Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Inexperienced Gentoo user with torrent question.
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Mr. Hibba
n00b
n00b


Joined: 17 Feb 2010
Posts: 36

PostPosted: Sat Feb 27, 2010 4:25 am    Post subject: Inexperienced Gentoo user with torrent question. Reply with quote

Hi all,

I've recently been using rtorrent without any known issues. One day, I came across this: http://sourceforge.net/projects/peerguardian/ . Do you think this program is worth the trouble to install? And can it work with rtorrent?

Since I'm on Linux anyway, is this overkill? I guess one can never be too protected online, but still...

Thanks all!
Back to top
View user's profile Send private message
d2_racing
Bodhisattva
Bodhisattva


Joined: 25 Apr 2005
Posts: 13047
Location: Ste-Foy,Canada

PostPosted: Sat Feb 27, 2010 4:30 am    Post subject: Reply with quote

It's not inside the portage tree at least.

So, right now you cannot install it via emerge, but you may find this program inside an overlay somewhere.
Back to top
View user's profile Send private message
Mr. Hibba
n00b
n00b


Joined: 17 Feb 2010
Posts: 36

PostPosted: Sat Feb 27, 2010 6:10 am    Post subject: Reply with quote

d2_racing wrote:
It's not inside the portage tree at least.

So, right now you cannot install it via emerge, but you may find this program inside an overlay somewhere.


Thanks. I was mainly wondering if it was really needed or not if I am to use torrents on Gentoo. I already have a firewall in our router as well as some rules set in iptables (No inbound FTP or SSH, nor ping. Don't know if I set any more.)
Back to top
View user's profile Send private message
zyko
l33t
l33t


Joined: 01 Jun 2008
Posts: 620
Location: Munich, Germany

PostPosted: Sat Feb 27, 2010 11:06 am    Post subject: Reply with quote

Some Bittorrent clients offer interal blocklisting support, for example net-p2p/deluge.
Back to top
View user's profile Send private message
d2_racing
Bodhisattva
Bodhisattva


Joined: 25 Apr 2005
Posts: 13047
Location: Ste-Foy,Canada

PostPosted: Sat Feb 27, 2010 4:16 pm    Post subject: Reply with quote

Can you post your iptables rules, because you may block torrents ports without knowing it.
Back to top
View user's profile Send private message
Mr. Hibba
n00b
n00b


Joined: 17 Feb 2010
Posts: 36

PostPosted: Sat Feb 27, 2010 8:04 pm    Post subject: Reply with quote

Not sure how to post my iptables rules, but I'll try:

Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP tcp -- anywhere anywhere tcp dpt:ftp
DROP tcp -- anywhere anywhere tcp dpt:ssh
DROP icmp -- anywhere anywhere icmp echo-request

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


That's all I have set.

I guess my main question is if ip-blocking is really needed or not, though. Is it probably overkill and I am paranoid? (Eh, I'm probably paranoid either way...).

And Zyko, thanks for the tip about BitTorrent clients with built-in blocklisting. For now, though, I kinda want to stick with rtorrent.
Back to top
View user's profile Send private message
d2_racing
Bodhisattva
Bodhisattva


Joined: 25 Apr 2005
Posts: 13047
Location: Ste-Foy,Canada

PostPosted: Sat Feb 27, 2010 9:04 pm    Post subject: Reply with quote

If you are a parano, try my parano iptables : http://gentoo-quebec.org/wiki/index.php/Utilisation_de_Iptables_pour_un_seul_ordinateur_mode_parano
Back to top
View user's profile Send private message
keet
Guru
Guru


Joined: 09 Sep 2008
Posts: 534

PostPosted: Sun Mar 14, 2010 1:58 am    Post subject: Reply with quote

d2_racing wrote:
If you are a parano, try my parano iptables : http://gentoo-quebec.org/wiki/index.php/Utilisation_de_Iptables_pour_un_seul_ordinateur_mode_parano


I tried it, and rather like it. Do you have an English version of that page? I felt like translating it into English -- I haven't finished yet, but if you particularly want an English version, I could type it for you.
Back to top
View user's profile Send private message
d2_racing
Bodhisattva
Bodhisattva


Joined: 25 Apr 2005
Posts: 13047
Location: Ste-Foy,Canada

PostPosted: Sun Mar 14, 2010 3:56 am    Post subject: Reply with quote

Yeah why not, I don't have much time nowadays, so basically I write doc with my native language, it's faster for my brain :P
Back to top
View user's profile Send private message
Mr. Hibba
n00b
n00b


Joined: 17 Feb 2010
Posts: 36

PostPosted: Thu Mar 18, 2010 5:29 am    Post subject: Reply with quote

Hey all, thank you all for your replies. I found out that PeerGuardian didn't quite do what I wanted it to, so that solves that problem.

Also, thank you for posting that link for IPtables. I don't really know much about IPtables/networking yet, so I haven't tried the guide yet. Thinking about it, but I don't know what the rules do.

Mr. Hibba.
Back to top
View user's profile Send private message
d2_racing
Bodhisattva
Bodhisattva


Joined: 25 Apr 2005
Posts: 13047
Location: Ste-Foy,Canada

PostPosted: Thu Mar 18, 2010 6:56 pm    Post subject: Reply with quote

No problem :P
Back to top
View user's profile Send private message
darkphader
Veteran
Veteran


Joined: 09 May 2002
Posts: 1199
Location: Motown

PostPosted: Fri Jul 02, 2010 5:43 pm    Post subject: Re: Inexperienced Gentoo user with torrent question. Reply with quote

Mr. Hibba wrote:
I've recently been using rtorrent without any known issues. One day, I came across this: http://sourceforge.net/projects/peerguardian/ . Do you think this program is worth the trouble to install? And can it work with rtorrent?

Since I'm on Linux anyway, is this overkill? I guess one can never be too protected online, but still...

I like having a blocklist, and I like rtorrent (it's by far the fastest client I've used). Since rtorrent has no blocklist capability I use a Bluetack blocklist on my firewall. First attempt was disappointing as the list is so expansive that it blocked normal web, etc. access to many sites (microsoft.com, openbsd.org, etc.). So I needed to figure out a way to block only rtorrent and not the rest of my traffic or traffic from my other systems (server, ps3, phone, nook, etc.). I use OpenBSD with PF as a standalone firewall/router but I'm sure Linux, etc. would work just as well.

Here's the script I run:
Code:
#!/bin/bash
ssh myname@myfirewall 'sudo /usr/local/bin/loadtorrentrules'
sudo /sbin/ip addr add 192.168.1.99/24 broadcast 192.168.1.255 dev eth0
/usr/bin/rtorrent
ssh myname@myfirewall 'sudo /usr/local/bin/unloadtorrentrules'
sudo /sbin/ip addr del 192.168.1.99/24 broadcast 192.168.1.255 dev eth0

This script does the following:
  • Tell my firewall to load the anchor ruleset that, among other things, blocks access to the blocklist addresses to and from 192.168.1.99.
  • Add the secondary address 192.168.1.99 to my network device (different from my dhcp reserved primary address - same subnet).
  • Start rtorrent.
  • When rtorrent is closed unload the anchor ruleset, flush the blocklist table, and kill the associated states.
  • Remove the secondary IP address from my network device.

Of course there are tables, scripts (to load/unload), etc. on the firewall to accomplish those directives and sudoers needs to be properly setup on both systems. I use public key encryption with keychain for security and to eliminate the need for passwords (passphrase is entered on first shell startup).

Also the .rtorrent.rc file contains:
Code:
bind = 192.168.1.99
This way rtorrent only binds to the secondary address.

Convoluted or elegant? You be the judge.

Chris
_________________
WYSIWYG - What You See Is What You Grep
Back to top
View user's profile Send private message
Mr. Hibba
n00b
n00b


Joined: 17 Feb 2010
Posts: 36

PostPosted: Thu Aug 05, 2010 8:22 pm    Post subject: Re: Inexperienced Gentoo user with torrent question. Reply with quote

darkphader wrote:
Mr. Hibba wrote:
I've recently been using rtorrent without any known issues. One day, I came across this: http://sourceforge.net/projects/peerguardian/ . Do you think this program is worth the trouble to install? And can it work with rtorrent?

Since I'm on Linux anyway, is this overkill? I guess one can never be too protected online, but still...

I like having a blocklist, and I like rtorrent (it's by far the fastest client I've used). Since rtorrent has no blocklist capability I use a Bluetack blocklist on my firewall. First attempt was disappointing as the list is so expansive that it blocked normal web, etc. access to many sites (microsoft.com, openbsd.org, etc.). So I needed to figure out a way to block only rtorrent and not the rest of my traffic or traffic from my other systems (server, ps3, phone, nook, etc.). I use OpenBSD with PF as a standalone firewall/router but I'm sure Linux, etc. would work just as well.

Here's the script I run:
Code:
#!/bin/bash
ssh myname@myfirewall 'sudo /usr/local/bin/loadtorrentrules'
sudo /sbin/ip addr add 192.168.1.99/24 broadcast 192.168.1.255 dev eth0
/usr/bin/rtorrent
ssh myname@myfirewall 'sudo /usr/local/bin/unloadtorrentrules'
sudo /sbin/ip addr del 192.168.1.99/24 broadcast 192.168.1.255 dev eth0

This script does the following:
  • Tell my firewall to load the anchor ruleset that, among other things, blocks access to the blocklist addresses to and from 192.168.1.99.
  • Add the secondary address 192.168.1.99 to my network device (different from my dhcp reserved primary address - same subnet).
  • Start rtorrent.
  • When rtorrent is closed unload the anchor ruleset, flush the blocklist table, and kill the associated states.
  • Remove the secondary IP address from my network device.

Of course there are tables, scripts (to load/unload), etc. on the firewall to accomplish those directives and sudoers needs to be properly setup on both systems. I use public key encryption with keychain for security and to eliminate the need for passwords (passphrase is entered on first shell startup).

Also the .rtorrent.rc file contains:
Code:
bind = 192.168.1.99
This way rtorrent only binds to the secondary address.

Convoluted or elegant? You be the judge.

Chris


Thanks for the info! This sounds good, but may be a bit much for me. I don't know alot about what rules to set.

Mr. Hibba.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum