Linux tips and tweaks
Configure your router and Linux firewalls for BitTorrent clients
Firewalls are brilliant at keeping hackers out of your computer and your network and even the most basic ones will block all incoming connections. They are essential if you have a computer that is connected to the internet and it is not advisable to browse the web without one. Of course, most hackers and malware target Windows PCs and Linux is much safer to use on the internet, but there is no room for complacency and you shouldn't get into the habit of thinking that you're safe just because you use Linux. It's so easy to add a firewall that there's no reason not to use one.
Blocking incoming connections is easy and firewalls do it automatically, but this also presents problems for software that needs incoming connections. For example, a BitTorrent client simply won't work with a firewall's default configuration. You must set up port forwarding on the router and also open the ports required for communications on the PC's firewall too. In this article we look at both of these tasks and get the Transmission BitTorrent client working behind a router with a firewall and behind the Linux firewall. The technique used isn't specific to Transmission and it will work with any software that needs internet access. There are some useful tips here about configuring firewalls.
What's a port?
Your computer runs many different types of internet software and two common examples are a web browser and an email client. Both can access the internet at the same time. So there is data coming into and going out of the computer simultaneously. How does the computer know which bit of data belongs to which program? The answer is that it uses ports.
It doesn't really matter exactly what a port is or how it is implemented in hardware or software. Just think of a port as being a label on each packet of data coming into the computer. The computer knows that a packet of data coming in on port 80 is for a web browser and if it's on 110 then it's for an email program. The port number tells it which program it's for. The problem is that a firewall will automatically close all ports except the basic essentials like web browsing and email and this is why a BitTorrent client or other internet program, won't work. The ports it uses are blocked.
Hackers can get into a PC through an open port, which is why the firewall blocks all but the essentials. What we must do is to configure the router and Linux firewall to allow communications on the port that the BitTorrent client uses, but without opening any others.
Configure port forwarding on the router
Most people access the internet through a router and you will have one or more computers connected to the router either with a wired or wireless connection. When a program on your computer accesses the internet it sends the data through the router and when data comes back, such as a web page, the router directs it back to the right computer on the network.
This works automatically with web browsers and email programs, but it doesn't work with other software. What you need to do is to configure the router to forward all communications through a particular port to a specific PC.
Transmission is the BitTorrent client that is bundled with the latest version of Ubuntu Linux and it uses port 51413. Start Transmission and select Edit, Preferences. Select the Network tab and you'll see that the port for incoming connections is 51413.
(Other BitTorrent clients and other internet programs use other ports and this one is specific to Transmission.) What you need to do is to configure the router to send all incoming data on port 51413 to your PC.
Open a web browser and type in the address of your router, which is something like 192.168.2.1. The address may be printed on the back of the router or listed in the manual. You can right click the networking icon in the menu bar in Ubuntu and select Connection information. The default route is the router address. Type it into the web browser.
All routers have port forwarding, but they use different menus and descriptions. I can tell you what my router says, but yours may have different menus and wording.
On my router I go to NAT and then Virtual Server.
What you need to do is to instruct the router to send any communications on port 51413 (Transmission BitTorrent) to the IP address of the PC you are using.
(You can right click the networking icon in the menu bar in Ubuntu and select Connection information to see your PC's IP address.)
Above you can see the settings for my router. The IP address of the computer on my network is 192.168.2.101 and the port that needs to be forwarded is 51413. You can actually change the port number when it is forwarded to the computer with this router, but this isn't needed so the LAN (PC) port number is kept the same as the public (router) port number.
Configure the Linux firewall
In a previous article we saw how to turn on the Linux firewall using Firestarter. This is a handy utility that makes configuring the firewall very easy.
Click the Policy tab and then click in the Allow service section. Click the Plus button in the toolbar and we will add a rule to allow Transmission BitTorrent to work through the firewall.
In Transmission we saw that it uses port 51413, so type Transmission in the to Name box and 51413 into the Port box. The source should be set to anyone.
That's it. The router now forwards all communications on port 51413 to the PC and the firewall allows the incoming connection.
You can test that it is working by starting Transmission and selecting Edit, Preferences, Network. Click the Test Port button and it should say that it is open. You can now use Transmission to download files from the internet.