Hello,
I am using qbittorrent for torrenting and my ISP has refused to open up firewall because of fucking “security” reasons. however I can still seed the torrent how is that possible? I mean all the incoming connections should be blocked right? isn’t it how firewall works?
VPN with port forwarding should work. No way your ISP can block that
E.g. PIA
I’ve used this for years. Works great.
Except that no good VPN does this anymore (I believe Mullvad was one of the last to pull the service and cited massive headaches due to CP violations). So if you find one that does, it’s most likely pretty sketch or just not that secure.
There’s AirVPN
ProtonVPN?
It’s a song and dance on macOS and Linux but yes they do: https://protonvpn.com/support/port-forwarding-manual-setup/
Yes, ProtonVPN still provides port forwarding. They randomly assign you a single port every time you connect, so you’ll have to update the settings in qB occasionally, but it’s manageable.
Stop using your ISPs router and they’re not going to have much control over it.
no they have firewall enabled on their side so even if I use my own router it won’t do much.
That sounds weird and super invasive…where is this?
They’re probably just using CGNAT.
That’s not a firewall though, which is what OP mentions.
Does OP really know exactly what technology at his ISP is preventing him from “opening ports”?
Maybe not, but you and I definitely dont, so let’s stick to what they’re actually saying instead of guessing.
You commented that it’s “super weird and invasive” for an ISP to “firewall” listening ports. It just so happens that CGNAT also has the same effect and is super commonly used right now.
I think I’m good 👍
Yes I know what’s preventing me from opening ports. I also called my ISP they said we can’t open the firewall so the incoming connections will be blocked.
It’s definitely not CGNAT. I have tested it using
traceroute
.
Ipv4 shortage lead to a lot of IPS adopting CG-NATs where they are sharing one exit IPv4 for multiple end users and that’s why opening a port on the end user side won’t do a thing as your just opening a port in the ISP Network and not to the Internet
Who says the ISP isn’t blocking ports via a firewall?
I thought it was common practice for ISPs to block certain ports for residential connections?
They will usually block port 25 so you can’t run a mail server. It’s unusual for an ISP to block everything unless you are on CGNAT.
Also in some places your ISPs can refuse to give you the PPPoE keys
however I can still seed the torrent how is that possible?
Yes you can still seed as well as downloaded. But you are limited and can only upload and download torrent data in swarms that contain peers that are themselves fully connectable (port forwarded).
So say you join a torrent swarm that only contains peers just like you (firewalled, no ports forwarded) then no one will transfer any torrent data with each other. Everyone is stuck waiting for a fully connectable (port forwarded) peer to join that swarm.
If the firewall just means no incoming connections, your computer can still reach out to the other side (if they open their port)
Right, only one side of the connection needs an open port (and most clients will let that be either seed or leech side)… this is why having an open port on your end is useful if you’re downloading, since you can download from seeders that don’t have an open port.
Just wondering if this is still happening over a VPN?
BT protocol works thru both parties. You have seeders and leachers (called peers). Both need to make a connection but how that connection is initiated and opened is important.
If your ports are blocked, you can still download, provided the seeders initiates the handshake. It’s how websites work and the fact that you can download something from say Apple.com or Steam.com without needing to open any ports.
Unfortunately not every seeder does this (for various reasons). And that’s when having your ports open makes a world of difference. Because if a seeder needs you to initiate, you never will and while there may be 40 seeders, you don’t connect to any of them.
On torrents that have hundreds of peers, you’re likely fine; they’ll be plenty that can initiate the transfer for you. But when you get obscure torrents with only a handful of peers, you’re likely fucked. I’m over simplifying for the sake of discussion.
A seedbox is going to be your friend in instances where your ISP blocks P2P traffic like this. As another user mentioned, it’s likely the ISP is using something called CGNAT to route traffic from multiple customers over the same IP. This is a pain for self-hosted services and the easiest way to deal with it is to simply not go through your own ISP. There’s a lot of options for seedbox vendors out there, I’d take a look around and determine what’s affordable for you.
It sounds like everything is working, so… whats the issue?