pfSense Gold Subscription

Author Topic: Port forward for torrents not working on dual wan setup  (Read 6515 times)

0 Members and 2 Guests are viewing this topic.

Offline leimrod

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Port forward for torrents not working on dual wan setup
« on: March 06, 2007, 11:30:41 am »
Ok i'm trying to set one line on my dual wan setup to handle all torrent downloads, but for some reason its not working.

I've attached a picture of the NAT rule that i've set up for this port.

What i've done is set up a port forward rule in my ISP's router that forwards port 18739 to 192.168.1.222 which is the IP of my WAN connection. I've then setup a port forward rule in pfSense to the IP of my PC which is 192.165.0.30 which can be seen from the screenshot attached. Thing is whenever I try to download a torrent and check the port is forwarded at this link: http://www.utorrent.com/testport.php?port=18739 it tells me it is not open, it also changes between the different gateway IP for my 2 connections when I refresh the page, so it isn't being set to only 1 WAN connection as well.

But heres the really weird part. If I download 2 torrents in utorrent (I tested with some highly seeeded Linux torrents) both my WAN connections get maxed out, my download speed is doubled? (the 2nd screenshot I posted is of the RRD graph of the 2 connections) even though the port is not forwarded and I was told torrents don't really work for load balancing because the IP keeps changing?

Any advice on what settings I need to implement, either on my routers end or in pfSense would be greatly appreciated. Also a possible explanation as to why load balancing is working for torrent downloads and why it is not being affected by the port being forwarded would also be appreciated.

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Port forward for torrents not working on dual wan setup
« Reply #1 on: March 06, 2007, 01:43:23 pm »
Yout bittorrent clients does connections from inside to outside. You need to catch this traffic by a rule at firewall>rule, lan and assign it to the correct gateway (policybased routing). The portforward only works for incoming connections but if your bt client tells the other peers that it can be seen by different IPs (hopping between the IPs) it's normal that traffic runs on both Links. See http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing for more details on how it works.

Offline leimrod

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: Port forward for torrents not working on dual wan setup
« Reply #2 on: March 07, 2007, 03:59:52 am »
How do I set up my router though? Would it work if I turned off the firewall on my routers and opened all ports? Therefore only pfSense would be able to control access to ports?

Offline leimrod

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: Port forward for torrents not working on dual wan setup
« Reply #3 on: March 07, 2007, 04:26:00 am »
This is getting really frustrating now, opening ports should be the easy part of setting up a Load balancer. No matter what I do though I can't seem to open the port 18739

I've set up a rule in Firewall>Rules>LAN as per the screenshot below, i've also attached a screenshot of the complete settings i'm implementing. Maybe somebody could point me in the right direction of what i'm doing wrong.

When this rule is enabled and I check to see if the port is forwarded at http://www.utorrent.com/testport.php?port=18739 the connection is still jumping between the 2 IP's for my 2 WAN connections, so the policy based routing of this port isn't going through for some reason.


Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Port forward for torrents not working on dual wan setup
« Reply #4 on: March 07, 2007, 10:26:16 am »
Like in the other thread some misunderstanding here:

You need to add a portforward AND a firewallrule. The way you did it here allows the traffic in but doesn't forward it to the client at LAN. I suggest the following procedure:

- delete the rule you created (we'll let the portforward take care of creating it for us)
- go to firewall>nat, portforward and add a rule for this traffic
- make sure you keep "autocreate firewallrule" checked when saving and apply the settings
- make sure (like mentioned in my other thread) to set the pfSense WAN IPs as DMZs in the routers in front of you

Additional to this you still need to create a rule at LAN like mentioned in my previous post to map outgoing traffic for this application to one of your wans like desired.

Offline leimrod

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: Port forward for torrents not working on dual wan setup
« Reply #5 on: March 07, 2007, 10:53:47 am »
Ok I did this. I set up a rule in Firewall>NAT>Port Forward (as per the attached screenshot) and set it to autocreate a Firewall>Rules>WAN Rule (see the 2nd attached screenshot)

This however does not seem to allow traffic for this port to only go through one of my WAN connections, and it still doesn't seem to work when I test the port using http://www.utorrent.com/testport.php?port=18739

Is there anything else that could be affecting pfSense's ability to forward this port?

EDIT: Also, how is "ext.: 192.168.1.222" set? I don't see the option for setting it when configuring the rule.
« Last Edit: March 07, 2007, 10:57:34 am by leimrod »

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Port forward for torrents not working on dual wan setup
« Reply #6 on: March 07, 2007, 10:58:17 am »
...

- make sure (like mentioned in my other thread) to set the pfSense WAN IPs as DMZs in the routers in front of you

Additional to this you still need to create a rule at LAN like mentioned in my previous post to map outgoing traffic for this application to one of your wans like desired.

You always only read half of what I say and skip some lines. You need to look more closely  :o

Offline leimrod

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: Port forward for torrents not working on dual wan setup
« Reply #7 on: March 07, 2007, 11:15:24 am »
Sorry about that :)

I just implemented it and it hasn't changed anything, when I run the test page for the port the IP address still changes between the 2 gateways I have load balanced. Also at my gatewayrouter interface I can't see anything about setting up DMZ. The only thing I can see that is remotely like it is the option to set up IP Passthrough, would IP Passthrough work instead?

I've attached a screenshot of the rule setup in Firewall>Rules>LAN. Could there be a problem with my failover rule or some other rule that I have in place that could be negating it? Sai said in the other thread that the one of my rules (the second one from teh top in the screenshot attached) would "only be used as it is the first and will match anything coming out of the LAN net". Thing is when I disable that rule I lose access to the internet.

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Port forward for torrents not working on dual wan setup
« Reply #8 on: March 07, 2007, 11:27:47 am »
Some vendors call this setting different. Probably IP-Passthrough is what your routers vendor calls it. Give it a try.

The firewallrule doesn't look right. The way you set it up would mean that the oposite end would have set up his bt client to use 18739 which probably is not the case. Try to find out if your client uses a fixed range for outgoing connections or even a fixed port. You can do so by looking at diagnostics>states in the webgui of the pfSense to see what connections it opens. Then use that range as sourceport, not the destination port (this setting hides below one of the advanced buttons)

Offline leimrod

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: Port forward for torrents not working on dual wan setup
« Reply #9 on: March 07, 2007, 11:50:31 am »
I'm not really sure how i'm supposed to read diagnostics>states? What should I be looking for? Accesses on port 18739?

I've looked up about utorrent and it says to use any port above 10,000. The port i'm using is the default one that came up when I installed utorrent.

I set up that port as the source, but again, its made no change. Also what could the possible reason that utorrent is still using both WAN and Opt1 connections and not being routed to only the WAN connection?

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Port forward for torrents not working on dual wan setup
« Reply #10 on: March 07, 2007, 11:55:16 am »
If it uses random ports it's hard to map it to only one WAN. This then would only be possible with layer7 filtering. Try to use the server sourceport (the one you forwarded) in your lan firewallrule. Maybe this wil let the other peers know that you only use this IP. If you have a static public IP at WAN check if azureus has the option to hardcode the server IP seen from the other peers.

Offline leimrod

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: Port forward for torrents not working on dual wan setup
« Reply #11 on: March 07, 2007, 11:59:29 am »
It doesn't use a random port. It does however use UPNP port mapping. Could this be effecting something?

Also it's still a mystery to me though why these settings aren't limiting this port to only one of my WAN connections?

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Port forward for torrents not working on dual wan setup
« Reply #12 on: March 07, 2007, 12:18:29 pm »
Reset states at diagnostics>states, reset states. Only new connections will be affected by a changed ruleset.

Offline leimrod

  • Jr. Member
  • **
  • Posts: 76
    • View Profile
Re: Port forward for torrents not working on dual wan setup
« Reply #13 on: March 13, 2007, 07:32:24 am »
I'm sorry for bumping this thread but i've really run out of avenues to get this working, i'm still having problems getting the port forwarding for torrents working.

Below i've attached screenshots of what settings i've implemented.

I've set up both of my gateway routers as DMZ's to the pfSense router (i.e. for WAN the DMZ points to 192.168.0.10, for Opt1 it points to 192.168.1.222) and i've updated to the latest snapshot from here

I've put a rule in "Firewall: NAT/Port forward" to open port 18739 for 192.165.0.30

I've put a rule in "Firewall: Rules/LAN" to open port 18739 for 192.165.0.30 at gateway DrayfailoverNet
I've put a rule in "Firewall: Rules/WAN" to open port 18739 for 192.165.0.30 at gateway DrayfailoverNet

I've put a rule in "Firewall: Rules/Opt1" to BLOCK port 18739 for 192.165.0.30 at gateway DrayfailoverNet

What's happening is that when I run the port checker it is STILL switching between the two IP's in my load balanced pool, so the policy based routing isn't taking affect, and i'm guessing this is the root of my problem, is there any rule that might be negating my policy based rules? Or anything that i'm missing here?

When i'm setting up the DMZ at the router level it should be pointing to the local ip for that connection in pfsense right?



Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: Port forward for torrents not working on dual wan setup
« Reply #14 on: March 13, 2007, 04:14:31 pm »
There are several problems with your setup:
- don't use gateways other than default for firewallrules at wan and netopia that belong to portforwards. You have to use "default" as gateway there.
- I don't understand the 2 other rules at wan and netopia that don't belong to the portforward but they are definately wrong ;)
- at netopia the block rule is not needed. Everything not explicitly allowed is blocked anyway. The gateway option here is wrong as well.