Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Have i Done the rules wrong for torrents?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    7 Posts 2 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Mong
      last edited by

      Ok ive been playing for a month or so to try and figger this out.

      My Setup:
      Lets say my Ip is 192.168.0.12 and i use torrent port 37500
      WAN is for web/emails etc
      WAN2 is for torrents only

      –--> Wan1 192.168.1.251 ---> Router 192.168.1.253 [This router wont let me do DMZ yet]
                                                                      |
      Lan Pc's [AD/DNS Server] 192.168.0.X –-> pfSense Box [DHCP/DNS Fowarder]
                                                                      |
                                                                        –--> Wan2 (opt1) 192.168.2.251 ---> Router 192.168.2.254 [Router in DMZ]

      Firewall: NAT: Port Forward
      WAN2 TCP/UDP 37400 - 37600 192.168.0.12 (ext.: 192.168.2.251) 37400 - 37600

      Firewall: NAT: Outbound in AON
      WAN2  192.168.0.0/24 * * * * * NO
      WAN  192.168.0.0/24 * * * * * NO

      Firewall: Rules [Lan]
      TCP 192.168.0.12 * * 80 (HTTP) 192.168.1.253
      TCP 192.168.0.12 * * 25 (SMTP) 192.168.1.253

      • 192.168.0.12 * * * 192.168.2.254

      Firewall: Rules [WAN]
      None

      Firewall: Rules [WAN2]
      TCP/UDP * * 192.168.0.12 37400 - 37600 *

      I'm having problems with uploading and being classed as Connectable on private trackers
      my Diagnostics: System logs: Firewall in pfsense shows lots of blocks.
      Like below;
      Block Jan 10 20:55:44 WAN2 67.230.72.93:34287 192.168.2.251:52349 UDP
      Block Jan 10 20:55:43 WAN2 83.23.215.204:4708 192.168.2.251:55699 TCP
      Block Jan 10 20:55:42 WAN2 193.6.243.100:19217 192.168.2.251:52349 UDP

      I have tryed uPnP but thats does the same as my rules above, I know the port is open as i have a web server running and port 80 is working for it,
      have i overlooked something or is this too much for pfSense?

      Adding this rule on WAN2;
      TCP/UDP * * * * *
      Will keep the log free but it don't sort the problem.

      Can someone please help with this or some advice.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Have you configured your BitTorrent software to use the ports 37400 - 37600 ?

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • M
          Mong
          last edited by

          I run uTorrent and i have it set to 37500 in the Preferences>Connection tab.

          I just like to keep a 100 port range each side open just in case

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Then i dont see how the blocks you are seeing on WAN2 are related to uTorrent.

            The rules are blocking connections to 52349, 55699, 52349.

            Maybe you could clarify what you mean with: "I'm having problems with uploading and being classed as Connectable on private trackers"

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • M
              Mong
              last edited by

              sorry

              on all private trackers u need to be classed as connectable so u can upload, in uTorrent i have the green tick to say my ports are setup right.

              52349, 55699, 52349 are ports being used for some reason;
              Block      Jan 10 20:55:44  WAN2      67.230.72.93:34287  192.168.2.251:52349  UDP

              so its like User 67.230.72.93 on port 34287 sends me a udp request, port changed to 52349 (don't know why) firewall sees it on WAN2, but don't know what to do with something on port 52349 so its a default block.

              Here is another one in raw date;
              pf: 626251 rule 884/0(match): block in on xl2: (tos 0x0, ttl 107, id 25163, offset 0, flags [DF], proto: TCP (6), length: 48) 201.242.231.28.3346 > 192.168.2.251.57252: S, cksum 0x08fd (correct), 1282968680:1282968680(0) win 16384 <mss 1420,nop,nop,sackok="">I know every connection with torrents opens a new port, but i cant see how its hard, this is just a port forward with a firewall rule to pass it.

              Shouldn't the Destination be the pc in question?</mss>

              1 Reply Last reply Reply Quote 0
              • GruensFroeschliG
                GruensFroeschli
                last edited by

                Try to enable static port:
                http://doc.pfsense.org/index.php/Static_Port

                However this applies only to outbound ports.
                If you've set the NAT correctly up inbound connections should work.

                If you see a connection to 52349 this means someone is connect to this port on your side,
                and he's not connecting to the port you specified in the uTorrent config.

                I dont think these blocks you are seeing are related to uTorrent.

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • M
                  Mong
                  last edited by

                  static port did nothing,
                  just worked out im running 1.2 will look at going to 1.2.2 or 2.0 (1.3)

                  just do i have enuff bits to set up a new system and keep the old one as a fall back if need be.

                  The Pain lol.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.