Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Torrents UpNp vs Port Forward

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 4.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      HiTekRedNek
      last edited by

      Hi,

      I'm setting up a Torrent Box and would like to know the pros and cons for my particular setup.

      DSL Modem
                                                l
                                          PFSense
                    l                                                        l
                  LAN                                                    Opt1 (LAN2)
                    l                                                        l
            File/FTP Server                                  Linksys wifi router (acting as switch) 
      (Restricted Outbound Connectivity)                  l                    l
                                                                  Torrent Box      3 other wired and wireless machines

      The only communication between LAN segments is SFTP.
      My Torrent Box will be running a UTorrent client and this is the only machine that I want with this access.
      What is the most secure way of implementing this? Should I use port forwarding or uPnP?

      Currently my Torrents are working with only the default rule applied, forwarding all traffic from Opt1 to the WAN. I am looking for a more secure configuration that I can monitor the logs for suspicious activity. My future project is to implement SNORT IDS as well.

      Any suggestions are greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • B
        Bai Shen
        last edited by

        I would put another nic in the pfSense box and move the torrent box to a separate segment from your wireless traffic.

        1 Reply Last reply Reply Quote 0
        • H
          HiTekRedNek
          last edited by

          I already have the extra port. I thought in advance before I built my mini-itx PFSense box and purchased the jetway 3 port daughterboard.

          Can you elaborate further on why you suggest segmenting from the wi-fi?

          Still not sure if I should use Port Forward or uPnP. Google searches on the topic are making my head spin.

          1 Reply Last reply Reply Quote 0
          • B
            Bai Shen
            last edited by

            Firstly, if you put the torrent box on a dmz nic, then you don't have to worry about any issues with the linksys wireless router.

            Secondly, I like to keep my wireless traffic separate from my wired.  That way I can handle it differently if I want, and if someone manages to crack my encryption, they can't get to my wired machines.

            Thirdly, if the torrent box is on it's own nic, then you know exactly what it's doing, and don't have any extraneous traffic to deal with.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.