Open up Transmission go to Edit > Preferences then the network tab. Make sure 'Port used for incoming connections' is 51413 and that pick a random port every time transmission is started is not checked.
See if this helps.
Ubuntu Cappuccino Scuro
Open up Transmission go to Edit > Preferences then the network tab. Make sure 'Port used for incoming connections' is 51413 and that pick a random port every time transmission is started is not checked.
See if this helps.
Ubuntu Member
SSH gets hammered by brute force attacks pretty much from the moment it is first turned on. An example of limiting the rate of connection attempts might be helpful.
Ubuntu Cappuccino Scuro
This guide was designed for the desktop system running no services. However here is an example of using iptables to rate limit.
This will drop any connections that are attempted more than 10 times in 60 seconds to port 22 TCP. Keep in mind if you have a rule like thisCode:iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
the first rule must come before it.Code:iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
Hope this helps.
A Carafe of Ubuntu
Yep, those are the setting I have. So still no joyOriginally Posted by Dangertux
It seems from netstat that transmission is listening on 51413 but is also attempting connections on various high number ports..
Ubuntu Cappuccino Scuro
Yep, those are the setting I have. So still no joy
It seems from netstat that transmission is listening on 51413 but is also attempting connections on various high number ports..
Okay this is really weird, I can't reproduce this 100% of the time but if you're having issues with bittorrent and this guide allow port 6969 TCP outbound in your firewall. For some reason some versions netfilter will consider the tracker connection RELATED others it does not, I'm not sure why. But that should fix your problem.
A Carafe of Ubuntu
Still no joy for me...well actually I did manage to get a torrent downloading at a very very very slow speed for a few seconds, but then nada on any others after that unless I turn the ufw off. After having a google, I wonder if for some reason when the firewall is on I need to do portforwarding on 51413 to allow transmission to work? I'm not not sure about this though..
Ubuntu Cappuccino Scuro
You shouldn't have to port forward anything, since the firewall is local to the machine there is really nothing to port forward to.
Quad Shot of Ubuntu
I've found that fail2ban works wonders for brute force attacks.
Ubuntu Cappuccino Scuro
Added a little bit to the iptables section. Because Debian based systems are stupid about iptables-save. Should solve some of the persistence problems several users have PM'ed me about where their iptables rules are disappearing when they reboot.
Ubuntu Member
An excellent posting, and it obviously took some time to do.
In method 3, iptables, I do not understand something about the peristent stuff. I understand the part about saving the rules and using the saved version on boot up (and I have used that method in the past). What I am not understanding is how the various /proc/sys/net bits would get set or reset as per the original script, as this part would not be done via the iptables-restore command. As mentioned in the comments in the example script, maybe it doesn't matter for this case. I use the rc level stuff to execute my firewall script on system startup, and actually didn't know about the pre-up method used in this example. If one needs it for some reason, such as some non-iptables related stuff, could the pre-up method just execute the original script? For example:Code:pre-up /home/doug/init/iptables.sh
Last edited by Doug S; November 13th, 2011 at 06:18 PM. Reason: typos, always typos
Posting Permissions
Adv Reply
Bookmarks