Deluge
I have the deluge daemon running on a Linux VM, and a VPN connection from that VM to a VPN server elsewhere to hide my IP. The default route from my VM goes via the VPN, and all my torrent traffic goes via the VPN. I can download torrents, and usually upload some data too. So far, so good.
However I also want to be able to seed torrents well, and I understand I need to open ports for incoming connections to be possible. To this end, I've configured Incoming Ports to 16881 (just the one port) in deluge. On my VPN server, I've opened port 16881 (both UDP and TCP, wasn't sure which is needed). And I've started an SSH tunnel from my VPN server to the client (= deluge server) for that port, although I guess that's only for TCP. With that in place, a port scan from outside says that the port is open.
However, my deluge server isn't doing much seeding. My tracker site says that I'm connectable, but I'm not convinced that it really is. For any given torrent, I'll see peers listed, but they very rarely connect and my uploads are only in the kilobyte range.
How can I test if deluge really is connectable?
Is my understanding of what I need to do to open ports correct, and is it okay to use an SSH tunnel for that? I also tried to forward the ports from the VPN server, but had trouble getting that to work.
ports and VPNs
Re: ports and VPNs
ok, I've identified and fixed one problem - openvpn MTUs were causing some packets to be dropped. Using SSH to test the port forwarding I noticed that the key exchange was hanging. Reducing the MTU from 1500 to 1200 fixed that, so I've now configured openvpn to use a small MTU (options mssfix and fragment).
Also, I've removed the SSH tunnel, and got DNAT port forwarding configured.
# iptables-save | grep DNAT
-A PREROUTING -i eth0 -p tcp -m tcp --dport 16881 -j DNAT --to-destination 10.86.54.6:16881
-A PREROUTING -i eth0 -p tcp -m tcp --dport 16882 -j DNAT --to-destination 10.86.54.6:16882
-A PREROUTING -i eth0 -p tcp -m tcp --dport 16883 -j DNAT --to-destination 10.86.54.6:16883
...
This is already looking better - I'm seeing more peers connecting and getting data.
Also, I've removed the SSH tunnel, and got DNAT port forwarding configured.
# iptables-save | grep DNAT
-A PREROUTING -i eth0 -p tcp -m tcp --dport 16881 -j DNAT --to-destination 10.86.54.6:16881
-A PREROUTING -i eth0 -p tcp -m tcp --dport 16882 -j DNAT --to-destination 10.86.54.6:16882
-A PREROUTING -i eth0 -p tcp -m tcp --dport 16883 -j DNAT --to-destination 10.86.54.6:16883
...
This is already looking better - I'm seeing more peers connecting and getting data.