• Aceticon@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    24
    arrow-down
    1
    ·
    edit-2
    1 month ago

    Unfortunately my VPN provider doesn’t support Port Forwarding (they’re great in everything else, but suck on this) so if I just start seeding from scratch no peers will ever manage to connect to my machine. The only way I can contribute back to the community is when a Download session ends and starts seeding (basically all those peers that my machine checked during the download stage get recorded in the VPN’s Router NAT as associated with my machine so if they try to connect to my machine later, for example to download a block, they get through), so my torrents are just left to seed after downloading (if I stop it and start seeding later, it might not work anymore depending on how long has passed).

    Fortunatelly I have a fast internet connection and torrenting is done in a server machine, so I just leave it setup to a 2:1 seeding ratio for as long as it takes to get there and pretty much all torrents I download reach that seeding ratio (it pretty much only fails to reach that on really obscure torrents with very small swarms).

    I’ve been sailing the high seas for over 3 decades and long ago saw the importance of doing my bit to keep the whole ecosystem alive.

    So I might not be seeding everything I have (and as it’s been 3 decades, I do have some stuff which is now very obscure), but everything I get from the community I seed 2x as much so that others can get it too.

    • sad_detective_man@sopuli.xyz
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 month ago

      I’ve been trying to understand port forwarding since I keep seeing that I need to set it up for my torrent client to work reliably. But I read that it sends your traffic “outside” of your VPN encryption. Doesn’t it kind of defeat the purpose or am I understanding it wrong?

      • Aceticon@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        18
        ·
        edit-2
        1 month ago

        In a VPN your own machine sits behind a Router from the VPN provider in a NAT configuration (meaning that during VPN tunnel initialization that router gives your machine an IP address from one of the so-called “internal” IP address range - most commonly one in the 192.168.x.x range - which are NOT valid to have visible in the Internet) and which multiple machines all over the world sitting behind other routers can use at the same time (for example: even though it only has 254 valid addresses, there are probably millions of machines running right now with an IP address in the 192.168.1.x range, which is by far the most popular range of internal IP addresses).

        The IP address which is visible on the actual Internet has to be one which is not from an internal range or other kinds of special ones, and that’s the one that the VPN provider Router shows to the outside. (There are a few “tell me my IP address” websites out there which will let you know what that address is).

        This is also how home routers work in providing multiple machines in your home access to the internet even though its on a single ISP connection which has only one IP address valid for the Internet.

        To make all this work, such routers do something called NAT-Translation: connection requests from the INSIDE to the OUTSIDE go to the router, which changes ip:port information of those requests from the internal ip and a port in that machine to be the router external ip and a port the router has available, and then forwards the request the outside. The router also records this association between the external machine, the port the router used for it and the internal machine and the port on it the connection came from, on an internal table so that when the OUTSIDE machine connects to the router on that specific port, the router treats that inbound connection request as associated to the earlier outbound request and does the reverse translation - it forwards that inbound request to the internal machine and port of the original outbound connection.

        However - all this only works when your machine first connects from the inside to an machine on the outside, because that’s when the router translates the IP address and Port and memorizes that association. If however you gave the IP address in some other way to that remote machine other than connecting to it via the router (for example, you have registered a Domain Name pointing to it, or you just gave the IP address and port number to a friend and told them “this is my Jellyfin machine”), any connection coming from the outside will not be routed by the router to your machine, because the router never had an original outbound connection to make the association for any return inbound connections: from its point of view some random machine is trying to connect to one if its ports and it simply doesn’t know which internal machine and on which port on it is supposed to get this connection from that unknown external machine.

        Also all this is dynamic - after a while of one such association not being used, the router will remove it from memory.

        Port Forwarding is a static way to explicitly configure in a router that all connections arriving at a specific port of the router are ALWAYS to be forwarded to a specific internal machine and a specific port on that machine.

        Given that the association is static, you can give the outside world in any way you like without involving the router (for example, listing in some kind of shared list, which is what the Torrent protocol does), the IP of the router + the forwarded router port, as the address for a “service” that’s running on your internal machine, and any request coming from the outside on that port even if your machine never connected to that remote machine, ever gets forwarded to the internal machine and the port you configured there.

        With port forwarding you can for example host your own website behind a VPN or in a home machine that’s not directly connected to the internet because any requests coming into a specific port on the router that does have a direct connection to the internet always get forward to that machine and the port on it you configured.

        In the old days Port Forwarding had to be manually configured on the Router (for example, via a web-interface), but nowadays there is a protocol called uPNP that lets programs running on your machine automatically request that the router sets up a Port Forwarding for them so this is often done transparently, which how most networked applications sitting on a machine at home behind a home routers, work just fine since those routers always support port forwarding.

        PS: All this shit is actually one enormous hack, that only exists because IPv4 doesn’t have sufficient IP addresses for all Internet connected machines in the World. The newer IPv6 does have more than enough, so it’s theoretically possible that all your machines get a valid Internet IPv6 address and are thus directly reachable without any NAT on the router and associated problems. However I’m not sure if VPN provides which do support IPv6 actually have things set-up to just give client machines a direct, valid on the Internet IP address, plus a lot of protocols and applications out there still only work with IPv4 (byte . byte . byte . byte) addresses.

        • sad_detective_man@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          1 month ago

          Thank you for taking the time writing all this up for me. That makes me glad I asked because most info I was finding with google-foo was telling me to set up port forwarding the old way with my router and not really doing a good job of laying out how and why it works to begin with. After having switched from Tribbler to a client that has uPNP, now I think I understand why I’m struggling with it less. I’m unsure if my Soulseek is connected and sending data right but this gives me some better ideas of how to find out.

        • BCsven@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 month ago

          Never turn on uPnP for external use, its a way to let hackers manipulate your network. It should never have existed as an option.

          • Aceticon@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            1 month ago

            You should have pretty much everything on your router disabled for access from machines on the external network side of the router.

            The typical example is the web admin interface, which should never be enabled for access from outside, only for access from machines on your internal network. The same applies to all other sorts of control interface, be they human interfaces or machine interfaces.

            For any machines reaching it from the outside network interface the router should look the same as the most basic, dumbest router there is with no way to configure or control it.

            So, yeah, enabling uPnP for external use is asking to be hacked, probably worse even that enabling the web admin interface for external access since the latter usually has username:password authentication, which although pretty crap (most people don’t even know its there and leave it at default and when not it often has character limitations that make it guessable or possible to brute force) it’s still way better than NO AUTHENTICATION WHATSOEVER which is what uPnP has.

            • BCsven@lemmy.ca
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 month ago

              Our ISP ships new routers that are admined from the cloud via a phone app. Its a disaster waiting to happen, so I told them I’m keeping my old outdated modem as a bridge and bought my own router.

              • Aceticon@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                2
                ·
                edit-2
                1 month ago

                Yeah, I do the same thing.

                Curiously, the installer of my ISP - which is one of the smaller ISPs around here - says it’s very common for their clients to just want the ISP’s box to do bridging (or even just act as a Fiber-modem) and use their own router behind it.

                Guess the techies tend to flock to the more obscure ISPs that pretty much just provide “data pipe to the Internet” rather than use the big ISPs which tend to do stuff like push their own TV Boxes and even bundles of Home Internet + TV + Mobile.

                I am very happy with this ISP - cheap, fast, reliable, no bullshit.

                • BCsven@lemmy.ca
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  1 month ago

                  Yeah we had the bundle from a big ISP, home phone, TV, and unlimited internet and 10 email addresses. As kids moved out etc. We dumped home phone, and TV, just internet now as a bridge. I’d move to another provider but I still have 5 people using the email addresses; and for mine I’m slowly moving all my signups and bills over to another email so we can eventually make an easy switch.

    • Arcka@midwest.social
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 month ago

      Does your ISP not give your router a public (even if dynamic) IP? If not, then after your router you’d be double-natted right? Yuck!

      • Aceticon@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 month ago

        My ISP does give my router a public IP.

        However my VPN provider does not give my client machines public IPs and instead gives them internal IPs.

        So from any machine in my home, my normal (via ISP) connection is via my own router (which does NAT for all machines in my home network and which I fully control) which has a public IP address on its external interface (so, no double NAT), whilst a VPN connection is via the VPN provider’s router (as that’s what’s on the other end of the VPN pipe) which also does NAT, but that router I don’t control and the VPN provider I use doesn’t allow Port Forwarding hence all the trickery I described above to make sure I actually seed more than I download.

        Around here ISPs giving internal addresses is not very common unless it’s on a mobile connection.