Port forward for torrents not working on dual wan setup
-
Sorry about that :)
I just implemented it and it hasn't changed anything, when I run the test page for the port the IP address still changes between the 2 gateways I have load balanced. Also at my gatewayrouter interface I can't see anything about setting up DMZ. The only thing I can see that is remotely like it is the option to set up IP Passthrough, would IP Passthrough work instead?
I've attached a screenshot of the rule setup in Firewall>Rules>LAN. Could there be a problem with my failover rule or some other rule that I have in place that could be negating it? Sai said in the other thread that the one of my rules (the second one from teh top in the screenshot attached) would "only be used as it is the first and will match anything coming out of the LAN net". Thing is when I disable that rule I lose access to the internet.
-
Some vendors call this setting different. Probably IP-Passthrough is what your routers vendor calls it. Give it a try.
The firewallrule doesn't look right. The way you set it up would mean that the oposite end would have set up his bt client to use 18739 which probably is not the case. Try to find out if your client uses a fixed range for outgoing connections or even a fixed port. You can do so by looking at diagnostics>states in the webgui of the pfSense to see what connections it opens. Then use that range as sourceport, not the destination port (this setting hides below one of the advanced buttons)
-
I'm not really sure how i'm supposed to read diagnostics>states? What should I be looking for? Accesses on port 18739?
I've looked up about utorrent and it says to use any port above 10,000. The port i'm using is the default one that came up when I installed utorrent.
I set up that port as the source, but again, its made no change. Also what could the possible reason that utorrent is still using both WAN and Opt1 connections and not being routed to only the WAN connection?
-
If it uses random ports it's hard to map it to only one WAN. This then would only be possible with layer7 filtering. Try to use the server sourceport (the one you forwarded) in your lan firewallrule. Maybe this wil let the other peers know that you only use this IP. If you have a static public IP at WAN check if azureus has the option to hardcode the server IP seen from the other peers.
-
It doesn't use a random port. It does however use UPNP port mapping. Could this be effecting something?
Also it's still a mystery to me though why these settings aren't limiting this port to only one of my WAN connections?
-
Reset states at diagnostics>states, reset states. Only new connections will be affected by a changed ruleset.
-
I'm sorry for bumping this thread but i've really run out of avenues to get this working, i'm still having problems getting the port forwarding for torrents working.
Below i've attached screenshots of what settings i've implemented.
I've set up both of my gateway routers as DMZ's to the pfSense router (i.e. for WAN the DMZ points to 192.168.0.10, for Opt1 it points to 192.168.1.222) and i've updated to the latest snapshot from here
I've put a rule in "Firewall: NAT/Port forward" to open port 18739 for 192.165.0.30
I've put a rule in "Firewall: Rules/LAN" to open port 18739 for 192.165.0.30 at gateway DrayfailoverNet
I've put a rule in "Firewall: Rules/WAN" to open port 18739 for 192.165.0.30 at gateway DrayfailoverNetI've put a rule in "Firewall: Rules/Opt1" to BLOCK port 18739 for 192.165.0.30 at gateway DrayfailoverNet
What's happening is that when I run the port checker it is STILL switching between the two IP's in my load balanced pool, so the policy based routing isn't taking affect, and i'm guessing this is the root of my problem, is there any rule that might be negating my policy based rules? Or anything that i'm missing here?
When i'm setting up the DMZ at the router level it should be pointing to the local ip for that connection in pfsense right?
-
There are several problems with your setup:
- don't use gateways other than default for firewallrules at wan and netopia that belong to portforwards. You have to use "default" as gateway there.
- I don't understand the 2 other rules at wan and netopia that don't belong to the portforward but they are definately wrong ;)
- at netopia the block rule is not needed. Everything not explicitly allowed is blocked anyway. The gateway option here is wrong as well.
-
- I don't understand the 2 other rules at wan and netopia that don't belong to the portforward but they are definately wrong ;)
The 2 other rules at WAN and Netopia where implemented because I followed the guide here for setting up load balancing, you can see he has implemented these rules on page 12.
Why would they be wrong?
-
Please rather follow http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing . I have to look a bit closer at the other doc but it seems to be wrong. If it is I'll pull it so it doesn't confuse people anymore. It doesn't apply to the latest snapshots anyway that have a much easier pool creation gui (selecting interfaces instead of gateway IPs).
-
Ok, tomorrow i'm going to start again and implement the other tutorial. The only reason I went with the one I did was because it was for a static IP setup.
Can I ask though, the fact i am able to get access to the internet means that there is a port open in pfsense to do so (say port 80) if I did a test of port 80 (i.e. http://www.utorrent.com/testport.php?port=80) should it not be reading as open?
-
The default config is to let anything out but nothing in. The apps do test incoming connections so this won't work without portforwards and appropriate firewallrules.
-
Ok I think i'm nearly there with this.
I removed the rules from the tutorial I was following and went with only the settings from here
I've attached a screenshot below of what i've set up. Can you explain to me what the last rule in this screenshot does, it seems to always be setup in all of the tutorials I've read but there is no explanation for it.
Is this rule used to set udp/tcp ports for all OUTGOING traffic? I've found that when I disable it, the utorrent port checker says the port is now open, but when I try to download a torrent it won't connect… until I re-enable the last rule. Is there any explanation for this?
-
If you don't enable the last rule you only alow the ports and protocols specified above which means only a few ports are open to go out (http, rdp, https, common-alias and protocol icmp).
-
Ok I think i'm nearly there. Torrents are working, so is VNC, VPN in and out of the office, FTP and HTTPs.
I have one last thing thats not, its not a big thing but I would like to resolve it. The failover for my Opt1 connection is not working. When I plug out my Opt1 connection I can still access the internet on my WAN connection, but when I plug out my WAN connection I lose all internet access… except for doing google searchs which is weird. When I unplug the WAN connection I can go to www.google.com and do a search and it will give me a list of results, i can't however open any of the result pages. I can't do a tracert on any sites either.
I have a feeling this has something to do with my DNS. Is there anyway of setting the DNS for Opt1? Under "status>interfaces" the Opt1 connections reads as "up" but I don't see any DNS addresses associated with it?
-
http://forum.pfsense.org/index.php/topic,3696.msg22708.html#msg22708
-
I've written up a new part to the dual WAN wiki http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing#Supporting_bittorrents
which describes my set up for bitorrent which seems to be working well.Appreciate comments and feedback on this.. :)
-
I've written up a new part to the dual WAN wiki http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing#Supporting_bittorrents
which describes my set up for bitorrent which seems to be working well.Appreciate comments and feedback on this.. :)
hoba pets pootle, a user who gives something back :D