1 |
Am Dienstag 12 Juni 2007 16:44 schrieb Albert Hopkins: |
2 |
> On Tue, 2007-06-12 at 16:27 +0200, Florian Philipp wrote: |
3 |
> > > Have you tried running netstat? |
4 |
> > |
5 |
> > netstat |
6 |
> > Active Internet connections (w/o servers) |
7 |
> > Proto Recv-Q Send-Q Local Address Foreign Address State |
8 |
> > tcp 0 1 HOMER_GENTOO64.PHHE:ftp 212-87-13-68.sds.:40202 |
9 |
> > FIN_WAIT1 |
10 |
> > |
11 |
> > Active UNIX domain sockets (w/o servers) |
12 |
> > Proto RefCnt Flags Type State I-Node Path |
13 |
> > unix 2 [ ] DGRAM 975 |
14 |
> > @/org/kernel/udev/udevd |
15 |
> > [...] |
16 |
> > nothing interesting except the first line. |
17 |
> |
18 |
> So you see no SYN requests to your server on port 21 |
19 |
> |
20 |
> > > Have you ensured rtorrent is |
21 |
> > > listning on TCP 21 (in Linux you usually have to be running as root to |
22 |
> > > do this) |
23 |
> > |
24 |
> > Yes. It runs as root (not that I would like it, maybe I should chroot |
25 |
> > it...) and port 21 is rtorrent's only chance to download. So, it works. |
26 |
> |
27 |
> Chrooting is not going to get around needding root access to listen on |
28 |
> port 21. Plus don't you still need to be root to chroot? |
29 |
|
30 |
Yes, but rtorrent would be jailed in that chroot, wouldn't it? Therefore it |
31 |
could break nothing but it self if it goes crazy. |
32 |
|
33 |
> > You mean stuff like iptables? No. |
34 |
> |
35 |
> This is my theory but I haven't verified it. Bittorrent clients are |
36 |
> programmed to listen/connect to a range of ports by default (I think it |
37 |
> starts at 6882). Your client is connecting and saying "connect to me on |
38 |
> port 21". The other clients see this but it's not in their IP range so |
39 |
> they refuse to connect to you. You might be able to tell your client to |
40 |
> listen on tcp/21 but that doesn't mean everyone else has told their |
41 |
> clients to connect. |
42 |
> |
43 |
> But if you are sure this *has* worked then that would make my theory |
44 |
> incorrect. Like I said I've never verified it, but that seems like the |
45 |
> likely scenario. |
46 |
> |
47 |
> The other scenario is if you're not even seeing SYN requests is that |
48 |
> requests are being blocked to your computer from that port, possibly by |
49 |
> your ISP. But again if this were the case then it should also be the |
50 |
> case for Windows, Knoppix, etc. |
51 |
> |
52 |
> Can you verify your claim (i.e. go into knoppix or whatever, run |
53 |
> rtorrent on tcp/21 and verify via netstat that clients are connecting to |
54 |
> you on that port)? |
55 |
> |
56 |
|
57 |
I'll verify it as soon as I can reboot again (I'm currently emerging a lot of |
58 |
stuff in three chroots - what a headache...). Maybe my ISP changed his |
59 |
policies in the last few months ... |