Allowing torrent

epema · Jun 21, 2012, 2:30 AM

Hello guys,

I want to enable passing torrent through pfsense for one host. ex 192.168.1.233.
So, I create a inbound NAT rule redirecting all incoming connections for 52345 -> 192.168.1.233:52345.
So, obviously…52345 is a port used for incoming connections on the client.

Should I create an outbound rule? And any more suggestions on that?

Thanks a lot!

ps: I have seen this topic.. http://malindarats.blogspot.nl/2011/08/normal-0-false-false-false-en-us-x-none.html
however I didn't get thing about the gateway. I think I dont have to configure anything there.

marcelloc · Jun 20, 2012, 5:03 PM

If 192.168.1.233 has a lan rule allowing all traffic to internet, the rdr rule on interface wan is fine.

epema · Jun 21, 2012, 3:45 AM

Hi there,

Please take a look at my firewall rules in attachments.
However, my uTorrent doesn't download.

I tcpdumped internal interface for 52394 port, however it didnt show any packets.

What can be wrong?

![pfsense.localdomain - Firewall NAT Port Forward-094308.png](/public/imported_attachments/1/pfsense.localdomain - Firewall NAT Port Forward-094308.png)
![pfsense.localdomain - Firewall NAT Port Forward-094308.png_thumb](/public/imported_attachments/1/pfsense.localdomain - Firewall NAT Port Forward-094308.png_thumb)
![pfsense.localdomain - Firewall Rules-094245.png](/public/imported_attachments/1/pfsense.localdomain - Firewall Rules-094245.png)
![pfsense.localdomain - Firewall Rules-094245.png_thumb](/public/imported_attachments/1/pfsense.localdomain - Firewall Rules-094245.png_thumb)

marcelloc · Jun 21, 2012, 2:38 PM

change nat ports on rdr rule from any/* to 52394

move the lan rule that logs traffic to 192.168.1.233 before lan rule that allow all access from lan to internet.

johnpoz · Jun 21, 2012, 4:41 PM

What does your wan rule say? Did you let it auto create the wan rule when you created the nat?

As to the lan rule - it shouldn't really matter if that rule is before or after your pass rule to lan net. But not sure why you would even have such a rule? lan devices normally would never even talk to pfsense to talk to other lan devices.

Your current lan rule as source of 192.168.1.233 would allow only that box to talk to the internet. Is that what you want, you don't want any of your other devices to talk to the internet?

edit: btw I notice your only allowing TCP, utorrent can and does use UDP as well.

http://www.utorrent.com/help/faq/network
If you have a firewall, you must allow all outgoing traffic on TCP and UDP.

If you not getting anything to work, its quite possible your trying to use a UDP tracker, and you are not allowing any outbound udp on that lan rule you have.

I just took a look at one the torrents I downloaded recently, and tracker shows
udp://tracker.openbittorrent.com:80/

So with your current lan rule there would be no way for you to contact that tracker since your not allowing udp outbound.

edit: so you can see all the rules. Here are my wan rules, nat rules, and lan rule that allow torrents to work. You will see my forwards and rules that allow inbound on tcp/udp for my utorrent ports.

And then the lan rule that allows clients to go to anything outbound. Those other lan rules are blocking 1 client that I use for websense testing to only be able to go to websense IPs, and blocks direct outbound.