Have i Done the rules wrong for torrents?



  • Ok ive been playing for a month or so to try and figger this out.

    My Setup:
    Lets say my Ip is 192.168.0.12 and i use torrent port 37500
    WAN is for web/emails etc
    WAN2 is for torrents only

    –--> Wan1 192.168.1.251 ---> Router 192.168.1.253 [This router wont let me do DMZ yet]
                                                                    |
    Lan Pc's [AD/DNS Server] 192.168.0.X –-> pfSense Box [DHCP/DNS Fowarder]
                                                                    |
                                                                      –--> Wan2 (opt1) 192.168.2.251 ---> Router 192.168.2.254 [Router in DMZ]

    Firewall: NAT: Port Forward
    WAN2 TCP/UDP 37400 - 37600 192.168.0.12 (ext.: 192.168.2.251) 37400 - 37600

    Firewall: NAT: Outbound in AON
    WAN2  192.168.0.0/24 * * * * * NO
    WAN  192.168.0.0/24 * * * * * NO

    Firewall: Rules [Lan]
    TCP 192.168.0.12 * * 80 (HTTP) 192.168.1.253
    TCP 192.168.0.12 * * 25 (SMTP) 192.168.1.253

    • 192.168.0.12 * * * 192.168.2.254

    Firewall: Rules [WAN]
    None

    Firewall: Rules [WAN2]
    TCP/UDP * * 192.168.0.12 37400 - 37600 *

    I'm having problems with uploading and being classed as Connectable on private trackers
    my Diagnostics: System logs: Firewall in pfsense shows lots of blocks.
    Like below;
    Block Jan 10 20:55:44 WAN2 67.230.72.93:34287 192.168.2.251:52349 UDP
    Block Jan 10 20:55:43 WAN2 83.23.215.204:4708 192.168.2.251:55699 TCP
    Block Jan 10 20:55:42 WAN2 193.6.243.100:19217 192.168.2.251:52349 UDP

    I have tryed uPnP but thats does the same as my rules above, I know the port is open as i have a web server running and port 80 is working for it,
    have i overlooked something or is this too much for pfSense?

    Adding this rule on WAN2;
    TCP/UDP * * * * *
    Will keep the log free but it don't sort the problem.

    Can someone please help with this or some advice.



  • Have you configured your BitTorrent software to use the ports 37400 - 37600 ?



  • I run uTorrent and i have it set to 37500 in the Preferences>Connection tab.

    I just like to keep a 100 port range each side open just in case



  • Then i dont see how the blocks you are seeing on WAN2 are related to uTorrent.

    The rules are blocking connections to 52349, 55699, 52349.

    Maybe you could clarify what you mean with: "I'm having problems with uploading and being classed as Connectable on private trackers"



  • sorry

    on all private trackers u need to be classed as connectable so u can upload, in uTorrent i have the green tick to say my ports are setup right.

    52349, 55699, 52349 are ports being used for some reason;
    Block      Jan 10 20:55:44  WAN2      67.230.72.93:34287  192.168.2.251:52349  UDP

    so its like User 67.230.72.93 on port 34287 sends me a udp request, port changed to 52349 (don't know why) firewall sees it on WAN2, but don't know what to do with something on port 52349 so its a default block.

    Here is another one in raw date;
    pf: 626251 rule 884/0(match): block in on xl2: (tos 0x0, ttl 107, id 25163, offset 0, flags [DF], proto: TCP (6), length: 48) 201.242.231.28.3346 > 192.168.2.251.57252: S, cksum 0x08fd (correct), 1282968680:1282968680(0) win 16384 <mss 1420,nop,nop,sackok="">I know every connection with torrents opens a new port, but i cant see how its hard, this is just a port forward with a firewall rule to pass it.

    Shouldn't the Destination be the pc in question?</mss>



  • Try to enable static port:
    http://doc.pfsense.org/index.php/Static_Port

    However this applies only to outbound ports.
    If you've set the NAT correctly up inbound connections should work.

    If you see a connection to 52349 this means someone is connect to this port on your side,
    and he's not connecting to the port you specified in the uTorrent config.

    I dont think these blocks you are seeing are related to uTorrent.



  • static port did nothing,
    just worked out im running 1.2 will look at going to 1.2.2 or 2.0 (1.3)

    just do i have enuff bits to set up a new system and keep the old one as a fall back if need be.

    The Pain lol.


Locked