SOLVED - Problem resetting uTorrent client vs pfsense.



  • Hi,
    Can anyone help me to find what's wrong on my settings to enable usage of Torrents (here uTorrent). It been a couples of days i am trying every ways to set up the pf and the clients but still not working.

    Gateway: 192.168.2.1
    WAN: 192.168.2.20
    LAN: 10.0.64.1
    ClientsNeedTorrenting:
    10.0.64.2
    10.0.64.7

    Alias: uTorrentClients. Alias have been created for those Clients.

    Extra info:

    • SNORT: I am using SNORT but i have desactivated it to troubleshoot the problem.

    • UPNP & NAT-PMP is disabled on pf.

    • The pf use OpenDNS public DNS and COMODO public DNS
      8.26.56.26 (COMODO);
      8.20.247.20 (COMODO);
      208.67.222.222 (OpenDNS);
      208.67.220.220 (OpenDNS).
      *No i will not change my DNS. :P

    Fact:

    • It is for HOME purpose.

    -YES, i have seen most of all the pfsense forum topics about torrenting and i have make a couples of search to find what's wrong on the internet before posting. Now im tired of this. -_-

    • My gateway have a DMZ set to the firewall

    • Our uTorrent Clients seems to use openDNS public DNS (uTorrent->Options->Prefs->Advanced):
      ISP.primary_dns: 208.67.222.222
      ISP.secondary_dns: 208.67.220.220

    • The value net.max.halfopen is set to *50

    • YES, we were able before, it is not an ISP issue.

    -YES, there's a windows firewall exception on each client.

    • What happend: I have reinstall pf a couple of weaks ago and manually reset it. My back up files weren't working and were dating from an older version of pf.

    • NAT: NAT rules for clients doesn't work, but for example my NAT rules for Blizzard/Battle.net work fine.
      Other:

    • I have a bunch of pics if you want them.
      Thx all.





















  • You can follow the actual discussion on FACEBOOK on this situation @ https://www.facebook.com/groups/pfsense.official/permalink/1598777523763805/


  • Rebel Alliance Global Moderator

    Why would need to follow what will for sure be a trainwreck ;)

    From just a quick look see multiple things wrong. Where are you wan rules?  Did you let your port forward create the rule?  Where is it on the list of rules?  Please post your WAN firewall rules.  But your lan rules are wrong..  So once your in a swarm you have no idea what ports those clients will be using.. But your only allow out dest to the port your client is running on.  That will never work.

    This comes down to basic port forwarding troubleshooting.
    https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

    Your lan rules need to allow your torrent clients to talk outbound on any port.. Or you just going to be able to talk to the clients running on that port - which is prob maybe 1 out of 100,000 or something.. Or maybe just you ;)

    Why do you have automatic port mapping checked if your doing a port forward?  You wold have that checked if you were going to use UPnP..



  • What's the trainwreck?  ???

    I can show you the WAN rules.
    And yeah, i let the port forward create rules for WAN.

    These rules are around the top of my list.

    Thx for telling me about the LAN rules.
    Thx for the link, i already use it with the pfsense documentation.

    On my pf, no i don't use UPnP, on the uTorrent client, if i use the wizard and test, i NEED to check them, i wont test without them ticked. That's why. But the problem come from the LAN rules setting.

    Well actualy, i think i have solve the problem with all the rules in the LAN rules page.

    Your lan rules need to allow your torrent clients to talk outbound on any port.. Or you just going to be able to talk to the clients running on that port

    In fact, after i readed you there's an hour, i take time to revise them following what you told me. I wasen't realising it. I don't know where i had the head. Maybe too much time working on it.  :) It give me some headaches recently lol
    But thanks a lot for answering.

    On my pf, no i don't use UPnP, on the uTorrent client, if i use the wizard and test, i NEED to check them, i wont test without them ticked. That's why.

    In another way, in a few weeks, i will get a paying VPN and my gold pfsense membership,  try to set it to use WAN and get out on the internet.

    Now there's some pics, from top to bottom, you got:

    NAT
    WAN1
    WAN2
    LAN1
    LAN2
    WIFI













  • Rebel Alliance Global Moderator

    "What's the trainwreck?  "

    Any attempt at support on FB.. I mean really!!  Its worse the subreddit..

    Ok clearly that is a trainwreck as well..  So you marked solved so what is working?? Have you even read the port forwarding doc??  Seems like your just clicking random shit hoping it works?? ;)

    https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

    Why do you have rules to allow your lan and wifi networks on your WAN interface as source traffic???  Completely pointless..
    Why do you have 4 rules in a row that are any any.. Then calling them blizzard downloader?
    You do understand then your block rule at the end becomes pointless.

    Rules are evaluated top down, first rule to trigger wins - no other rules are looked at. 
    Traffic is evaluated inbound to the interface where pfsense first see's the traffic so rules like source net of lan on your wan would never in a million years do anything.  When would traffic inbound to your wan interface come from your lan network??

    What is the attempted point of blocking wifi to the wifi address.  You know the wifi network could just access your firewall on your lan IP, or your wan IP.  Is that rule to block access to the firewall or stop wifi from going else where on say your lan or internet.  Because with that rule only blocking ports that were not allowed to the wifi address.  The default block rule at the end would stop everything else that wasn't in your allow rules..  So not sure what you were trying to do there?

    Not sure what is in your aliases in your NATS..  But those are all wrong expect the one that lists wan address as destination..

    What I would suggest is you start over..  delete all these rules and leave the default any any rules lan side interfaces.  Delete all your port forwards.

    What do you want to do?  Why are you forwarding a RANGE of Ports to what I assume is an alias with lots of different IPs in it..  That is not going to work..

    Pick the port your different torrent devices are going to run on.. Make sure they run on different ones.  The create the port forward - per the doc link shown to 1 of these devices.  Validate it works, then go to your next utorrent client, etc.  If you can ot get a port forward to work then https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

    Then we can move on to whatever other ports you want to forward..