[ubuntu-uk] Ktorrent, firewall and blocked connections

alan c aeclist at candt.waitrose.com
Tue Mar 27 20:51:00 BST 2007

Tony Arnold wrote:
> Alan,
> alan c wrote:
>> I like to seed open source software, particularly Ubuntu family, from 
>> a machine which is mostly set aside just for this.
>> I am using Ktorrent in Kubuntu 6.06.1, and Firestarter as a firewall 
>> management app. I am no expert so the gui is very welcomed.
>> I believe I have set the firewall settings to the minimum for web 
>> browsing or torrent use.
>> Web browsing, ftp downloads to my machine, and Torrents to and from my 
>> machine seem to work ok.
>> My Firestarter firewall settings are as follows:
>> Outbound traffic Policy:
>> Restrictive by default, whitelist traffic
>> allowed service, port, who:
>> HTTP  80 everyone
>> HTTPS 443everyone
>> FTP 20-21
>> Bittorrent  6881-688 everyone
>> Inbound traffic Policy:
>> allowed service, port, who:
>> HTTP 80 everyone
>> HTTPS 443 everyone
>> Bittorrent 6881-6889 everyone
>> However, I see that a lot of attempted outward bound connections are 
>> 'blocked'. At least, the Source is stated as
>> my pc (fixed) IP within my LAN, various port numbers presumably exit 
>> ports (?), and various destination IPs, Length is always 44, TOS is 
>> 0x00, Protocol is always TCP,
> I suspect this is due to FTP. When an FTP client connects to the server,
> it negotiates a port for the server to connect back to the client, which
> unless your firewall is FTP aware, will get blocked. (I don't think
> Firestarter is FTP aware, at least I've not seen anything referring to
> it). I believe the port is fairly random and at the top of the range of
> port numbers.

I note that I have FTP allowed in firestarter for outbound on ports 
20-21, but presumably that is not he same ftp function you describe?

> User can run their FTP connection

would this user be my machine or remote machines?

> in passive mode, which does not behave
> this but this is not the default, in general.
> I'm not convinced you need an outgoing policy at all unless you want to
> restrict users of your system in what they can/cannot do.

I am virtually the only user on my LAN (!) (wife sometimes). The 
reason for the outgoing policy is partly general precaution, partly to 
become familiar with what is happening, and partly to very 
specifically to limit what happens because the machine is left on 24/7 
for torrents mostly upload seeding. I dont know how useful the 
policies really are, but I am frankly surprised that so many 
apparently malware related service names are being (blocked) attempted.

The Blocking stops when ktorrent is closed. Where in the torrent 
process is the possible 'FTP' activity being used?
I suppose I do not know enough about the torrent process, which does 
not help.

If the currently blocked items are not blocked, what will the benefits 
or disadvantages be?

alan cocks
Kubuntu user#10391

More information about the ubuntu-uk mailing list