this post was submitted on 24 Jun 2024
47 points (92.7% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54476 readers
811 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

Hello,

I am using qbittorrent for torrenting and my ISP has refused to open up firewall because of fucking "security" reasons. however I can still seed the torrent how is that possible? I mean all the incoming connections should be blocked right? isn't it how firewall works?

all 32 comments
sorted by: hot top controversial new old
[–] [email protected] 37 points 4 months ago (2 children)

VPN with port forwarding should work. No way your ISP can block that

[–] [email protected] 8 points 4 months ago (1 children)
[–] [email protected] 2 points 4 months ago

I've used this for years. Works great.

[–] [email protected] 4 points 4 months ago (4 children)

Except that no good VPN does this anymore (I believe Mullvad was one of the last to pull the service and cited massive headaches due to CP violations). So if you find one that does, it's most likely pretty sketch or just not that secure.

[–] [email protected] 2 points 4 months ago (1 children)
[–] [email protected] 1 points 4 months ago

Can confirm AirVPN works

[–] [email protected] 2 points 4 months ago (2 children)
[–] [email protected] 1 points 4 months ago

It’s a song and dance on macOS and Linux but yes they do: https://protonvpn.com/support/port-forwarding-manual-setup/

[–] [email protected] 1 points 4 months ago

Yes, ProtonVPN still provides port forwarding. They randomly assign you a single port every time you connect, so you'll have to update the settings in qB occasionally, but it's manageable.

[–] [email protected] 2 points 4 months ago
[–] [email protected] 1 points 4 months ago

PIA works for me a long time now. It's cheap and faster than my Internet connection so it ticks all the boxes for me.

[–] [email protected] 32 points 4 months ago* (last edited 4 months ago) (2 children)

Stop using your ISPs router and they're not going to have much control over it.

[–] [email protected] 20 points 4 months ago (1 children)

no they have firewall enabled on their side so even if I use my own router it won't do much.

[–] [email protected] 18 points 4 months ago (3 children)

That sounds weird and super invasive...where is this?

[–] [email protected] 22 points 4 months ago (2 children)

They're probably just using CGNAT.

[–] [email protected] 9 points 4 months ago (1 children)

That's not a firewall though, which is what OP mentions.

[–] [email protected] 19 points 4 months ago (2 children)

Does OP really know exactly what technology at his ISP is preventing him from "opening ports"?

[–] [email protected] 6 points 4 months ago (1 children)

Maybe not, but you and I definitely dont, so let's stick to what they're actually saying instead of guessing.

[–] [email protected] 3 points 4 months ago

You commented that it's "super weird and invasive" for an ISP to "firewall" listening ports. It just so happens that CGNAT also has the same effect and is super commonly used right now.

I think I'm good 👍

[–] [email protected] 5 points 4 months ago

Yes I know what's preventing me from opening ports. I also called my ISP they said we can't open the firewall so the incoming connections will be blocked.

[–] [email protected] 8 points 4 months ago

It's definitely not CGNAT. I have tested it using traceroute.

[–] [email protected] 8 points 4 months ago

Ipv4 shortage lead to a lot of IPS adopting CG-NATs where they are sharing one exit IPv4 for multiple end users and that's why opening a port on the end user side won't do a thing as your just opening a port in the ISP Network and not to the Internet

[–] [email protected] 2 points 4 months ago (1 children)

Who says the ISP isn't blocking ports via a firewall?

I thought it was common practice for ISPs to block certain ports for residential connections?

[–] [email protected] 4 points 4 months ago

They will usually block port 25 so you can't run a mail server. It's unusual for an ISP to block everything unless you are on CGNAT.

[–] [email protected] 8 points 4 months ago

Also in some places your ISPs can refuse to give you the PPPoE keys

[–] [email protected] 27 points 4 months ago* (last edited 4 months ago)

however I can still seed the torrent how is that possible?

Yes you can still seed as well as download. But you are limited and can only upload and download torrent data in swarms that contain peers that are themselves fully connectable (port forwarded).

So say you join a torrent swarm that only contains peers just like you (firewalled, no ports forwarded) then no one will transfer any torrent data with each other. Everyone is stuck waiting for a fully connectable (port forwarded) peer to join that swarm.

[–] [email protected] 16 points 4 months ago (1 children)

If the firewall just means no incoming connections, your computer can still reach out to the other side (if they open their port)

[–] [email protected] 2 points 4 months ago

Right, only one side of the connection needs an open port (and most clients will let that be either seed or leech side)... this is why having an open port on your end is useful if you're downloading, since you can download from seeders that don't have an open port.

[–] [email protected] 4 points 4 months ago* (last edited 4 months ago)

BT protocol works thru both parties. You have seeders and leachers (called peers). Both need to make a connection but how that connection is initiated and opened is important. If a peer initiates the connection and has their ports open, you're good, regardless of your own setup.

Unfortunately not every seeder does this (for various reasons). And that's when having your ports open makes a world of difference. Because if the peer also has their ports blocked, you will never get a successful handshake between the two of you.

On torrents that have hundreds of peers, you're likely fine; they'll be plenty that can initiate the transfer for you. But when you get obscure torrents with only a handful of peers, you're likely fucked. I'm over simplifying for the sake of discussion.

[–] [email protected] 3 points 4 months ago

Just wondering if this is still happening over a VPN?

[–] [email protected] 3 points 4 months ago

It sounds like everything is working, so… whats the issue?