a stupid naive question

whoareu@lemmy.ca to Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ@lemmy.dbzer0.com – 46 points –

Hello,

I am using qbittorrent for torrenting and my ISP has refused to open up firewall because of fucking "security" reasons. however I can still seed the torrent how is that possible? I mean all the incoming connections should be blocked right? isn't it how firewall works?

31

VPN with port forwarding should work. No way your ISP can block that

Except that no good VPN does this anymore (I believe Mullvad was one of the last to pull the service and cited massive headaches due to CP violations). So if you find one that does, it's most likely pretty sketch or just not that secure.

PIA works for me a long time now. It's cheap and faster than my Internet connection so it ticks all the boxes for me.

Stop using your ISPs router and they're not going to have much control over it.

no they have firewall enabled on their side so even if I use my own router it won't do much.

That sounds weird and super invasive...where is this?

They're probably just using CGNAT.

That's not a firewall though, which is what OP mentions.

Does OP really know exactly what technology at his ISP is preventing him from "opening ports"?

Maybe not, but you and I definitely dont, so let's stick to what they're actually saying instead of guessing.

You commented that it's "super weird and invasive" for an ISP to "firewall" listening ports. It just so happens that CGNAT also has the same effect and is super commonly used right now.

I think I'm good 👍

Yes I know what's preventing me from opening ports. I also called my ISP they said we can't open the firewall so the incoming connections will be blocked.

It's definitely not CGNAT. I have tested it using traceroute.

Ipv4 shortage lead to a lot of IPS adopting CG-NATs where they are sharing one exit IPv4 for multiple end users and that's why opening a port on the end user side won't do a thing as your just opening a port in the ISP Network and not to the Internet

Who says the ISP isn't blocking ports via a firewall?

I thought it was common practice for ISPs to block certain ports for residential connections?

They will usually block port 25 so you can't run a mail server. It's unusual for an ISP to block everything unless you are on CGNAT.

however I can still seed the torrent how is that possible?

Yes you can still seed as well as download. But you are limited and can only upload and download torrent data in swarms that contain peers that are themselves fully connectable (port forwarded).

So say you join a torrent swarm that only contains peers just like you (firewalled, no ports forwarded) then no one will transfer any torrent data with each other. Everyone is stuck waiting for a fully connectable (port forwarded) peer to join that swarm.

If the firewall just means no incoming connections, your computer can still reach out to the other side (if they open their port)

Right, only one side of the connection needs an open port (and most clients will let that be either seed or leech side)... this is why having an open port on your end is useful if you're downloading, since you can download from seeders that don't have an open port.

BT protocol works thru both parties. You have seeders and leachers (called peers). Both need to make a connection but how that connection is initiated and opened is important. If a peer initiates the connection and has their ports open, you're good, regardless of your own setup.

Unfortunately not every seeder does this (for various reasons). And that's when having your ports open makes a world of difference. Because if the peer also has their ports blocked, you will never get a successful handshake between the two of you.

On torrents that have hundreds of peers, you're likely fine; they'll be plenty that can initiate the transfer for you. But when you get obscure torrents with only a handful of peers, you're likely fucked. I'm over simplifying for the sake of discussion.

It sounds like everything is working, so… whats the issue?