January 22nd 2018

linux, bittorrent, firewall

Transmission Bittorrent Client behind a Restricted Firewall


I try to run a strict firewall on my desktop machine. Outgoing ports are denied by default (and not only incoming as usually).

I also want to run a bittorrent client from behind that firewall - transmission-daemon in my case.

In order to download, it also needs to send some data. Of course it would not download anything without modifications to the firewall. Now every answer on the web says I have to open at least one incoming port in the range between 49152 - 65535 for tcp. In transmission's settings, you then have to specify that port. Saying I choose 55555, and ufw as my firewall, I have to issue this command:

ufw allow in 55555/tcp

If you choose to "Randomize port on startup" you will have to open all ports between 49152 - 65535.

But that in itself is not enough. Not to slacken my firewall rules too much, i decided to investigate with netstat (source).
The historical netstat is replaced by ss here.

sudo ss -tuapn | grep transmission
sudo ss -tuapn | grep transmission | awk '{print $5}'

Now this is where my networking prowess ends. You get a nice list of IPs and ports, but I have no idea if all of them have to be opened for incoming connections.

After some fiddling with both ufw and my router's firewall (!) I got it working.