• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

how to enable torrent

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> Access Policies >> how to enable torrent Page: [1]
Login
Message << Older Topic   Newer Topic >>
how to enable torrent - 11.Mar.2009 7:15:26 AM   
ashram82

 

Posts: 2
Joined: 7.Mar.2009
Status: offline
sir/mam can anyone help me with my problem i have installed isa 2006 and i am only new with its access rules. my problem is that i want to make my torrent program works for downloading important files. pls can anyone help me to configure my rules in a simple manner thanks in advance

Post #: 1
RE: how to enable torrent - 11.Mar.2009 8:12:56 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi,

AFAIK, torrent uses dynamic ports. Maybe it´s better to check the site of the software´s vendor and see what port is needed for it works.

Regards,
Paulo Oliveira.

(in reply to ashram82)
Post #: 2
RE: how to enable torrent - 15.Mar.2009 10:28:43 PM   
ashram82

 

Posts: 2
Joined: 7.Mar.2009
Status: offline
im using bitcomet sir and its listening port  is 25998. i just want to ask the right step on how will i configure the isa server to make my bitcomet work

thanks,
ryan

(in reply to paulo.oliveira)
Post #: 3
RE: how to enable torrent - 16.Mar.2009 4:30:02 AM   
Dumber

 

Posts: 278
Joined: 21.Mar.2008
Status: offline
Personally I think that Bittorrents shouldn't be allowed on a cooperate network.

However you should use server publishing rules to allow incoming traffic.
For outgoing traffic you should specify your own needed ports.

< Message edited by Dumber -- 16.Mar.2009 4:59:26 AM >


_____________________________

Marcel
Netherlands

MCTS, MCITP (SA,EA) MCP, MCSA:Security, MCSE:Security, CCNA, CCSA, CCSE, CCSE+
No matter how secure, there is always the human factor.
http://www.phetios.com/

(in reply to ashram82)
Post #: 4
RE: how to enable torrent - 16.Mar.2009 8:20:16 AM   
SteveMoffat

 

Posts: 1130
Joined: 29.Jun.2001
From: Hamilton, Bermuda
Status: offline
"Personally I think that Bittorrents shouldn't be allowed on a cooperate network."

You mean for warez etc....I look after a small office (international client), that uses bittorent wordwide for it's stuff...large game manufacturer..

_____________________________

Thanks
Steve

ISA 2006 Book! - http://tinyurl.com/2gpoo8
TMG Bible - http://tinyurl.com/ykv85hr
www.isaserver.bm

The built in ISA help is likely the most comprehensive help built into an application anywhere. USE it!!! Search it!!! RTFM

(in reply to Dumber)
Post #: 5
RE: how to enable torrent - 16.Mar.2009 8:50:57 AM   
Dumber

 

Posts: 278
Joined: 21.Mar.2008
Status: offline
That's indeed what I meant. In my experience this is usually where it's used for.
However I also know that some Linux distro's are distributed via torrents.


_____________________________

Marcel
Netherlands

MCTS, MCITP (SA,EA) MCP, MCSA:Security, MCSE:Security, CCNA, CCSA, CCSE, CCSE+
No matter how secure, there is always the human factor.
http://www.phetios.com/

(in reply to SteveMoffat)
Post #: 6
RE: how to enable torrent - 16.Mar.2009 12:55:47 PM   
adimcev

 

Posts: 380
Joined: 19.Oct.2008
Status: offline
Typically, when you open the .torrent file in your bittorrent client, this client will connect to the tracker to download a list of peers(seeds and leechers).
A HTTP GET request to the port the tracker is listening to will be issued by the client. For example if I want to download Vyatta using bittorrent, their tracker uses 6969 if I remember correctly.

If you configure your bittorrent client to use ISA as a proxy, likely you are going to nail it, as after the client download the list of peers, the client will issue CONNECT requests to the remote peers on the ports on which they listen, typically higher TCP ports. ISA only allows such requests to port 443(per draft).

Also, in your bittorrent client you can configure a port for incoming connections.
If you want to allow this, you need to forward this port to your machine(using server publishing rules), TCP and UDP(if you want to use DHT).

As outbound rule, your best bet is to create an allow all access rule for your bittorrent client machine, as it's hard to know in advance what ports the remote peers use(as said before higher TCP and UDP(if DHT is used) ports. Once you figure how things work, you may "restrict" this rule(likely a big number of ports would still be needed).

It would be a good idea to isolate this machine on an ISA network. I'm not saying you are downloading warez, just this machine would be allowed to connect quite unrestricted to the Internet, so it would be good to isolate it.

If you want to download the .torrent file from a web server, make sure, in case you configured some allowed content types, that application/x-bittorrent is allowed.

Please refer to:
http://wiki.theory.org/BitTorrentSpecification
http://www.bittorrent.org/beps/bep_0003.html
http://www.bittorrent.org/beps/bep_0005.html
http://www.bittorrent.org/beps/bep_0027.html
http://www.bittorrent.org/beps/bep_0000.html
http://www.web-cache.com/Writings/Internet-Drafts/draft-luotonen-web-proxy-tunneling-01.txt

Adrian

_____________________________

Blog: http://www.carbonwind.net/blog

Get Our ISA 2006 Book!: http://tinyurl.com/2gpoo8

(in reply to Dumber)
Post #: 7
RE: how to enable torrent - 28.Dec.2011 10:21:35 PM   
sadavala.sree

 

Posts: 46
Joined: 14.Sep.2011
Status: offline
you only need to create protocol definitions.


Right click Protocol Definitions and enter a name for the protocol def,
then enter the Port and protocol information

The protocol definitions you create are then used with the protocol rules
to allow or deny clients using these protocols. To check to verify that
your protocol rule is set to allow the new definition, display the
properties of your protocol rule, click the protocol tab and verify that
the rule applies to "all ip traffic". All IP traffic is defined as all the protocols you've defined under Policy elements, protocol definitions.

_____________________________

Thanks & Regards,
Sreehari Babu

(in reply to ashram82)
Post #: 8
RE: how to enable torrent - 5.Feb.2012 7:24:40 PM   
richto

 

Posts: 5
Joined: 10.Dec.2001
Status: offline
To enable Bit Torrent via Forefront TMG:

Set a static inbound port in your Bit Torrent client - for instance 321

Then create a new Allow from Internal to External firewall rule on the TMG server, with a new protocol definition as follows:

TCP 1024-65535 Out
UDP 1024-65535 Send Receive
TCP 321 Out
UDP 321 Send Receive

Secondary Connection

TCP 321 In
UDP 321 Receive.

I strongly suggest you restrict this to a specific internal host for security!

Change 321 to whatever static inbound port you use.

This is tested and working with TMG SP2 hotfix 1.

However the TMG control service does seem to crash occasionally - which then shuts down the firewall service if you allow a high number of Bit Torrent connections.

< Message edited by richto -- 5.Feb.2012 8:42:06 PM >

(in reply to sadavala.sree)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> Access Policies >> how to enable torrent Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts