p2p, anonymity and security

Bill Mullen moon at lunarhub.com
Thu Mar 11 11:21:02 EST 2004 

On Thu, 11 Mar 2004, Greg Rundlett wrote:

> I would like to get bittorrent working, to be able to download ISO's and
> free software more quickly than perhaps I've been able to in the past,
> and at the same time donate my spare bandwidth to those around me who
> are looking for the same files.
[snip]
> I poked a few holes in my Linksys to forward packets to my Linux server.

I have no experience with other P2P apps than BitTorrent (and no interest 
in them, really), but I can tell you that to get the most out of BT, you 
need to tell your router to forward ports 6881 through 6889 inclusive to 
the internal machine running BT. You also need to limit the upload rate to 
no more than about 60-70% of your upstream bandwidth, or the inability to 
send packets in a timely fashion will choke your download speeds - and not 
just the BT d/l speed, but everything else on the box (browsing, etc.).

How the upload rate is limited will vary from client to client; with the 
ncurses client, it's a command-line option (--max_upload_rate). I have no 
idea how this is done with MLdonkey, nor do I know if it can support the 
range of open ports that BT requires for proper (IOW, fast) operation. You 
may have better luck with another client for the BitTorrent stuff - one 
that is more specifically tailored to BT, and not one that "tacks it on".

> So, my first question...Is a Linksys Router doing 'firewall' duty and 
> NAT easy to get past?  If the answer is yes, then what should I do?  Use 
> a firewall-specific distro to convert my old P133MHz box into a Linux 
> firewall?  Maybe someone wants $100 to come over and show me how it's 
> done? (location Newburyport, MA or E. Kingston, NH)

It should be acting as a reasonably effective firewall, and should only be 
permeable on those specific ports you have left open /and/ forwarded to an 
internal system. Should you opt to replace it with Linux, I've had great 
results with SmoothWall (http://www.smoothwall.org), which is very easy to 
install, works on low-spec systems, and has a browser-based interface. It 
also includes the Squid proxy, and Snort for intrusion detection/logging.

As for your offer, I'd take it, but I have no transportation (I'm in North 
Andover, MA, a stone's throw from 495). If that's not a problem for you, 
send me an e-mail and we'll set a mutually-convenient date and time.

HTH!

-- 
Bill Mullen   moon at lunarhub.com   MA, USA   RLU #270075   MDK 8.1 & 9.0
Veni, vidi, velcro. "I came, I saw, I stuck around."  -- Anonymous

More information about the gnhlug-discuss mailing list