Tweaking your system to get the most out of BitTorrent


Far too many people new to BitTorrent just install the client and expect everything to magically work. Then they connect to a torrent that has a ton of seeds, they get a horrible download rate and a high upload rate, and they think BitTorrent sucks. What they don't know is that their problems are almost certainly due to misconfiguration of their systems and a lack of understanding of how BitTorrent (and other p2p sharing) works. The purpose of this document is to educate you, the reader, and hopefully help you tweak your system to get the most out of BitTorrent.

How BitTorrent Works (and most other P2P sharing networks, too)

Basic Networking: IP Addresses and Port Numbers

I'm going to give a rudimentary explanation of networking as I go through this, in an attempt to make sure I don't go over anyone's head. Feel free to skip this section if you already know this stuff.

When your computer connects to the Internet (whether via dialup, DSL, cable modem, or whatever), it has to have a unique identifier associate with it, so that all of the other computers on the Internet can talk to it. (Kindof like a driver's license number, or a Social Security number, or even a telephone number.) This identifier is called an IP address. Since computers work best with numbers, an IP address is actually just a really big number. When your computer wants to download something like a file or a web page (or upload, for that matter) it figures out what the IP address is for the computer you are talking to, and it tells the computers around it that it wants to talk to the target computer. Kindof like the old game of telephone, the message eventually gets to the target computer and it talks back to your computer in the same manner.

Since computers can talk to many different computers at once, and can talk about a variety of different things (web pages, file sharing, video downloading, real time audio, etc.), they have to have a way of differentiating which conversations are about what. Again with the numbers, computers on the Internet group all related things by giving them the same port number. For example, web pages tend to be on port 80, secure web pages are on port 443, programs from companies for download (like shareware) tend to be on 21, and so on. It is the combination of the IP address and the port number that makes the conversation between two computers happen.

Basic Filesharing: Client-Server and P2P

Again, skip ahead if you know this part. I won't be offended.

A few years ago the Internet was pretty easily divided into two groups: servers and clients. (Just like at a restaurant.) There weren't that many servers, but their primary job was to hold web pages and files to be downloaded. They didn't do much other than sit there and wait for people like you to request a web page or file. You, as the client, probably didn't share any files or web pages with anyone. This segregation was primarily due to the fact that it takes a lot of outgoing bandwidth to share stuff. In a time before broadband DSL and cable modems, back in the days of dialup, most people didn't have the bandwidth, let alone the knowhow to share stuff on their own. This old system was called client-server, appropriately enough, and it is still used today for the vast majority of stuff on the Internet, including web pages.

With the advent of broadband technologies such as DSL and cable modems, the everyday user like yourself suddenly has a big chunk of bandwidth, not only for download, but also upload. Sharing files directly from your computer (without first sending them to a server) is now a reality. This is where p2p comes in. The acronym p2p stands for peer-to-peer, which basically means client to client. That is, you download files from people like you instead of from big servers, and in turn they download files from you. You share your files, your friends share their files, and everyone talks directly to each other.

Basic P2P

We'll use three people to demonstrate the concepts here: Alice, Bob, and Charlie. For all of the examples, we assume that Alice is a total newbie and has just installed her first p2p software, has nothing to share, and is looking to download something. Bob is sharing a few things, but is also looking for more stuff to download. Charlie is sharing a bunch of stuff but doesn't spend much of his time looking for new stuff to download.

For pretty much all p2p systems most people follow these basic steps:

  1. Search for something
  2. Get a list of everyone who is sharing what they want
  3. Go through the list and ask each person on it if they will please send the file
  4. Once the file is complete, start sharing it with other people in the system

So, Alice searches for Matrix Reloaded, finds out that both Charlie and Bob have it, and asks both of them to please send her the file. If they aren't too busy helping other people, hopefully they'll be able to help her out. Once she has the file, she starts sharing it as well, so that other people can get it.

BitTorrent follows this progression closely, with a few differences. In many systems (such as Napster, KaZaA, or eDonkey) searching for a file is built right into the program. BitTorrent isn't meant to be a full-blown network like they are, and so it doesn't have this feature built-in. You have to find the torrents yourself, probably with Google or some other popular search engine. The other difference is in the way sharing works.

Basic BitTorrent Sharing

The problem with most P2P networks is that many people just don't like to share. They open up their program, download their files, then close the program before they can help anyone else. It's called leeching. Behavioral judgements aside, if everyone did this then nothing would ever get shared! To combat this, BitTorrent has gone back to the way of sharing you were probably taught as a young child: trading. Instead of waiting for the complete file to download before it starts to share, BitTorrent downloads the file in small pieces and shares each piece as it finishes. This makes it easier to get the file from many different people at once, thereby increasing the probably that you'll get a good download speed. It also means that downloading a file is more reliable than in some other networks. If Charlie has half of a file and Bob has the other half, Alice can get each half and put them together to get the whole file. Spiff, eh?

But this piecewise downloading doesn't necessarily combat the leech problem. As a backup plan, BitTorrent built in the other half of trading you probably learned as a kid: tit-for-tat. That is, if you give me one piece, I'll give you one piece back. BitTorrent will give you a few pieces of the file for free to help you get started, but after that you need to start giving some pieces back if you want to keep downloading. If you don't share, eventually everyone else will stop talking to you. Just like when you were a kid with your toys on the playground. In fact, BitTorrent goes one step futher and actually starts to favor the people who share the most. This means that the more you upload, the faster you'll download.

For example, Alice gets a few pieces of a file from Bob for free. She can then give those pieces to Charlie, if he doesn't already have them, which will motivate Charlie to return the favor and give her a bunch of pieces that she doesn't have. She then goes back to Bob with those pieces, and the cycle continues and grows. Why don't Bob and Charlie talk directly? Maybe they do but they haven't gotten to those pieces yet. Or maybe their systems aren't configured right and they can't talk directly to each other.

How does all this start? With BitTorrent, it starts with a tracker. Like the name suggests, a tracker keeps track of people who are interested in torrents. When you download a .torrent file it contains a link to a tracker as well as an identifier (hash) which is unique to that specific torrent. Your BitTorrent client then connects to the tracker and asks for a list of all people interested in that torrent. At the same time, the tracker adds you to that list so that other people know that you are interested. Your BitTorrent client will also periodically asks the tracker for an updated list. That's all a tracker does: keep track of that list for each torrent, and give it out to people who are interested. The tracker does not know anything else about the torrent, nor does it send you the file. It just shows you where to go to get the file. (Like an Information Booth at a mall.)


This is where things get hairy. In all likelihood, you may be behind a firewall. Many people are. A firewall is like a personal bodyguard for the Internet. You talk to your firewall, and your firewall talks to the Internet for you. That way, you don't have to talk to the Internet directly, and any bad people on the Internet can't bug you. By their very nature, firewalls are paranoid and untrusting things. For the most part, a firewall won't let anyone talk to your computer unless you tell it to let them, and telling it to let them is tricky. Since most firewalls assume that if you talk to another computer then that computer is allowed to talk back to you, many P2P networks will try both methods.

Let's assume that both Bob and Charlie are behind firewalls, while Alice is not. Alice cannot start a private conversation with either of them, as she can't get past their firewalls. Both Charlie and Bob can easily start a conversation with Alice. However, Bob and Charlie can't talk to each other because they are both behind firewalls and neither can start the conversation. Like so:

NAT and Port Forwarding

But wait, it gets worse! In addition to being behind a firewall, your firewall probably performs something called Network Address Translation, or NAT for short. (Some geeks also call it masq, but the rest of the world calls it NAT.) Remember how having your IP address is the key to other computers talking to you? An extra layer of paranoia and security is to have your firewall give you a fake IP address so that even if they wanted to people couldn't talk directly to you. Like having a phone number that starts with 555-. You start a conversation with someone else, your firewall intercepts it and actually starts the conversation for you, and the computer on the other end talks with your firewall as if it were you. In fact, the computer probably can't tell the difference between you and your firewall. The problem is that your computer probably only knows about this fake IP address, so when it talks to the tracker and tells the tracker to add it to the list, it gives the tracker the wrong IP address. When the tracker gives out that fake IP address to someone else and they try to connect to you to give you some of the file you want, they can't find you because your IP address is bogus. So instead of giving out your fake IP address to the rest of the world, you need to give them an IP address that they can actually talk to: the IP address for your firewall.

One more hurdle to go. Remember how firewalls don't normally let other people start talking to you without you talking to them first? Even if you give out your firewall's IP address to everyone else, when they try to start a conversation with your firewall it will just ignore them, as it doesn't know what they want and it doesn't trust anyone. Logically then, you need to explain to your firewall that in some instances it is okay for people to start conversations with you. This is where those port numbers come back in. The port number that the other computers use to describe the conversation they are starting will let the firewall know what they are talking about. The firewall can then check and see if that port number matches something you want people to come directly to you for, and it will let them start talking to you. Since your firewall is forwarding on the conversation to you, this is called port forwarding.

Once you get the bogus IP address issue and the port forwarding straightened out, people will be able to talk to you. Let's say that Charlie, being such a hip and knowledgeable guy, has this all set up. Bob, on the other hand, hasn't figured it out yet and is still setup incorrectly. This means that now Alice and Bob can start talking directly to Charlie, but neither Alice nor Charlie can start conversations with Bob. Like so:

But what does it all mean?!?!?!?

Look at the diagram above. Remember how BitTorrent requires you to trade pieces in order to get good download speeds? If Alice and Charlie can't upload pieces to Bob, Bob will eventually start ignoring them. When that happens, Bob loses out because they'll start ignoring him back. Everybody loses. Since Alice and Charlie can converse freely, they are going to probably get good download rates from each other. In other words, the more people that can talk to you, the better your speeds are going to be. Configuring your firewall and BitTorrent client correctly is therefore essential for getting good download speeds!

Firewall Configuration

Forward the BitTorrent Ports To Your Computer

Most hardware firewalls (such as firewall routers) have the capability for port forwarding. If you are running a software firewall (such a ZoneAlarm or BlackIce), then portforwarding is probably called something else, like "Application Internet Permissions" or somesuch. The BitTorrent client will normally use ports 6881 to 6889, so when you are adding the ports to your firewall, make sure you cover the whole block. Many newer BitTorrent clients have larger or changeable port ranges, so check with the instructions for your client software first. For most of these instructions you will need to know what your computer's IP address is. Under Windows NT, 200, and XP, go to Start >> Run >> type cmd and click OK >> at the prompt type ipconfig and press Enter. Under Windows 95, 98, or Me, go to Start >> Run >> type winipcfg and press Enter.

Linksys Firewall Router

Access your Linksys Firewall Router's web admin page, according to the instructions in the manual for your router. You will probably need to enter a password. At the top of the web page there is a series of navigational links, and you want the one that says "Advanced". From there, move on to "Forwarding". Find an empty row in the form on that page, and fill in the name ("BitTorrent"), the port range (6881 to 6889), check the TCP box, and set the IP address to the one that your computer is. Check the Enable box then click the Apply button to save the changes.

Netgear RT 314 (and possibly other models)

From Pezko Stenmark:

Access the web administration interface. Then click Advanced in the menu to the left, then click Ports. Use an empty row (everything is zero) and enter in the first column ("Start Port") 6881, in the second column, enter 6889, and the last one, enter the IP address for the computer running BitTorrent. Click the Apply button, and you're done

Netgear RP114

From Adam Johnston:

  1. Under Windows NT, 200, and XP, go to Start >> Run >> type cmd and click OK >> at the prompt type ipconfig and press Enter. Under Windows 95, 98, or Me, go to Start >> Run >> type winipcfg and press Enter.
  2. 'IP Address' is the address of your PC, 'Default Gateway' is the IP address of the router
  3. In Internet Explorer (or another browser) type the IP address of the router into the address bar.
  4. Enter in your name and password. (Defaults are 'Admin' and '1234')
  5. Go to 'Advanced' >> 'Ports'
  6. In the "Start Port" and "End Port" fields enter the port range (6881 to 6889), and in the "Server IP Address field" enter in the IP address of your PC. Apply.

USR Broadband Router

From Andy Haninger:

On the USR router, it's an option in the web-based config tool. The option is called "Virtual Server" and you enter the port and the IP of the virtual server for it to forward. (The computer running BitTorrent.)

Linux IPTables

From SDE:

iptables -t nat -I PREROUTING -p tcp --dport 6881:6889 -j DNAT --to-destination <host>
... where <host> is the private or internal IP actually running the BT client.

Shorewall for Linux

From Mike808:

For systems that are using masquerading (NAT) and have something like the following:

In /etc/shorewall/masq:

# All outgoing traffic from 192.168.1.X going out the eth0 interface
# will be NATed/masqueraded to appear to be originating from your external
# internet address A.B.C.D (i.e. SNAT outgoing packets)
eth0 A.B.C.D

And in /etc/shorewall/rules:

# Allow net zone traffic on the external interface to be destination NATed (DNAT)
# to your computer's internal IP address (for example, 192.168.1.X)
# Allow BitTorrent traffic through - port 6969 is if you run a tracker
# And ports 6881 through 6889 are for incoming BitTorrent connections.
DNAT net loc:192.168.1.X tcp 6969
DNAT net loc:192.168.1.X tcp 6881:6889

Linux ipmasqadm

From Andy Haninger:

ipmasqadm portfw -f (flushes all other rules.. optional)
ipmasqadm portfw -a -P tcp -L [firewall IP] 6881 -R [client IP] 6881

Other Firewalls

I'll try to add new firewall configuration instructions here as I go. If you have a firewall and can type up clear instructions that you think will help others, please email them to me at the address provided in the Version Information section of this page.

BitTorrent Client Configuration

Setting Your External IP Address Correctly

This is actually pretty tricky. Every time you disconnect and reconnect to the Internet, you have a good chance of getting a different IP address. If you are a dialup modem user, it's pretty much a guarantee. Broadband cable and DSL users get new addresses somewhat infrequently, since they are always online. (You probably only get a new one when your service provider is doing network maintenance.) If you are behind a firewall, it probably handles all that for you without you having to worry about it. However, if you are going to set your BitTorrent client up to tell the tracker the correct IP address, you need to know what it is. The easiest way is to go to a web site which will tell you, and a search for "check IP address" will probably turn up a few (,,, The official BitTorrent clients all support a commandline option to tell them what your IP address is (--ip so just substitute in your IP address and you are good to go. If you start getting weird errors from the tracker, or you can't seem to download anything, your IP address may have changed and you may need to update the BitTorrent commandline options. Yes, it sucks to have to do this manually, but it really does help. Your BitTorrent commandline will then probably look something like this:

"c:\program files\bittorrent\btdownloadgui.exe" --ip --responsefile "%1"

This step may be unnecessary, depending on how smart the tracker you are talking to is. You should try the port forwarding instructions in the previous section first, and then do this if it doesn't seem to work.


The BitTorrent client that runs Deliver8r's Alias site has been set to only send data to people that it can connect directly to. People who are incorrectly configured (behind a firewall without port forwarding) can still join the swarm and download from other clients, but since the primary seeding client won't talk to them they are at a serious disadvantage. If a torrent is out of seeds and they can't talk to the primary seeding client, odds are they will never get the file they want. Hopefully, this document has helped anyone suffering from this problem to resolve their issues by correctly configuring their system. This probably wasn't the first site to go to such a system, and it probably won't be the last. Configure your system correctly now and save yourself future headaches.

Further Reading

Version Information

2003-05-21 -- <knowbuddy at rixsoft dot com>
First version.