My Blog

The Basics

Although I am a medium to heavy downloader, I have not dabbled too much on torrents and torrent clients such as BitTorrent or µTorrent. And I do not play online games at all. So when I started poking around with torrents, I first came across the term and the nightmare called port forwarding.

Initially my DSL modem was setup in bridge mode and I discovered that in bridge mode all ports are automatically forwarded. Later on, I configured my modem to PPPoE mode. This is when I started having problems with my torrents. I got low speeds and µTorrent reported that the port it was using was not open (there was a yellow exclamation mark in the status bar).

So my port forwarding experiments began. I was naturally referred to the excellent site – Portforward.com. But in spite of being computer savvy, I could not crack it. Finally, I managed to figure it out and all from Portforward.com.

But hang on! Some basic details first.

Ports

In the TCP/IP world, computers recognize each other by means of the IP address. This is true in case of internet (public network) or intranet (private network). But to actually pass signals from one computer to another, ports come into picture. This is not much different that real life ports (seaports or airports).

In a computer there are 65536 ports in total. These are from 0 to 65535. Some of the ports are reserved for special purposes (Port 0 to Port 1023), e.g.,

Port 20 = FTP

Port 23 = Telnet

Port 80 = Web server pages (http)

Some games use specific ports. For example, the game Battlefield Vietnam uses the port 14567.

Port Security

On real life ports, there are guards (immigration and customs) who protect what comes in or goes out to/from the country. Similarly in case of computers, ports are protected by some hardware or software – these are called firewalls. When we connect to the internet, the firewall protects our computers from external attacks:

DMZ

DMZ stands for De-Militarized Zone. The term comes from the geographic buffer zone that was set up between North Korea and South Korea following the UN "police action" in the early 1950s. It is also known as the 38^th parallel.

In computer networks, a DMZ (demilitarized zone) is a computer host or small network inserted as a "neutral zone" between a company's private network and the outside public network. It prevents outside users from getting direct access to a server that has company data. A DMZ is an optional and more secure approach to a firewall and effectively acts as a proxy server as well.

Users of the public network outside the company can access only the DMZ host. The DMZ may typically also have the company's Web pages so these could be served to the outside world. However, the DMZ provides access to no other company data. In the event that an outside user penetrated the DMZ host's security, the Web pages might be corrupted but no other company information would be exposed.

The following diagram explains a typical DMZ.

How torrents work

In a typical web service, our PCs are clients whereas the URL that we type is a server. We request something from a server such as a web page, information or a complete file. Sometimes we also send information to the server to be processed. This is a typical client-server environment. Torrent downloads are completely different. When we are downloading from torrents, this is not a typical client-server environment. There is no central server that is attending and serving the download requests.

In a torrent (or peer-to-peer) network, all connected computers share files. Some computers are uploading (seeding) while others are downloading (leeching). A file is made up of many blocks and the file is downloaded or uploaded, block by block. When someone starts a fresh download, that client starts with zero. It finds other computers in the P2P network that have the file to share (seeds). The download (leeching) starts block by block. When the download completes, the same computer is now ready to share. Now the leech becomes the seed.

Some points to be noted:

– A file may be seeded by 10 peers. When someone is downloading, the file blocks are downloaded from any seed and not necessarily from the same peer.

– A leech becomes a 100% seed at the end of the file download. However, as soon as you have some blocks downloaded, you are ready to seed (share) them

– So even while downloading (leeching), uploading (seeding) is also going on

Why port forward?

As explained above, a firewall protects our computers from the outside world. The firewall allows only such traffic that is a request or reply to a request that is originated from the computer inside the private network. Even then, if the firewall feels that such requests/replies are a potential threat to the security, they are denied.

In a P2P network, your computer must be able to communicate directly with other computers. For this direct communication to be as fast as possible, ports must be opened. Torrent downloads and Online gaming is via P2P networks. Many online games have dedicated ports. Torrent clients allow ports to be selected.

Which ports to use for Torrent Clients?

The port numbers are divided into three ranges: the Well Known Ports, the Registered Ports, and the Dynamic and/or Private Ports.

The Well Known Ports are those from 0 through 1023. Well Known ports SHOULD NEVER be used.

The Registered Ports are those from 1024 through 49151. Many applications and games use the ports in this range. The application an port number should be registered with Internet Assigned Numbers Authority (IANA). The IANA is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. DCCP Registered ports SHOULD NOT be used without IANA registration.

The Dynamic and/or Private Ports are those from 49152 through 65535. These are available. So use any port from 49152 to 65535. These are still quite a large number. After all you need only one.

Where is port forwarding done?

Port forwarding is always done on the router. If the router is configured as a bridge, then there is no need to port forward as all ports are forwarded by default.

How to port forward?

This is extensively covered by the excellent site – Portforward.com.

What information is required for port forwarding?

You basically require the following information:

a) Private IP Address

b) Port Numbers (to forward).

Sometimes, other information such as Application name is also required.

Which is the IP address to be used in port forwarding?

Below is a (home) network with a single router.

When this router connects to the internet, it gets a public or external IP address, e.g. 117.195.96.123. This router also has an internal IP address 192.168.1.1. The Network Address Translation (NAT) service inside the router translates the external address to the internal address and vice versa.

This router may have one or more networked devices attached to it via USB or Ethernet. There networked devices could be computers, printers, scanners, etc. or just about anything that can be networked.

Each networked device will get a private or internal IP address. This internal IP address is assigned by the DHCP server inside the router. All these networked devices will have the same default gateway, viz., the router. Hence the default gateway address is 192.168.1.1.

Now consider the case of having two Routers (below picture). The second router could be a wireless router also.

In this scenario there is one more NAT layer as defined by the second router. Thus there are two private networks in this case.

In the first case, the IP address to be used in port forwarding is the private IP address of the computer, viz., 192.168.1.3.

Implications: Port forwarding in available on 192.168.1.3 only. If there are more computers in the network, these will also need to be configured separately, if port forwarding is needed on those.

In the second case (RHS picture), the PC is the second private network. Here port forwarding become tricky and depends upon which router is configured in PPPoE mode.

Assume that the first router (internal IP address = 192.168.1.1) is configured in PPPoE mode, while the second router (internal IP address = 192.168.2.1) is configured in bridge mode. In this case port forwarding is to be done on the first router (because in bridge mode all ports are forwarded automatically). Since the port forwarding in to be configured on the first router, the IP address to be used is external IP address of the second router, viz., 192.168.1.5.

Implications: Port forwarding in done on all computers in the second private network.

Now assume that the first router (internal IP address = 192.168.1.1) is configured in bridge mode, while the second router (internal IP address = 192.168.2.1) is configured in PPPoE mode. In this case port forwarding is to be done on the second router. Since the port forwarding in to be configured on the second router, the IP address to be used is internal IP address of the PC, viz., 192.168.2.100.

Implications: Port forwarding in available on 192.168.2.100 only. If there are more computers in the network, these will also need to be configured separately, if port forwarding is needed on those.

Port Forwarding on UT-300R2U

The UT Starcom’s UT-300R2U ADSL modem/router is the most common router provided by the premier ISP in INDIA: BSNL and MTNL. Some time ago there was a lot of anguish by certain users on how to port forward using this router. Hence I am covering this modem router in this guide. The guides on Portforward.com cover almost each and every ADSL/Cable modem on this planet.

I am explaining with µTorrent because I like this client a lot because it is very light in size and is very low on resources.

Open µTorrent. Click on Options and select Speed Guide as shown below. Alternately use the keyboard shortcut Ctrl+G.

When the speed guide opens, do the following first:

In the Connection Type drop-down list, select your DSL speed.
In the Current Port field enter a port number. The port number could be any unreserved port.

Yeah! Yeah! I said select a port from 49152 through 65535. I chose 38144. What the heck? It is unreserved (I checked).
Click on the Test button (Test if port is forwarded properly).

Chances are that the port is not forwarded and you will get a following error in your browser:

So open your UT-300R2U web configuration page by typing http://192.168.1.1 in your browser address bar. You will get a sign-in box: (192.168.1.1 may not work sometimes then go to properties of TCP/IP settings in and check on automatically obtain IP address and DNS address. Now go to Start > Run > cmd > ipconfig/all, see your default gateway in that and type the default gateway in the address bar)

The username is ‘admin’ and the default password is ‘admin’ – but you many have changed it already (as you should). So enter the correct password and click on OK.

After correct login you should get the router’s home page. Click on Advanced as shown below:

You will get the ‘Advanced’ option. From the LHS panel, click on Virtual Server as show below:

In the Virtual Server page enter the following:

Private IP: The IP address where port forwarding should take place (refer above)

Protocol: Any

Local Port: 0

Destination Port dropdown list: You can select from ‘Single Port’, ‘Port Range’, ‘Any Port’ or ‘Safe Ports’

In case of ‘Single port’, you can specify Destination Port From. In case of ‘Port Range’ specify the ‘Destination Port From’ and ‘To’. In case of ‘Any Port’, all ports will be opened. In case of ‘Safe Ports’, only the safe ports, i.e., 1024 to 65535, will be opened.

Click on Apply. You will see the following.

Repeat this exercise for as many private IPs and port combinations that you wish. The list will keep growing.

Test that ports are forwarded. Go back to the µTorrent Speed Guide and re-run the test. Now you should get:

We are not done yet!!!

The last steps are to save the modem settings and reboot the modem. Merely clicking on ‘Apply’ will only create the rule and will be applicable for that session only. When the modem is switched off and on again, the previous settings will be lost. So go back to the router setup page. Click on Tools tab from the top panel. In the Tools tab, click on Misc.