Sup. New user here.
Can someone tell me if I need to open ports or something for torrents to work normally? I downloaded ktorrent and configured it as I have with my other setup on other laptop and it downloads like 50-100kb/s while on the other laptop I immediately get like 7-10mb/s and I never opened any ports on my router before so I doubt it’s the case.
I guess I need to tweak the sys-firewall somehow?
No, you don’t need any network configuration for leeching. All other things being equal, with default settings a qube should download approximately as fast as any other machine on the network.
Maybe other qubes are consuming bandwidth?
Not exactly, if you do not have a port reachable over a public IP, you can’t download from people in the same situation as you. Only from people with a full setup.
Yeah but its more of a seeding setup, and it requires opening ports, while OP have never opened ports on their router.
Or you mean some other weird network interaction due to the qubes network stack being in the way between router’s NAT and the downloading qube?
On a regular system, torrent clients usually try to map using upnp to automatically handle the port forwarding in the router. This does not work on Qubes os because it’s the torrents qubes netvm which will receive the upnp request, and it will just discard it (although it would honor it, it’s just internal to qubes os and would only map the port to the next netvm)
1 Like
Great point!
I guess to mitigate this one should forward torrent port both in qubes using your guide and in their router?
Also, I suppose nothing will have an effect if CGN is present.
So what do I need to do and where so it would make it as natural/easy as with regular linux (to map upnp)?
upnp offers a considerable security risk, and I do not recommend it for
anyone, let alone for use in a security distro like Qubes.
It’s important that you take personal control of your devices. There’s
no simple way round this.
You need to identify the ports used by your software (what are you
using?)
Then you will need to enable port forwarding on your router, and port
forwarding in your Qubes system. The former depends on your router. The
latter is described here
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
1 Like
Can you explain? So the upnp does work in qubes too? what are the risks of this and what kind of control do I need to take(setting port?).
I have never encountered in anything related before and just used my ktorrent as is and it always been downloading great for me, but with qubes I have issues with it.
If you’ve been flying a Cessna 150, and you finally get a place
at TOPGUN, you wouldn’t expect to be able to jump into a F/A-18F, and get
going.
If you’ve been driving a Nissan, you wouldn’t expect to be able to jump
in to a Veyron, and take it for a spin. (You could, but you’d likely end
up in one of those YouTube compilations.)
Qubes is like that. There are some features that are security focussed
that you will have to learn and understand. If you have issues it’s
likely because you’ve come up against one of these features.
But many problems that people have in Qubes are actually not Qubes specific.
The only Qubes specific part is that you have to understand about Qubes
networking and firewall and the
Qubes template system
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
OK, yeah sure, I didn’t think I’d catch everything in one go, obviously. But can I get like at least general, but a 100% sure idea of what I need to do, so I won’t hurt myself in the process? Like do I have to disable upnp completely(I don’t see any client list in it even when I download with my non qubes laptop)? Do I need to port forwarding in my router and sys-net and sys-firewall or is it not necessary ?
TL;DR Port forwarding is not necessary. You don’t have to disable UPnP. Doing so will increase security of your network, but will force you to forward ports manually (if you ever need it).
Main danger of UPnP is that it allows malicious software to set up a server on your network. Such software can use UPnP to forward a port and will be able to listen for external connections.
UPnP is part of NAT configuration, this setting may be found in your router (sometimes the manufacturer doesn’t provide this option).
As @solene have already mentioned, even if your qubes networking stack respects upnp requests, it will not work because (by default) there are two layers of address translation - sys-firewall and sys-net. Thus, if qube sends a upnp request, and sys-firewall respects it, forwarded port will sit behind sys-net NAT anyway.
If you want your torrent to connect with peers behind NATs in order to get more connections you must allow some form of port forwarding - either automatic with UPnP (this might be hard with qubes because you must forward UPnP requests outside of qubes’ network stack / give NIC to a qube) or set it up manually in sys-net, sys-firewall, and your router. Otherwise you will only download from (and seed to) peers that can forward their ports, which sometimes can make your download speed slower or even prevent you from downloading at all.
Another thing to consider is CGN - this is another NAT layer set up by your ISP. If you don’t have static IP and CGN exists, even with locally forwarded port you still may be inaccessible from the internet.
This is my understanding. Hopefully others will point out any errors.