Utorrent Port Is Not Open (you Are Still Able To Download)
Heberto Calderon
When using p2p softwares such as a torrent client or emule I am unable to open ports even if I allow them in my firewall and forward them in the NAT configuration. Even after doing those two things the p2p softwares say that the port is closed.
You have a stateful firewall: it accepts incoming packets if they belong to an existing connection. That way you can connect to other hosts (e.g. web servers or P2P users) and don't have to explicitly allow replies coming in.
However, if you connect out, those other hosts need to have the necessary ports allowed in their firewalls. With P2P connections that can easily become a problem: if both people decide they're fine with only outgoing connections, well, that also means neither one can accept connections from the other.
When I run the setup wizard, under the network section I get the following message: Port not open (you are still able o download). Does anyone know how to fix this or what is causing it? An help will be appreciated. Thank you.
I think I have the same problem. I have Red icon in the middle at the bottom of the Bittorent screen and when I hoover my mouse pointer over it, it says, "Not connectable. A firewall/router is limiting your network traffic. You need to open a port to......"
I've just noticed that if I run tests, I get that result... but what exactly does it mean for me? I still download at sufficient speed... although my upload is pretty poor. (I know upload is always slower than download.) Could it be limiting my upload? If so, I'd like to fix it, even if it's not something that really affects me.
I did spend about a two hours trying to manually forward the port, and then ponder at why, even though my router displays the port forwarded correctly, Torrent was not picking up on it. It kept telling me to turn on NAT-PMP and/or UPnP (which don't work) even though I know those need to be off.
The open port test in uTorrent doesn't work properly (they are working on it I believe) so you don't need to worry about it. If you have the green check in the bottom right hand side of the uTorrent window, you should be fine.
So, should I still have the ports forwarded in my router, or does NAT-PMP and/or UPnP work just as they should? Would the Port Checker software you linked be able to tell if NAT-PMP or UPnP is working, or can it only check if the port is manually forwarded correctly?
I think the port needs to be open so others can see you and your files rather than the other way around. Routers normally block incoming data rather than outgoing data. If you cannot browse other peoples files then they probably have their listening port blocked or they are simply on the other side of the world from you with a poor internet connection.
Those port forwarding guides are often a little bit overly generic. They don't tell you anything about how your software (like Soulseek) may in fact be capable of automatic port forwarding via UPnP or NAT-PMP, and that you just need to pick the right one and make sure your router is accepting requests made via one of those protocols.
Turning off DHCP and using static IP address, if you ever need to do it, is something that doesn't actually require external software, which makes me suspicious of that site! Their software could be adware or could be carrying malware or be difficult to uninstall.
Besides, using a static IP can prevent your computer from working on other networks, like other LANs (including WiFi networks), if they don't use the same addressing scheme as yours. In my opinion, if you want things to just work with a minimum of fuss, you shouldn't stop using DHCP unless your computer never travels.
Like a lot of programs that need to act as a server accepting incoming connections, the Soulseek client first tries talking to your router via UPnP and/or NAT-PMP in order to get the router to configure the port forwarding automatically. So as long as your router is configured to accept messages in one of those protocols from your LAN, Soulseek should "just work" without you having to do anything special.
Some routers come with UPnP or NAT-PMP disabled by default, because when you allow automatic port forwarding, any device on your LAN can begin accepting connections from the outside world, which is a security risk. But so much software (especially games) need to do port forwarding, I think it's more common now that most routers just come with it enabled.
I still think UPnP and NAT-PMP is unreliable and unsecure and should be avoided. Once you get to grips with router settings and manual port mapping it only takes a min to set up. It's useful knowledge that can be reused for torrents, gaming etc.
Do you really want your router to be set up to allow software on your pc to open ports with out you knowing about it?
Fully agree that it's simplest to use your router to assign a static ip via DHCP.
Maybe you have only done the first step.
The image shows that you have created some port forwarding rules for slsk.
You now need to associate the slsk rules to your pc.
Normally in the router setting you can find a list of connected devices and then choose which 'Game or Application' it can use.
Sorry if you have already done this and I am telling you stuff you already know.
My understanding of FTP over SSL (ftps) is that it doesn't work well with firewalls and NAT. In an ordinary FTP session, the information about data connections is read, and for NAT modified, by the firewall in order for the firewall to dynamically open the needed ports. If that information is secured by SSL, the firewall can't read it or change it.
One thing not mentioned is whether or not your firewall is performing NAT and whether or not it is static NAT or dynamic NAT. If your client machine has a static address or is being statically NATed, you may not need to make any firewall changes, assuming you allow all outbound traffic and the server operates only in Passive mode (PASV).
You need to find out which port is the Control Connection. You list 3, which seems odd to me. Assuming the server only works in PASV (passive) mode, you need to figure out how the server is configured to allocated DATA ports. Have they locked down the DATA channel to a single inbound port? Have they locked down the DATA channel to a small range or ports?
I believe the ports around 990 were for implicit SSL, which was an old non-standard way of doing FTP/SSL. The "right" way these days is explicit SSL, which means you still connect on port 21 and then negotiate SSL before sending your goodies. To support connections through a firewall, you need to use PASV mode and hard set the data ports to be used.
FTPS worsk in 2 way. Explicit and Implicit. Explicit is less secure because after the initial handshake skips encryption during data transfers [if data encryption is maintained is configurable on server side with PROT P], while the Implicit keeps the encryption of the data after handshake too.The default Explicit FTPS port is 21. The default Implicit port is 990 ( after handshake it will switch automatically to 989 for data transmission, if not configured differently).While port 21 is generally accepted as EXPLICIT FTPS and 990 as IMPLICIT FTPS, in reality whichever port you will configure, except 990/989, will lead to EXPLICIT FTPS while ONLY 990/989 will be accepted as IMPLICIT FTPS.
So, to answer your question:- depending on the FTPS Server configuration, you'll need to open port 21 or 990/989. However, just to be sure, you should contact the FTPS Server admin and ask for directions. Also, keep in mind that for passive mode, as with every other FTP software, you'll have to open additional ports (TCP/UDP) usually something from the range 64000-65000.
Depending on the application, consider HTTPS. A file upload is really simple, and a download obviously is as well. If you're scripting the FTP anyway, it's probably going to be easier altogether to script an HTTPS file upload.
Automated FTP is a sign of a design problem. I noticed this when dealing with a total of about a dozen vendors that 'required' a place I worked to do automated FTP (for VERY important things), and when making dozens of customers do it with that same shop (a design failure for about 20 distinct uses I witnessed). It was easy to convince most app guys to use HTTPS (usually at the mention, they said "wait, there's no reason we're not just having them get it with HTTPS from the web server we're already serving them data on?"), except a few that gave responses like "well, we already have these scripts that seem to work, and no one on our team is really good with scripting so we cant really make any changes" (a team of 5-10 programmers, pretending to not understand that they can write it in a language of their choice, because they don't know how to write a trivial program from scratch.).
The vendor may be able to configure a narrow port range for the DATA connection ports, if they haven't already. Then you can open the same range on your end, for the hosts that need such access. PASV mode should be used.
Port 22 is standard since the SSH daemon on UNIX has a SFTP module that you can enable to basically make a explicit SFTP server. If you want to run a implicit FTP server with Filezilla then you can run it on any port you want but there is a catch: if you use FileZilla client you need to specify the ftp site URL as ftps://mysite.com:8086 rather than putting the port in the separate port field that the FileZilla client provides.
For the explicit option you only need ONE port: 22. For the implicit option you only need to have the firewall open for the control port: 8086 (which forwards internally to port 21 on your filezilla server).
On your end you should configure your firewall to allow port 22 outgoing, and related incoming traffic. This will allow communication on any incoming port that is related to the initial outgoing connection on port 22.
So it works like this: A client in passive mode can connect to a client which is in active mode, but not to a client which is in passive mode. A client in active mode can connect to both active and passive clients.
c80f0f1006