Ports, Proxies and Permissions

[dma0]

Hi there. I'm trying to address two specific nits running deluged and deluge-web on a Ubuntu 14.04 server. The server is behind a Sophos UTM firewall. I've configured a Socks5 proxy on the firewall and deluged through the web client to use it. That part generally seems to work OK. In the web client, under Preferences/Proxy, I've entered in all the relevant information under all categories for Socks5 with Auth. In Preferences/Network, I've unchecked "Use Random Ports" for both inbound and outbound ports and have specified one specific port for both (56681).

The problem I am having is that Intrusion Prevention on the Sophos seems to be picking up and blocking inbound torrent traffic as it thinks it's a UDP flood. I have created an exception rule, but the specific problem with that is that the destination port keeps changing, even though I've specified (as noted above) that deluged should use a fixed port. Here are some example entries from my firewall log:

Code: Select all

2015:10:25-10:33:39 bob ulogd[27288]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="X" dstmac="Y" srcip="A" dstip="B" proto="17" length="1430" tos="0x00" prec="0x00" ttl="53" srcport="33373" dstport="60161"
2015:10:25-10:33:39 bob ulogd[27288]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="X" dstmac="Y" srcip="A" dstip="B" proto="17" length="48" tos="0x00" prec="0x00" ttl="109" srcport="11136" dstport="60161"
2015:10:25-10:33:39 bob ulogd[27288]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="X" dstmac="Y" srcip="A" dstip="B" proto="17" length="48" tos="0x00" prec="0x00" ttl="114" srcport="36262" dstport="60161"
2015:10:25-10:33:39 bob ulogd[27288]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="X" dstmac="Y" srcip="A" dstip="B" proto="17" length="48" tos="0x00" prec="0x00" ttl="116" srcport="36661" dstport="60161"
2015:10:25-10:33:40 bob ulogd[27288]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="X" dstmac="Y" srcip="A" dstip="B" proto="17" length="1430" tos="0x00" prec="0x00" ttl="51" srcport="12459" dstport="60161"
2015:10:25-10:33:40 bob ulogd[27288]: id="2105" severity="info" sys="SecureNet" sub="ips" name="UDP flood detected" action="UDP flood" fwrule="60013" initf="eth1" srcmac="X" dstmac="Y" srcip="A" dstip="B" proto="17" length="48" tos="0x00" prec="0x00" ttl="117" srcport="25282" dstport="60161"

I've redacted out MAC and IP addresses. srcip varies of course, while dstip is my external IP address. dstport seems to be the same for each session - i.e. when I load up a bunch of new torrents, it uses that same port for all those torrents. However, when I load up a new batch, that port seems to change to something different, seemingly random and between 30000 and 60000 ish. In contrast, srcport seems to change constantly, but that doesn't seem to be a problem. I've been dealing with this by changing the exception rule for each session with the new port value, but it's rather a pain. I'd also prefer to keep intrusion protection on (to, well, protect against undesired UDP floods).

Anyway, I was wondering if there is a way to fix the destination port for deluged. I actually thought that the settings noted above would make everything go through 56681 consistently, but apparently it doesn't. Of course, if anyone has any other suggestions on how to address this (short of turning of intrusion protection) I'd certainly be happy to hear them.

Another somewhat unrelated issue is that files downloaded seem to be set to read only for the group, which is a bit of a pain as I need to go in to chmod the permissions on all of them to move, rename, etc. This is a bit odd as my /etc/init/deluged.conf is configured with the default umask of 007. I otherwise basically followed the instructions on this site for configuration plus added something for logging. Here is the deluged.conf I use:

Code: Select all

# deluged - Deluge daemon
#
# The daemon component of Deluge BitTorrent client. Deluge UI clients
# connect to this daemon via DelugeRPC protocol.

description "Deluge daemon"
author "Deluge Team"

start on filesystem and static-network-up
stop on runlevel [016]

respawn
respawn limit 5 30

env uid=deluge
env gid=deluge
env umask=007

exec start-stop-daemon -S -c $uid:$gid -k $umask -x /usr/bin/deluged -- -d -l /var/log/deluge/daemon.log -L warning

When I check files that are downloaded, they are set to r only for the group. However, this doesn't seem to be consistent - sometimes the files are rwx. Any thoughts on what might be going on?

Any thoughts or suggestions would be most appreciated.

[dma0]

Hmmm. All I hear is the quiet, quiet echoes of the chirping crickets. Could this be perhaps that I've not followed the correct protocol in posting this, or have not provided the right information or perhaps have missed a post on these same topics (despite my efforts in searching before posting)?

[Cas]

Both these issues are covered in some form in the forums but from a quick read I can see that you shouldn't be setting outbound to the same as inbound, leave it random and set inbound to a small range. What will happen is that libtorrent will fallback to using any port, if one is in use, which is probably what you are seeing.

Umask falls outwith the domain of the Deluge application so a google search will likely answer your question, good details about it are here: http://askubuntu.com/a/44548/8570

[dma0]

Thanks very much - I do appreciate the suggestions and will of course look into them.

Terribly sorry for asking about something that has already been addressed - did try to search but looks like I came up short.