Brian’s BitTorrent FAQ and Guide: What ports does BitTorrent use? Will it work with a firewall/NAT?

(Answer) (Category) Brian’s BitTorrent FAQ and Guide : (Category) Configuring Your Network for BitTorrent : (Answer) What ports does BitTorrent use? Will it work with a firewall/NAT?
Prior to version 3.2, BitTorrent by default uses ports in the range of 6881-6889. As of 3.2 and later, the range has been extended to 6881-6999. (These are all TCP ports, BitTorrent does not use UDP.) The client starts with the lowest port in the range and sequentially tries higher ports until it can find one to which it can bind. This means that the first client you open will bind to 6881, the next to 6882, etc. Therefore, you only really need to open as many ports as simultaneous BitTorrent clients you would ever have open. For most people it’s sufficient to open 6881-6889.

The port range that BitTorrent uses is configurable, see the section (Xref) What are the command line parameters for the BitTorrent client?, specifically the --minport and --maxport parameters.

The trackers to which BitTorrent must connect usually are on port 6969, so the client must have outbound access on this port. Some trackers are on other ports, however.

BitTorrent will usually work fine in a NAT (network address translation) environment, since it can function with only outbound connections. Such environments generally include all situations where multiple computers share one publicly-visible IP address, most commonly: computers on a home network sharing a cable or xDSL connection.

However, you will get better speeds if you allow incoming connections as well. To do this you must use the “port forwarding” feature of whatever is performing the NAT/gateway task. For example, if you have a cable or DSL connection and a router/switch/gateway/firewall, you will need to go into the configuration of this device and forward ports 6881-6889 to the local machine that will be using BitTorrent. If your device makes it hard to enter a range of ports (if you must enter each one separately), then you can just do the first 10 or so ports, or however many simultaneous clients you plan to ever have open. If more than one person behind such a gateway wishes to use BitTorrent, then each machine should use a different port range, and the gateway should be configured to forward each port range to the corresponding local machine.

If you have one of these broadband router/NAT devices (such as the Linksys BEFSR41, D-Link DI-701/704, Netgear RT311, SMC Barricade, 3Com Home Ethernet Gateway, etc.) you will usually need to enter the web configuration of the device. If you’re not sure, try http://192.168.1.1 or sometimes http://192.168.0.1. If you can’t figure it out, try the manual for the device — they are often on the manufacturer’s web site in PDF form. You can also try the forums at places like Broadband Reports or Practically Networked. To see an example of what you’re looking for, this is a link to the Linksys BEFSR41 manual. Look at page 55, under the section “Port Range Forwarding.”

If you are using Microsoft’s ICS (Internet Connection Sharing), this article on mapping ports might be useful with the best bittorrent websites

If you are using a software firewall, then you must also enable incoming connections to be answered by the BitTorrent client program. Note that Windows XP includes a primitive firewall (“Internet Connection Firewall” or ICF) which you may have to configure for BitTorrent. Here are the directions for opening ports in the Windows XP firewall:

  1. Open the ‘Network Connections’ folder (click Start, then Control Panel, then Network and Internet Connections, then Network Connections.)
  2. Click the shared connection or the Internet connection that is protected by Internet Connection Firewall, and then, under Tasks, click Change settings of this connection.
  3. On the Advanced tab, click Settings.
  4. For each port you wish to forward, (i.e. 6881, 6882, … 6889) do the following:
    1. On the Services tab, click Add and enter all of the following information:
    2. In Description of service, type an easily recognized name for the service, such as “BitTorrent”.
    3. In Name or IP address of the computer hosting this service on your network, enter 127.0.0.1 (this means “the local machine.”)
    4. In both External and Internal port number for this service, enter the port number, e.g. 6881.
    5. Select TCP, then OK.

See this link or this link for more information about the XP firewall.

If you are running another type of software firewall (such as Zone Alarm Pro, Norton Firewall, McAfee Firewall, BlackICE Defender, etc.), you may have to do something similar to allow inbound access on ports 688x to the BitTorrent client (usually btdownloadgui.exe.)

For example, in Zone Alarm Pro, in the Program Listings, click on the program’s name (btdownloadgui.exe) and then click the Options button and then enter the ports to use. If you’re having trouble connecting, you might try giving BitTorrent access to all ports.

To open ports in the Mac OS X firewall, do the following:

  1. Open System Preferences.
  2. Click Sharing.
  3. Select the Firewall tab.
  4. Click the New… button.
  5. Click the popup menu in the dialog that appears, and choose Other….
  6. In the Port Number, Range, or Series field, enter 6881-6999.
  7. In the Name field, enter BitTorrent (or any other identifying string.)
  8. Click OK.
If you are using a linux box as your firewall machine, and are using iptables as your NAT/firewall, here’s how you can enable portforwarding to a specific machine for BitTorrent. Either append to your iptable configuration script or put this in a file of its own. This was written in bash, but should work for ash, zsh or plain old bourne shell too (not csh however).
—- start shellscript —-
 #!/bin/bash #bittracker portforwarding BTFORWARDADDR=192.168.1.3 BTPORTS="6890 6891 6892 6893 6894 6895 6896 6897 6898 6899" for pt in $BTPORTS; do   /sbin/iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport $pt -j DNAT --to-destination $BTFORWARDADDR:$pt   /sbin/iptables -A FORWARD -s $BTFORWARDADDR -p tcp --dport $pt -j ACCEPT done
—- end shellscript —-
What this does is for each port in the BTPORTS string, establish a prerouting forward to send it directly to the machine listed in BTFORWARDADDR instead of mangling it through NAT. Also, in the event you have a default setting of DENY or REJECT for your forwarding rules, it allows forwarding from the BTFORWARDADDR machine on each of the BTPORTS out to the net.


In addition to the syntax illustrated here, iptables supports the specification of a range of ports using the syntax –dport $START:$END so the whole 6881-6999 range used in BT 3.2+ can be NAT’ed. For example…
=== start script === #!/bin/bash BTFORWARDADDR=192.168.2.20 PORTSTART=6881 PORTEND=6999

  /sbin/iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport $PORTSTART:$PORTEND -j DNAT --to-destination $BTFORWARDADDR   /sbin/iptables -A FORWARD -s $BTFORWARDADDR -p tcp --dport $PORTSTART:$PORTEND -j ACCEPT

=== end script ===
This assumes that the host to which these ports will be forwarded, BTFORWARDADDR, will be using the same range i.e. no port redirection is required.

[Append to This Answer]

Next: (Answer) Can I use BitTorrent with a proxy server?

This document is: /cgi-bin/fom?file=25

[Search] [Appearance]
This is a Faq-O-Matic 2.721.
scriptsell.neteDataStyle - Best Wordpress Services