[ubuntu-uk] Ktorrent, firewall and blocked connections

Tony Arnold tony.arnold at manchester.ac.uk
Wed Mar 28 00:14:51 BST 2007


alan c wrote:

> I note that I have FTP allowed in firestarter for outbound on ports 
> 20-21, but presumably that is not he same ftp function you describe?

No, the outbound ports you allow will let users of your machine use ftp
to some remote ftp server and is completely independent of any remote
user connecting to the ftp server on your machine.

>> User can run their FTP connection
> would this user be my machine or remote machines?

On remote machines running an ftp client connecting to your ftp server, say.

>> in passive mode, which does not behave
>> this but this is not the default, in general.
>> I'm not convinced you need an outgoing policy at all unless you want to
>> restrict users of your system in what they can/cannot do.
> I am virtually the only user on my LAN (!) (wife sometimes). The 
> reason for the outgoing policy is partly general precaution, partly to 
> become familiar with what is happening, and partly to very 
> specifically to limit what happens because the machine is left on 24/7 
> for torrents mostly upload seeding. I dont know how useful the 
> policies really are, but I am frankly surprised that so many 
> apparently malware related service names are being (blocked) attempted.
> The Blocking stops when ktorrent is closed. Where in the torrent 
> process is the possible 'FTP' activity being used?

I was assuming people were trying to use FTP to download stuff from your
server rather than torrent. The two are quite independent. If you have
logging turned on for your ftp server (I assume you are running an ftp
server?) then you could see if this so.

If you are not running an ftp server, then you don't need the ftp ports
open on inbound and you can ignore all I've said about ftp clients:-)

Maybe there is an outgoing connection from your machine as part of the
torrent process that is getting blocked. I can only imagine that a seed
would connect to a tracker to let it know of the presence of the files
you are making available, but I'm not too sure of the process here.

> I suppose I do not know enough about the torrent process, which does 
> not help.

I'm not sure I know enough about it either!

> If the currently blocked items are not blocked, what will the benefits 
> or disadvantages be?

More information about the ubuntu-uk mailing list