1

How can I get rTorrent to use a VPN (OpenVPN), but the rest of the applications on my server to use the regular internet-connection? The server runs debian.

iThenrik
  • 11
  • 1
  • 5

1 Answers1

0

Bind listening socket and outgoing connections to this network interface address.

rtorrent -b a.b.c.d

Block all port except port range from 49164 to 49164 (Default port range)

iptables -A INPUT -i "Interface (ex. tun1)" -j DROP
iptables -A OUTPUT -i "Interface (ex. tun1)" -j DROP
iptables -A FORWARD -i "Interface (ex. tun1)" -j DROP

iptables -A INPUT -p tcp --sport 49164:49164 --dport 49164:49164 -i "Interface (ex. tun1)" -j ACCEPT
iptables -A INPUT -p udp --sport 49164:49164 --dport 49164:49164 -i "Interface (ex. tun1)" -j ACCEPT
iptables -A OUTPUT -p tcp --sport 49164:49164 --dport 49164:49164 -i "Interface (ex. tun1)" -j ACCEPT
iptables -A OUTPUT -p udp --sport 49164:49164 --dport 49164:49164 -i "Interface (ex. tun1)" -j ACCEPT

or 

iptables -A INPUT -i "Interface (ex. tun1)" -j ACCEPT
iptables -A OUTPUT -i "Interface (ex. tun1)" -j DROP
iptables -A FORWARD -i "Interface (ex. tun1)" -j DROP

iptables -A OUTPUT -p tcp --sport 49164:49164 --dport 49164:49164 -i "Interface (ex. tun1)" -j ACCEPT
iptables -A OUTPUT -p udp --sport 49164:49164 --dport 49164:49164 -i "Interface (ex. tun1)" -j ACCEPT

or for a specific user

iptables -A INPUT -i "Interface (ex. tun1)" -j ACCEPT
iptables -A OUTPUT -i "Interface (ex. tun1)" -j DROP
iptables -A FORWARD -i "Interface (ex. tun1)" -j DROP

iptables -A OUTPUT -o "Interface (ex. tun1)" -m owner --uid-owner "USER UID (ex. 2021) or USER NAME (ex. ithenrik)" -j REJECT

http://libtorrent.rakshasa.no/rtorrent/rtorrent.1.html
https://wiki.archlinux.org/index.php/RTorrent#Port_configuration

Diblo Dk
  • 719
  • 5
  • 14
  • What about trackers using ports like port 80? – iThenrik Jul 02 '13 at 12:24
  • Yah you can try to see if it works or use `-I INPUT -p udp --sport 80 --dport 80 -i "Interface" -j ACCEPT // -I OUTPUT -p tcp --sport 80 --dport 80 -i "Interface" -j ACCEPT` – Diblo Dk Jul 02 '13 at 12:26
  • But I tried to find a port list for rTorrent – Diblo Dk Jul 02 '13 at 12:32
  • rTorrent runs using a dedicated user, this answers (http://superuser.com/a/354618/235170) suggest using iptables to make all traffic from that user go through the VPN, is this a better solution? – iThenrik Jul 02 '13 at 13:16
  • Yes, you can drop all traffic on you tun/tap and allow all traffic from a specific user. I'm not sure if you will need a graphics dummy to run rTorrent as demon on specific user. I have update my post with a iptables that allow only traffic from a specific user. – Diblo Dk Jul 02 '13 at 15:15
  • Im going to try now, thank you for your help :) – iThenrik Jul 02 '13 at 15:21
  • I can see that I have totally closed your VPN in the first example. This can also be done more easy. I'll show one more example. – Diblo Dk Jul 02 '13 at 15:28
  • You can also remove `--sport 49164:49164` :) – Diblo Dk Jul 02 '13 at 15:30
  • I have a few questions about that last example (specific user), first: I want to try this on my laptop (ubuntu 13.04) first before I do changes to the server. Trying "iptables -I OUTPUT -i "Interface (ex. tun1)" -j DROP" results in the message "Cant use -i with OUTPUT". Whats wrong? – iThenrik Jul 02 '13 at 15:38
  • Second: Lets say i have two users, rtorrent being on the user rtorrent and everyting else on ithenrik, than I should use "rtorrent" as uid-ower, right? – iThenrik Jul 02 '13 at 15:40
  • Sorry my mistake. - You must have patience with me, it's a few years since I last wrote Iptabels rules. But I will make an update. – Diblo Dk Jul 02 '13 at 16:11
  • Yes you need to replace "USER UID (ex. 2021) or USER NAME (ex. ithenrik)" with rtorrent (if this is the user rTorrent is running on). And replace "Interface (ex. tun1)" with your interface name. You will find you interface name in /dev/; ex. /dev/tun1 - Don't use quotes :) – Diblo Dk Jul 02 '13 at 16:14