Torrents UpNp vs Port Forward



  • Hi,

    I'm setting up a Torrent Box and would like to know the pros and cons for my particular setup.

    DSL Modem
                                              l
                                        PFSense
                  l                                                        l
                LAN                                                    Opt1 (LAN2)
                  l                                                        l
          File/FTP Server                                  Linksys wifi router (acting as switch) 
    (Restricted Outbound Connectivity)                  l                    l
                                                                Torrent Box      3 other wired and wireless machines

    The only communication between LAN segments is SFTP.
    My Torrent Box will be running a UTorrent client and this is the only machine that I want with this access.
    What is the most secure way of implementing this? Should I use port forwarding or uPnP?

    Currently my Torrents are working with only the default rule applied, forwarding all traffic from Opt1 to the WAN. I am looking for a more secure configuration that I can monitor the logs for suspicious activity. My future project is to implement SNORT IDS as well.

    Any suggestions are greatly appreciated.



  • I would put another nic in the pfSense box and move the torrent box to a separate segment from your wireless traffic.



  • I already have the extra port. I thought in advance before I built my mini-itx PFSense box and purchased the jetway 3 port daughterboard.

    Can you elaborate further on why you suggest segmenting from the wi-fi?

    Still not sure if I should use Port Forward or uPnP. Google searches on the topic are making my head spin.



  • Firstly, if you put the torrent box on a dmz nic, then you don't have to worry about any issues with the linksys wireless router.

    Secondly, I like to keep my wireless traffic separate from my wired.  That way I can handle it differently if I want, and if someone manages to crack my encryption, they can't get to my wired machines.

    Thirdly, if the torrent box is on it's own nic, then you know exactly what it's doing, and don't have any extraneous traffic to deal with.


Log in to reply