BitTorrent, UPnP and Traffic Shaper

  • Hi there,

    I have set up my traffic shaper and it is working. All uncategorized traffic goes into my p2p queue. Now I want to restrict my traffic, deleting the LAN->WAN any rule and have seperate rules for every service that I use. Now one machine still needs to use BitTorrent. So I want to enable UPnP for this machine. What is the best practice there? Do I need to apply UPnP to the LAN interface and allow all ports from 1024-65535 to be opened then? Or LAN and WLAN, because these two interfaces are bridged together? And what about the Traffic Shaper queue? Which one has to be put in into the UPnP setting? The upload or download queue? This way I only needed one port to be forwarded to my BitTorrent box and UPnP would handle all outgoing traffic, is that right?

    pfSense 1.2.3 RC3 is in use…


  • Can't be that nobody has the same problem with bittorrent…
    How do you guys handle bittorrent? I do not want my torrent machine to allow all outgoing traffic >1024...


  • I dont use upnp for bittorrent.
    I created a static DHCP entry for the computer using bittorrent so it gets everytime the same IP.
    The create a portforward for this computer.

  • The portforwarding is not the problem. I have set up a static one as well. I do not want to open ALL OUTGOING traffic for this system. Bittorrent uses all random ports >1024 and that suckz. I am looking for a solution for this and thought that maybe UPnP could open the OUTGOING connections temporarily as well…

    Or is BT running for you if you just open up the one port of your client? You also need all the outgoing ports >1024...

  • Ah you're talking about outbound connections.
    Hmmm. I'm not sure how to go at this.

    Have you tried to set something in the config of your client?

  • In every client I tried (uTorrent, Transmission or XTorrent) for my OS X there is only a possibility to change the one incoming port…
    So UPnP is generally only for portforwarding? Not for outgoing connections?

    How do the other people use this? It cannot be that you need to open up such a great whole just for bittorrent traffic...

  • Yes upnp is used to map inbound ports, not outbound.

    I'm not sure if this is possible.
    A quick google shows some discussions in the uTorrent forum about this.
    I think you can set something like this in a developers version of it.

    The other possibility would be to just block outbound connections completly except a small range.
    But this would slow down the establishing of connections, since the client has to find these open ports with try/error.

  • Rebel Alliance Developer Netgate

    Bittorrent clients set the port they use to listen, so when you connect to peers, it's using whatever they have set in their client.

    There is no way around this in 1.2.3. In 2.0 there is a layer 7 protocol classifier that can identify bittorrent traffic regardless of port and shape it appropriately.

  • Nice. Hopefully 2.0 will not take a whole year to be released ;)

    But also you are not quite correct on the client ports. Bittorrent uses whatever ports it needs above 1024. If I set my client to 52525 it also uses all ports above 1024. It is not only the ports other people use…

  • Rebel Alliance Developer Netgate

    Let's hope  ;D

    It's in better shape than it has been. Once 1.2.3 is out the door, and FreeBSD 8.0 is released, there will be more progress made.

    Work has already shifted focus to 2.0 and getting more bits functional, but it's still not stable in many ways.

  • Not sure if this is a res of an old dead topic but I found this while looking through google trying to find out how to make sense of 2.0's traffic shaper, since the wizard doesn't work.

    In uTorrent you can set the outbound ports, if you go to the advanced settings.  I used that to set traffic shaping rules for my wife's torrents.

Log in to reply