P2P client port forwarding (and Huawei HG8245)

psijic · June 12, 2017, 1:49pm

Hello. My torrent client Transmission can’t open a port (default is 51413). Brandmauer is disabled via YaST
I read some manuals
https://trac.transmissionbt.com/wiki/PortForwardingGuide

I have:

eth0      Link encap:Ethernet  HWaddr 50:E5:49:38:FB:4D  
          inet addr:192.168.100.19  Bcast:192.168.100.255  Mask:255.255.255.0
          inet6 addr: fe80::52e5:49ff:fe38:fb4d/64 Scope:Link

And a router (Huawei HG8245) where I add the rule:

Forward Rules > Port Mapping Configuration


Type:    User-defined
Mapping Name: Transmission
Internal Host:    192.168.100.19
External Source IP Address: {empty}
--
Protocol:TCP/UDP
Internal port number:    51410--51413
External port number:    51410--51413
External source port number: 0--0

Checking ports in the Transmission: 51413 (default), 51411.
And tried here: http://www.canyouseeme.org
Port is closed.

UPD:
For a case I add another rule Forward Rules > Port Trigger Configuration

On this page, you can configure the range of the ports that are used by LAN-side applications to access the Internet. You can also enable the port automatically.


WAN Name            Enable Port Trigger       Trigger Port    Open Port        Trigger Protocol    Open Protocol
1_TR069_INTERNET    Enable                  51410-51415   51410-51415    TCP/UDP               TCP/UDP

tsu2 · June 13, 2017, 5:55am

I doubt you should need to modify files directly unless feel more comfortable doing that.

Service Manual(For Technical people)
http://m.setuprouter.com/router/huawei/hg8247h/manual-1979.pdf

User Manual (For non-Technical Users)
https://fccid.io/document.php?id=1979642

Generally speaking…

You should set up your Torrent app (Transmission) to use the same, fixed port always. A standard option for most torrent clients is to randomize the port every time the app starts up.
On you Gateway Router (Huawei), you should configure a DHCP reserved lease… Or, if you are unable to do that, configure your openSUSE with a static IP address. Bottom line is that for the next step (configuring an inbound port) you first must make sure your openSUSE must always have the same IP address, and a standard DHCP setup won’t guarantee that.
On your Gateway Router (Huawei), you should then configure inbound port forwarding for your chosen port number, and forward to your openSUSE which should always have the same IP address.
On your openSUSE, you should use YaST to configure your personal firewall to also open the required inbound port if it sin’t automatically done by your Transmission app.

All of the above can typically be set up using a provided GUI tool on your Huawei router, and although I haven’t looked for all the necessary configurable options… Should be possible (I’d be very surprised if not the case).

HTH,
TSU

psijic · June 13, 2017, 12:29pm

Hm. First of all, Transmission has a fixed port to connect (by default and for me now).
My desktop’s IP is only changed after router’s rebooting. So it’s fixed enough. But I can change some configs if it’s needed.
I disable a firewall and also add some rules to open the port.
I can show them and do another actions later.

psijic · June 13, 2017, 8:48pm

On router there is an options:

LAN > DHCP Static IP Configuration
On this page, you can configure the reserved IP address that is assigned through DHCP for the specified MAC address.

I found that in Windows form a laptop P2P works fine (Deluge). So it should be a firewall problem or some specifics.

The firewall user options:

Starting the firewallEnable automatic firewall startup
The firewall will not start after you save the settings


Inner zone
There are no interfaces assigned to this zone.
User Policy
Network: 192.168.100.19, Protocol: TCP, Destination port: All, Source port: All, Options: None
Network: 192.168.100.19, Protocol: UDP, Port destination: All, Source port: All, Options: None
Network: 192.168.100.19, Protocol: RPC, Destination port: All, Source port: All, Options: None

The demilitarized zone
Interfaces
Eth0
Open Services, Ports, and Protocols
TCP Ports: 51411
UDP ports: 51411
RPC Services: 51411
IP Protocols: TCP / UDP

User Policy
Network: 192.168.100.19, Protocol: TCP, Destination port: All, Source port: All, Options: None
Network: 192.168.100.19, Protocol: UDP, Port destination: All, Source port: All, Options: None
Network: 192.168.100.19, Protocol: RPC, Destination port: All, Source port: All, Options: None
Network: 192.168.100.19, Protocol: TCP, Port of Destination: 51411, Source port: 51411, Options: None
Network: 192.168.100.19, Protocol: UDP, Port of Destination: 51411, Source port: 51411, Options: None

Outside area
There are no interfaces assigned to this zone.
User Policy
Network: 192.168.100.19, Protocol: TCP, Destination port: All, Source port: All, Options: None
Network: 192.168.100.19, Protocol: UDP, Port destination: All, Source port: All, Options: None
Network: 192.168.100.19, Protocol: RPC, Destination port: All, Source port: All, Options: None

psijic · June 13, 2017, 9:06pm

Ok, Deluge client is going to work on openSUSE. The problem is in Transmission. Some guys say - transmission-daemon can fail to detect port.

psijic · June 13, 2017, 9:37pm

Transmission:

http://retracker.local/announce Got a scrape error «Could not connect to tracker»

Hm, I check “random ports”, re-add .torrent file and it’s worked. Disabling router port mapping and enabling firewall then delete all custom rules - still works. It’s a miracle :
But all trackers are in “Could not connect to tracker”

tsu2 · June 14, 2017, 6:46am

There’s always an answer.

First,
With some basic understanding of TCP/IP, you will find that
If your machine initiates a TCP/IP connection, that is often all that is necessary to enable full bi-directional communication… After all, TCP/IP itself is 2-way.
On the other hand, if your machine acts as a server… For instance as a “First Seeder” of a torrent, then outside clients won’t be able to connect to your machine without your configuring an inbound forwarding rule.

Torrent clients have both server and client functionality, so although enabling inbound connections is desirable from the overall perspective of the torrent network, it’s not required for leaching.

Trackers are nice to use for speedy discovery, it’s not required nowadays. There are other discovery methods, most notably DHT (Distributed Hash Table) and Peer Exchange as most popular but I’ve seen many more used by special Torrent clients that set up their own torrent subnets. If you look at your torrent client’s configuration, you’ll see these enabled.

So, maybe not all miracles aren’t all that unexplainable…

HTH,
TSU

psijic · June 14, 2017, 11:19am

Hm, maybe it was waiting for establishing an outbound connection but practical part was I added many .torrent files and re-added them before.