Netgate m1n1wall

Author Topic: Allowing torrent  (Read 2372 times)

0 Members and 1 Guest are viewing this topic.

Offline epema

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Allowing torrent
« on: June 20, 2012, 11:21:03 am »
Hello guys,

I want to enable passing torrent through pfsense for one host. ex 192.168.1.233.
So, I create a inbound NAT rule redirecting all incoming connections for 52345 -> 192.168.1.233:52345.
So, obviously...52345 is a port used for incoming connections on the client.

Should I create an outbound rule? And any more suggestions on that?

Thanks a lot!

ps: I have seen this topic.. http://malindarats.blogspot.nl/2011/08/normal-0-false-false-false-en-us-x-none.html
however I didn't get thing about the gateway. I think I dont have to configure anything there.
« Last Edit: June 20, 2012, 09:30:06 pm by epema »

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 10006
  • Karma: +6/-0
    • View Profile
Re: Allowing firewall
« Reply #1 on: June 20, 2012, 12:03:13 pm »
If 192.168.1.233 has a lan rule allowing all traffic to internet, the rdr rule on interface wan is fine.

Offline epema

  • Newbie
  • *
  • Posts: 13
  • Karma: +0/-0
    • View Profile
Re: Allowing torrent
« Reply #2 on: June 20, 2012, 10:45:33 pm »
Hi there,

Please take a look at my firewall rules in attachments.
However, my uTorrent doesn't download.

I tcpdumped internal interface for 52394 port, however it didnt show any packets.

What can be wrong?



Offline marcelloc

  • Hero Member
  • *****
  • Posts: 10006
  • Karma: +6/-0
    • View Profile
Re: Allowing torrent
« Reply #3 on: June 21, 2012, 09:38:12 am »
change nat ports on rdr rule from any/* to 52394


move the lan rule that logs traffic to 192.168.1.233 before lan rule that allow all access from lan to internet.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 2893
  • Karma: +0/-0
    • View Profile
Re: Allowing torrent
« Reply #4 on: June 21, 2012, 11:21:09 am »
What does your wan rule say?  Did you let it auto create the wan rule when you created the nat?

As to the lan rule - it shouldn't really matter if that rule is before or after your pass rule to lan net.  But not sure why you would even have such a rule?  lan devices normally would never even talk to pfsense to talk to other lan devices.

Your current lan rule as source of 192.168.1.233 would allow only that box to talk to the internet.  Is that what you want, you don't want any of your other devices to talk to the internet?

edit: btw I notice your only allowing TCP, utorrent can and does use UDP as well.  

http://www.utorrent.com/help/faq/network
If you have a firewall, you must allow all outgoing traffic on TCP and UDP.

If you not getting anything to work, its quite possible your trying to use a UDP tracker, and you are not allowing any outbound udp on that lan rule you have.

I just took a look at one the torrents I downloaded recently, and tracker shows
udp://tracker.openbittorrent.com:80/

So with your current lan rule there would be no way for you to contact that tracker since your not allowing udp outbound.

edit: so you can see all the rules.  Here are my wan rules, nat rules, and lan rule that allow torrents to work.  You will see my forwards and rules that allow inbound on tcp/udp for my utorrent ports.

And then the lan rule that allows clients to go to anything outbound.  Those other lan rules are blocking 1 client that I use for websense testing to only be able to go to websense IPs, and blocks direct outbound.



« Last Edit: June 21, 2012, 11:41:11 am by johnpoz »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Have I helped you, want to say thanks?  Donate to pfsense the cost of a beer http://pfsense.org/donate.html