY ALL) product, and try to live with it.
Maximum protection, but you do need to set it up.
It's only important for servers.
(Don't listen to AV vendors who want to sell their product. Of course it's the "maximum protection" and whatnot. But that's just marketing bullsh*t.
Most of them just let anything through, because they don't want to annoy the user. And 95% of the users don't even know what app can they trust.)
Try it. Install Comodo (the only proper DENY ALL) product, and try to live with it.
Maximum protection, but you do need to set it up.
-
Dayman
Re: Firewall settings
[quote="shiki"]
Try it. Install Comodo (the only proper DENY ALL) product, and try to live with it.
[/quote]
I remember using default deny for both incoming and outgoing connections in Comodo. Was effective but very time consuming (setting up ICMP rules for ping.exe and other rules for system services is real pain).
Try it. Install Comodo (the only proper DENY ALL) product, and try to live with it.
[/quote]
I remember using default deny for both incoming and outgoing connections in Comodo. Was effective but very time consuming (setting up ICMP rules for ping.exe and other rules for system services is real pain).
-
qbituser
Re: Firewall settings
[quote="shiki"]
To be honest, you don't even need a firewall on a home PC. Especially if you already have a router.
It's only important for servers.
......
Try it. Install Comodo (the only proper DENY ALL) product, and try to live with it.
Maximum protection, but you do need to set it up.
[/quote]
What if the home network consists of several pc which I have no control over? A router provides some protection from the incoming direction but what trojans and other malware phoning back home, at least a 2 way software firewall may provide clues and logs. That is why some HIPS tend to include firewalls.
I think I've sorted out my firewall settings for everything and even found some bugs in the fw software in the process.
And I found out that trackers may use the http port so I've got to open that up as well.
To be honest, you don't even need a firewall on a home PC. Especially if you already have a router.
It's only important for servers.
......
Try it. Install Comodo (the only proper DENY ALL) product, and try to live with it.
Maximum protection, but you do need to set it up.
[/quote]
What if the home network consists of several pc which I have no control over? A router provides some protection from the incoming direction but what trojans and other malware phoning back home, at least a 2 way software firewall may provide clues and logs. That is why some HIPS tend to include firewalls.
I think I've sorted out my firewall settings for everything and even found some bugs in the fw software in the process.
And I found out that trackers may use the http port so I've got to open that up as well.
Re: Firewall settings
A network user can only attack you two way.
- Exploits
- Dropping malware in shared folders.
If you do NOT trust those users, disable "HomeGroup", and disable file sharing.
If you NEED filesharing, then go to "Folder View options" and disable "simple file sharing". Set up proper permissions.
Exploits: Even Comodo can't defend you there. If there is a legit RDP session running, and he's got a 0-day/unfixed exploit, he will be able to use it.
- Exploits
- Dropping malware in shared folders.
If you do NOT trust those users, disable "HomeGroup", and disable file sharing.
If you NEED filesharing, then go to "Folder View options" and disable "simple file sharing". Set up proper permissions.
Exploits: Even Comodo can't defend you there. If there is a legit RDP session running, and he's got a 0-day/unfixed exploit, he will be able to use it.
-
sledgehammer_999
- Administrator
- Posts: 2443
- Joined: Sun Jan 23, 2011 1:17 pm
Re: Firewall settings
Well I personally like to block net access to certain installers that want to phone home without downloading anything. I also do that for certain closed sourced programs/games that when launched want net access although their main scope has nothing to do with the internet(eg a document writer) or they don't state that they want to look for updates(I disable auto updates wherever I can in closed sourced programs).