Opened 6 years ago

Last modified 6 years ago

#4702 new Bug

Port Check server misconfigured

Reported by: Edified Owned by: titer
Priority: Normal Milestone: None Set
Component: Website Version: 2.42
Severity: Normal Keywords:
Cc:

Description

The Transmission port check server has a quirk that can incorrectly identify a port as closed.

The port check server correctly looks for the HTTP proxy header "X-Forwarded-For" but if the proxy server is in a local-link subnet, 192.168.*.* it tries to check the port on that IP and may report it as closed.

X-Forwarded-For can also have multiple values if parent caches are used. The earliest X-Forwarded-For IP in a public range should be used.

The "X-Forwarded-For" should only be used if it falls in a public subnet. Otherwise the normal public IP should be used, which makes the assumption that the WAN IP on the border router will handle port forwarding correctly.

See: https://forum.transmissionbt.com/viewtopic.php?f=2&t=12657

Change History (2)

comment:1 Changed 6 years ago by titer

  • Owner changed from John Clay to titer

comment:2 Changed 6 years ago by maestro

I have found the same problem and have worked around it by configuring my proxy to not send an X-Forwarded-For header.

I understand that this won't be possible for everyone, but if you run your own recent version of Squid proxy (I have 3.1.8) then you can disable X-Forwarded-For headers by including the following line in squid.conf...

forwarded_for transparent

After adding this, Transmission now reports the port as being open.

I have also raised ticket 190776 on the No-IP website to notify them of this issue as their web site canyouseeme.org is showing the same behaviour.

Note that setting "forwarded_for off" will still add the "X-Forwarded-For" header but put "Unknown" as the contents. canyouseeme.org then throws an error saying it cannot resolve "Unknown" to an IP address. :(

Note: See TracTickets for help on using tickets.