Jump to content
Not connected, Your IP: 3.149.237.231
Sign in to follow this  
lightleptonparticle

Is this setup valid?

Recommended Posts

Just a quick sanity check. Does it matter what network interface I tell my bittorrent client to use when I block everything with iptables like this (I think I got the iptables rules from this from a post made by the staff somewhere on the forum? But I forgot where):

 

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  255.255.255.255      anywhere            
ACCEPT     all  --  192.168.0.0/16       192.168.0.0/16      

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             255.255.255.255     
ACCEPT     all  --  192.168.0.0/16       192.168.0.0/16      
DROP       all  --  anywhere            !{VPN server}

 

I let openvpn handle setting up the routing table, so it should be the default setup. This allows me to reach any computer on my LAN, but the tunnel is required to be up for me to reach any host on the Internet. If I haven't started openvpn I don't seem able to reach any host on the Internet with this setup.

 

Does this look like a reasonable setup? Is there any way the Bittorrent client can still reveal the Internet IP?

 

How does any of the following affect the VPN connection? How should they be set up?

 

DHT (decentralized network) to find more peers?

Enable Peer Exchange (PeX) to find more peers?

Enable Local Peer Discovery to find more peers?

Use UPnP / NAT-PMP port forwarding from my router?

Share this post


Link to post

Hello!

 

Your setup prevents any leak, so it's not necessary anything else to "secure" Bittorrent.

 

Optimal settings for Bittorrent:

 

DHT, PEX and Local Peer Discovery enabled

UPnP and NAT-PMP disabled, because Bittorrent must listen to a definite port that you know in advance (so that you can match it with a remotely forwarded port on our system that you can set in your "Client Area"->"Forwarded port" panel accessible while you're logged in our web site).

 

Kind regards

Share this post


Link to post

Is it possible for Bittorrent client using UPnP to get the real Internet facing IP of the router and send it to hosts (through tunnel) it wants to exchange data with?

 

 

Hello!

 

Your setup prevents any leak, so it's not necessary anything else to "secure" Bittorrent.

 

Optimal settings for Bittorrent:

 

DHT, PEX and Local Peer Discovery enabled

UPnP and NAT-PMP disabled, because Bittorrent must listen to a definite port that you know in advance (so that you can match it with a remotely forwarded port on our system that you can set in your "Client Area"->"Forwarded port" panel accessible while you're logged in our web site).

 

Kind regards

Share this post


Link to post

Is it possible for Bittorrent client using UPnP to get the real Internet facing IP of the router and send it to hosts (through tunnel) it wants to exchange data with?

I believe so.

 

UPnP can also be used to set up port forwarding. No security. I disable UPnP and NAT-PMP in my router for that reason.

 

A malicious client could also try "calling home" on all IP interfaces.

Share this post


Link to post

 

Is it possible for Bittorrent client using UPnP to get the real Internet facing IP of the router and send it to hosts (through tunnel) it wants to exchange data with?

I believe so.

 

UPnP can also be used to set up port forwarding. No security. I disable UPnP and NAT-PMP in my router for that reason.

 

A malicious client could also try "calling home" on all IP interfaces.

 

I also have it disabled. What does "calling home" mean?

Share this post


Link to post

 

 

...

A malicious client could also try "calling home" on all IP interfaces.

 

I also have it disabled. What does "calling home" mean?

 

 

Connect to a server on the internet associated with the client program, which will be able to see the IP address the packet came from. So the server will know the IP address for each IP interface on which the internet can be reached.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...