Opened 6 years ago

Last modified 5 years ago

#4702 new Bug

Port Check server misconfigured

Reported by: Edified Owned by: titer
Priority: Normal Milestone: None Set
Component: Website Version: 2.42
Severity: Normal Keywords:


The Transmission port check server has a quirk that can incorrectly identify a port as closed.

The port check server correctly looks for the HTTP proxy header "X-Forwarded-For" but if the proxy server is in a local-link subnet, 192.168.*.* it tries to check the port on that IP and may report it as closed.

X-Forwarded-For can also have multiple values if parent caches are used. The earliest X-Forwarded-For IP in a public range should be used.

The "X-Forwarded-For" should only be used if it falls in a public subnet. Otherwise the normal public IP should be used, which makes the assumption that the WAN IP on the border router will handle port forwarding correctly.


Change History (2)

comment:1 Changed 6 years ago by titer

  • Owner changed from John Clay to titer

comment:2 Changed 5 years ago by maestro

I have found the same problem and have worked around it by configuring my proxy to not send an X-Forwarded-For header.

I understand that this won't be possible for everyone, but if you run your own recent version of Squid proxy (I have 3.1.8) then you can disable X-Forwarded-For headers by including the following line in squid.conf...

forwarded_for transparent

After adding this, Transmission now reports the port as being open.

I have also raised ticket 190776 on the No-IP website to notify them of this issue as their web site is showing the same behaviour.

Note that setting "forwarded_for off" will still add the "X-Forwarded-For" header but put "Unknown" as the contents. then throws an error saying it cannot resolve "Unknown" to an IP address. :(

Note: See TracTickets for help on using tickets.