2

How come bittorrent clients manage to communicate to servers and other peers even if the user has not configured port forwarding on their routers?

Of course the speed will be reduced compared to when port forwarding is done, but still they manage to communicate? How???

Are there any inbound ports which are always open?

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
Microkernel
  • 121
  • 1
  • 3

2 Answers2

4

Inbound connections are accomplished by a third peer.

Say peer A wants to connect to peer F which is behind a firewall. Then peer A instructs peer B which is already connected to F that it wants to connect to F. F then gets the message and connects instead to A. I do not know the interna of the BT protocol, but B could be e.g. the tracker as it is well-known to both peers. For this scenario to work, A must accept incoming connections. AFAIK in Gnutella, F's ultrapeer played the role of B. This scenario generally works for TCP.

For UDP connections, check also UDP hole punching.

  • Thanks Damg... Yeah what you said really makes sense, but I am still struggling to understand the part where F connects to A... How F manages to connect to A from outside if A doesn't have port forwarding... And thanks for the answer :) –  Oct 19 '10 at 07:51
  • It is impossible to connect two firewalled nodes in case of TCP connections as both firewalls will not let incoming connections through to the desired node. There is UPnP which allows you to instruct the firewall to open/forward a port. Some applications do utilize the protocol successfully. If both hosts are firewalled and there is no possibility to instruct them to open the ports, you have two possibilities: non-firewalled third node to which both firewalled ones will connect and the third one will proxy the traffic or a change to UDP with hole punching which works in a lot of cases. –  Oct 19 '10 at 08:31
  • to connect A to F: let's say A wants to download a file from F, but F is firewalled. But A has the possibility to find out that F is already connected to B (a central directory or something similar). Then A looks up B and sends to it "hello, I am A (1.2.3.4:2888) and I want to communicate with F". B already has a connection to F and sends to it: "hello, here is 1.2.3.4:2888 and it wants to communicate with you". Then F connects to 1.2.3.4:2888 and tells: "hello, I am F, how can I serve you?". This process is called "pushing". –  Oct 19 '10 at 08:38
1

If a client has no port open (in the language of most small residental routers), that only blocks incoming connections.

A machine behind that router can still initiate connections with others. Once it does, the router remembers that and allows two-way communication. NAT, the function that lets you have more than one machine share a single public IP, has to do this to work.

So communication is possible with no open ports on your router, it's just your computer has to initiate it; an external machine cannot initiate connection with any computer behind that router unless you open a port, and connect a port to a specific IP behind your router.

I'm not too keen on the low-level details of the bittorrent protocol, but I think it or some revision thereof allows machines to receive data by initiating connections with others somehow, rather than just listening on an open port and waiting for an external machine to start a connection.

LawrenceC
  • 1,192
  • 6
  • 14