Unblock torrent downloads in ISA

Hi,

I very occasionally use Flashget to download torrents. The problem is that it seems the ISA server which has been newly set up (and which i partly am now administering) seems to not allow me to download any torrents.

Any idea what i need to do to allow me to download torrents again? I did quite a few searches online and i came up with this:

"Requires port tcp/6969 and ports tcp/6881 to tcp/6889 open outbound; for good performance, requires a secondary connection of ports tcp/6881 to tcp/6889 open inbound, to allow reciprocal uploading.

Note that this only allows reciprocal uploading back to the clients that you're downloading, as is the limitation on secondary connections. People wishing to be good BitTorrent citizens - or achieve faster download speeds - will also need to use the Server Publishing rule to publish ports tcp/6881 and tcp/6889 inbound for everyone to their BitTorrent client machine."
(source: http://www.arkane-systems.net/products/free/protocols/index.aspx)

But i either applied it incorrectly, doesnt apply to Flashget, or is missing something.

Any ideas?

Thanks,
O

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

royal

Just an FYI, 6881-6889 was Bittorent prior to version 3.2. Bittorrent now uses 6881-6999.

As for ISA, just create a new protocol with whatever name you want such as Bittorent and define the ports.

I'm assuming you already created an access rule on ISA that allows local host source access to external destination over all protocols for all users so ISA can access internet.

You'll then need to create an access rule so ISA will allow source of internal (which is defined as all your subnets on your network) to talk to destination of external of your newly created bittorrent protocol. This will allow your internal subnets to go through ISA to gain access bittorent on the outside.

You may need to configure ISA to also do External > Internal over Bittorent in addition to what I wrote above if the above doesn't work for you.

Khattab

With regards to the rotocol, is it TCP or UDP that im allowing?

Also, i've tried using uTorrent and i cant seem to get it working either...

Maybe i could export the rule and post a copy of it here for you to look at?

If possible, i'd prefer to get uTorrent working.... i used this guide:

ISA Server 2006 configuration:

Assuming that you'll use port 64000 - 64100 for multiple clients

1) Set up the following new Protocols:

Name: BitTorrent (Inbound)
Ports: TCP - 64000 to 64100 Inbound
Secondary connection: TCP 64000 - 64100 Outbound

Name: BitTorrent (Outbound)
Ports: TCP - 64000 to 64100 Outbound
Secondary connection: TCP 64000 - 64100 Inbound

Name BitTorrent (UDP)
Ports: 64000 to 64100 Send Receive
Secondary connection: 64100 to 64100 Send Receive

You can add each of these to the same Access Rule.

Create another new Protocol on a per-client basis:

Name: BitTorrent (Server - <Client Name>)
Ports: Create a TCP Inbound port range somewhere between 64000 and 64100 (e.g. 64000 to 64010)

Create a Non-Web Server Protocol Publishing Rule per BitTorrent client (client machines must have static IP or have DHCP reservations). These rules are the same thing as SOHO router's "port forwarding":

Name: What ever you want, be descriptive as to what the client using this rule is
Server IP: The client running BitTorrent
Listen from: External (aka The Internet)

Edit the above Server Publishing rule and go to the To tab. Make sure the radio box "Requests appear to come from the original client" is ticked.

Go to Configuration -> General -> Define Firewall Client Settings -> Application Settings tab

Create two New Applications:

Application: [Executable name without file extension, e.g. utorrent]
Key: RemoteBindUdpPorts
Value: 64000-64100

Application: [Executable name without file extension, e.g. utorrent]
Key: ServerBindTcpPorts
Value: 64000-64100

Save all of the above changes and commit them to the ISA Server.

Open utorrent, go to Options -> Preferences -> Connection, set the/a port that your Server Publishing Rule is using.

Under Advanced, go to net.outgoing_port and set it between 64000 and 64100.

I've also set the IP/host name to report to tracker to a Dyndns hostname, though you can also use the ISA Server's external IP (if you're running ISA in Edge firewall mode).

Note: I have not gotten DHT to function in my limited tests (sits at Waiting to log in or login with 0 nodes), but uTorrent reports that NAT is functioning correctly. Download speeds are excellent and upload also works.

Also note that these same steps should be applicable to ISA 2004, but NOT ISA 2000.

Last edited by Rilex (2006-10-01 12:38:49

(Source: http://forum.utorrent.com/viewtopic.php?id=7862)

But i havent had any luck getting it to work..... is it missing anything? Are there any other rules i need to include?

As i said, if i need to, im happy to post the firewall rules i've created to see if maybe i've overlook something - but i thought it best to ask you guys if there are any other rules that need to be created.

Thanks,
O