Handling port forwarding for multiple BitTorrent clients behind a NAT firewall

August 29, 2006 - 12:23pm

Last night, I learned all about handling BitTorrent behind an IPCop box. We have multiple systems in our new apartment, and we wanted to be able to run BitTorrent clients on each system, but were having connectivity problems. Specifically, new connections to files we were seeding were getting dropped.

The problem

The basic problem is that while a firewall that uses NAT to turn one public facing IP into a network that multiple internal systems uses (one-to-many NAT) works fine for more or less stateless protocols such as HTTP, peer to peer protocols such as BitTorrent have problems. When an outside client wants to leech from my BitTorrent seed, how does it know to grab the torrent I'm seeding, rather than hitting my roommate's computer, which may or may not be seeding anything, much less the torrent in question?

The solution

I started knowing that BitTorrent typically uses ports 6881-6889 (actually, 6881-6999 after BT 3.2). After a little dredging of BitTorrent FAQs. I found that "the client starts with the lowest port in the range and sequentially tries higher ports until it can find one to which it can bind." This immediately suggested a simple and elegant solution.

Given computer 1, computer 2, ... computer N, the solution is to port-forward (on your firewall) one part of the BitTorrent port range to computer 1, another part to another computer 2, and so on until you have as many port range segregations as you have computers. Then, configure the BitTorrent clients on each machine to use the port ranges you've assigned to that particular system. Problem solved.

Here's a sample configuration:

Port range Destination Notes
6881-6885 192.168.168.50 (Computer 1) Pre-v3.2 ports
6886-6889 192.168.168.70 (Computer 2) Pre-v3.2 ports
6890-6945 192.168.168.50 (Computer 1) Post-v3.2 ports
6946-6999 192.168.168.70 (Computer 2) Post-v3.2 ports

Note that these port ranges are set in two places: in your firewall's port-forwarding table, and on the BitTorrent clients on each system.

This is a simple and obvious solution once you know that BitTorrent clients don't force a single port for the peer-to-peer connection but select from a pool. It is possible that everybody knows that, so the solution is a no-brainer, or most BitTorrent users only connect from a single client or use UPnP, so partitioning the ports is irrelevant. If not, save yourself some trouble and segment your BitTorrent port range.


Comments

There are no comments right now.

webkinz (not verified) on November 21, 2007 - 5:18pm
thank, useful information
Tyler (not verified) on March 1, 2008 - 11:15pm
It is not a good idea to use the default Bittorrent ports (6881-6999) because most ISP's block or throttle the connection. It is better to use any ports above 10000 and to also encrypt the connection also helps speed up the seeding and leeching. I have not done it yet through a proxy but it would probably work better by having both that and using encryption provided by the bittorrent client. I recommend using theses Bittorrent clients for Windows and linux Utorrent (if you use wine but if not use ktorrent), for mac os x use Azureus.

Post new comment

The content of this field is kept private and will not be shown publicly.
Captcha
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
10 + 10 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.