How to guide port forwarding for emule azureus torrent



  • After struggling with this and finding no info on the net I called juniper to get port forwarding straight and now I am sharing with you.

    my setup is very straight forward and simple, I have a Netscreen 5gt with 3 pcs conected total. my emule and torrent apps are running on 192.168.2.1 and the 5gt is 192.168.2.1. and it is running in trust- untrust mode.

    how to forward ports for emule or bit torrent or azureus;

    login to your netscreen

    go to;

    Objects > Services > Custom

    Click new

    And create custom service and list all ports you will have to use for bit torrent

    Name this; bit torrent

    TCP src port: 1-65535, dst port: 56969-56969
    TCP src port: 1-65535, dst port: 56881-56881
    UDP src port: 1-65535, dst port: 56881-56881
    TCP src port: 1-65535, dst port: 6885-6892
    UDP src port: 1-65535, dst port: 6885-6892

    Hit OK

    then go to network>interface> and then edit untrust

    then VIP > add new vip service

    pick new service

    virtual ip; (your outside ip that is assigned automatically by your ISP, this should be filled in automatically)

    map to service; ( pick the custom service that you just made, bit torrent)

    map to IP; (the box that you are running your service on, mine is 192.168.2.14)

    hit OK

    then go to

    wizards> policy

    pick
    untrust to trust then next

    Destination Address:

    pick VIP(untrust) under address book

    next

    service

    pick the service that you defined in the custom section

    action permit

    next

    enable nat- don’t do anything here just click next

    enable logging check that off and Enable count of traffic passed via the policy (this is so you can check to see the traffic- turn this off after you are happy with everything and it is all working)

    next

    Authentication Options

    click none

    next

    Schedule:

    none

    next

    finish
    –-----------

    This step you must do- everyone forgets this step, forwarding will not work otherwise!!!

    then you have to telnet into the netscreen

    in windows go to start> run> then type in; CMD

    black box will open and then type; telnet

    then enter

    then; open 192.168.2.1

    (the 192.168.2.1 is the address of my 5gt)

    then enter in the user name and password

    and then type this command;

    set vip multi-port

    then it will return you to;

    ns5gt->

    then type;

    reset

    then type;

    y

    and again;

    y

    In reset …

    close the black box.

    and you are good to go, in a couple of minutes! It will take 3-5 minutes for everything to start working. Fire up the apps and then log in to the 5gt and go reports> policies> and click on the grid thing to see the traffic. If this is not working after 10-15 mins try the telnet commands again and if still not working update firmware and clear all policies, VIP’s, and custom services.



  • Thanks



  • I had a problem with this, then i unchecked the “Server Auto Detection” box. Then it worked just fine….thanx for good and useful info!



  • " virtual ip; (your outside ip that is assigned automatically by your ISP, this should be filled in automatically) "

    How about in ns208 where there is no option like this ?



  • Thank your for the great description, we tried to set up a port forward for a VNC session on 5900, no problems so far.

    Our ISP uses dynamic IP adresses (as usual in germany) - when I’m setting the service, the netscreen uses a “current” IP address, can anyone tell if this still works, when the untrust IP adress changes ?

    thanks,

    Matthias



  • Hello,

    I tried to do something similar, but with the following as custom service:

    TCP src port: 1-65535, dst port: 1100-65535
    UDP src port: 1-65535, dst port: 1100-65535

    The problem is that when I add the service to the VIP in the untrust, I am getting a message "Insufficient virtual ports on pool - [(128872) needed, (64) available] !"
    Of course, if i choose as destination under 64 ports, all goes well, but I need it as it is.

    Can anybody please help?

    Thank you,
    Liviu



  • Figured it out. The problem was with my lab setup…

    PC1  <----------------------> hub <—> PC2
      ^                                      ^
      |                                        |
      --> (Trust) 5GT (Untrust)<----

    Both PCs are running XP.  PC1 has 2 NICs, one on the Trusted, the other on the Untrusted side. It is also the remote host. With both NICs active on PC1, and PC2 trying to remote into the Trusted -side NIC of PC1, the PC1 host sees the SYN ACK packets coming in but doesn’t respond.

    However, when the Untrusted NIC of PC1 is disabled, PC2 can remote into PC1’s Trusted-side NIC through the 5GT perfectly!



  • I’ve been struggling with this for too long myself, and though your instructions are the most thorough I’ve seen, it’s not working out for me.

    I’m trying to do Windows Remote Desktop over port 24… was trying to use 22, but netscreens don’t like to do port forwarding on ports they potentially do remote admin on.

    Anyway, the RD host is configured for port 24 and has been rebooted.

    remote client = 192.168.2.123
    remote host = 192.168.1.120

    5gt untrust = 192.168.2.127 ; Route
    5gt trust = 192.168.1.1 ; NAT

    My Netscreen steps are close to the same as given before…

    Objects > Services > Custom

    Click new

    Name this; Remote Desktop

    TCP src port: 1 | 65535, dst port: 24 | 24

    Hit OK

    then go to network>interface> and then edit untrust

    then VIP > add new vip service

    pick new service

    virtual ip; (your outside ip that is assigned automatically by your ISP, this should be filled in automatically)

    map to service; ( pick Remote Desktop)

    map to IP; (the box that you are running your service on, mine is 192.168.1.120)

    hit OK

    then go to

    wizards> policy

    pick untrust to trust then next

    Destination Address:

    pick VIP(untrust) under address book

    next

    service

    pick the service that you defined in the custom section

    action permit

    next

    enable nat- don’t do anything here just click next

    enable logging check that off and Enable count of traffic passed via the policy (this is so you can check to see the traffic- turn this off after you are happy with everything and it is all working)

    next

    Authentication Options

    click none

    next

    Schedule:

    none

    next

    finish

    This step you must do- everyone forgets this step, forwarding will not work otherwise!!!

    then you have to console into the netscreen with hyperterminal

    then enter in the user name and password

    and then type this command;

    set vip multi-port

    then it will return you to;

    ns5gt->

    then type;

    reset

    then type;

    y

    and again;

    y

    All goes well but when I try to use RD from the client to the host, it cannot connect.

    This is basically what wireshark says about it:

    source 192.168.2.123 dest 192.168.2.127 TCP port 4652 > 24 [SYN] seq=0 len=0 mss=1460

    source 192.168.2.123 dest 192.168.2.127 TCP port 4652 > 24 [SYN] seq=0 len=0 mss=1460

    source 192.168.2.123 dest 192.168.2.127 TCP port 4652 > 24 [SYN] seq=0 len=0 mss=1460

    …… and that’s it.

    5gt’s logs: Reports > Policies

    ID Source Destination Service Action
    4 Untrust/Any Global/VIP(untrust) Remote Desktop Permit

    2008-03-18 19:25:07 192.168.2.123:4652 192.168.2.127:24 192.168.2.123:4652 192.168.1.120:24 TCP PORT 24 21 sec. 198 0 Close - AGE OUT

    2008-03-18 19:24:01 192.168.2.123:4651 192.168.2.127:24 192.168.2.123:4651 192.168.1.120:24 TCP PORT 24 20 sec. 198 0 Close - AGE OUT

    2008-03-18 19:22:51 192.168.2.123:4650 192.168.2.127:24 192.168.2.123:4650 192.168.1.120:24 TCP PORT 24 22 sec. 198 0 Close - AGE OUT

    The only other policy ID is #1, and it’s permit any any

    I can successfully RD from a local machine at 192.168.1.121 into 192.168.1.120:24!!

    What am I doing wrong please?  =/



  • Thanks so much for this How To, it got me up and rolling with Azureus on my SSG5 in no time.  That telnet trick, I can see how people overlook that part since so much of the work is done on the web UI.

    Mods: May I request that this be moved into the Knowledgebase?  While there aren’t many of us who use the SSG for home and generally spend our time at work trying to prevent it from working this was still invaluable.



  • Thanks for that!  😄


 

36
Online

38.4k
Users

12.7k
Topics

44.5k
Posts