Set up for Bit-torrent
Hello, I have been trying to get my pfsense box working for use with utorrent for a while and I am having issues. I want to explain my setup and see if Im missing something.
I have two connections, one dsl connection (that I want to dedicate to bittorrent) and one cable connection (for everything else). My dsl modem is in router mode right now (can be in PPPOE) and is using 192.168.2.1, and I have a router on my cable (linksys wrt54g) and it is using 192.168.0.1. I have a third nic that is set to be my lan. I have set up the cable connection as the Wan connection because I only want bittorrent to go out of the dsl connection. I have dsl set as opt1. I have this interface enabled. I dont really want any load balancing so I havent set up any load balancing, I just want to send torrents out opt1 (dsl).
I only need port 30963 (utorrent) to go out the opt1 connection. I have set up a lan rules that looks like this…
TCP 192.168.1.100 6969 * 6969 192.168.2.1 tracker out gorge.net
TCP 192.168.1.100 39063 * 30963 192.168.2.1 utorrent out gorge.net
and I have set up opt1 rules to look like this
TCP * 30963 192.168.1.100 30963 * utorrent in gorge
TCP * 6969 192.168.1.100 6969 * tracker in gorge
I have not set any Wan rules, or Nat rules as they are in a different section. Whenever I start a bittorrent session in this configuration, it goes out the cable connection (10 meg, when the dsl is only 1 meg) and when I look at the status of the interfaces, nothing has left the opt1 connection...
OPT1wan2 interface (rl0)
MAC address [removed]
IP address 192.168.2.2
Subnet mask 255.255.255.255
Media 100baseTX <full-duplex>In/out packets 0/4 (0 bytes/292 bytes)
In/out errors 0/0
I have been able to run a ping test out both connection from the webconfigurator. I get results out of opt1, why isnt the rules working??
I appreciate any help on this, Im boggled.
I have followed http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing guide and some of the screenshots dont match up, like during the rules, it doesnt say to adjust firewall automatically.</full-duplex>
Zues, your rules are too tight, the destination port in your first rule should be set (as it is), but not the source port
same applies to your second rule.
Also note that uTorrent uses a range of source ports when outwarde connecting and of course the destination ports vary widely, this is why I dedicated a machine to torrent, and set it up so all traffic from the machine goes down one WAN connection.
Check using the uTorrent port forwarding checker that all is well.
When using the rules that I have set now, I am able to download using bittorrent at incredible speeds (10 megs) !!, but unfortunatley its not using the correct connection. Its going out wan1 still :( :( . I loosened the rule to allow connection from any machine instead of just 192.168.1.100 but still it exits wan1 !!?!
Now about the outward connection, I only have one computer connected to this pfsense box, because I only have one other computer at my disposal. I am able to make it work on my cable connection so Im hesitant to determine that I need to change something to make it work on my dsl connection. It downloads fine using wan1, so I feel like the outward is working just fine at this point, I just need it to exit out of wan2 instead.
Sounds like the rule isn't matching, try a basic rule to send everything from that machine, have firewall logging turned on for that rule to make sure it is triggered, then tighten up the rule 1 nut at a time.
start with something like
any 192.168.1.100 * * * 192.168.2.1 utorrent out gorge.net
and if that hits then you can change one things at a time.
I was also thinking that I can set up a virtual machine for torrents with its own ip on the network and send all packet from that machine out the dsl. Things are starting to come together.
I got it working, by following suggestion and loosening rules to send all traffic out opt1wan2 for particular ip. Also there was another curious problem. I had to set wan2 to dhcp for it to work. It appears that neither of my interfaces will pass traffic without being dhcp, doesnt bother me because they wont change from there dhcp assignment but its still curious.
Im happy though because its working aok!
Are you running in a VM yet? beacuse of the way torrents run, you have to set the whole machine to a particular interface, which may not suit other things you do.
strange about DHCP - do you mean pfsense is set as dhcp server on that subnet - I certainly don't do that.
I am running vmware now and I have the rules set up to allow all traffic (on the lan) from the vmware images ip to go out optwan2. Now the dhcp thing, when I had optwan2 set up statically, no traffic passed. It wasnt until I changed it to dhcp (on the dsl modems network x.x.2.x) that it passed traffic. Wan1 behaved this way also, when I had set up wan1 to be static on the cablerouters networ (x.x.0.x) it would not pass traffic. It works now, and I'm sure that the dhcp address that wan1 and wan2 will not change so Im ok.
The problem I have now is that I need ssh to get through pfsense to the vmware images internal ip address. I think that pfsense's firewall or its sshd is timing out ssh.
Are you running the torrent VM on your inside network? I assume you are.
Where are you trying to access it from? Other machines on the inside network don't need to go through pfsense.
If you are accessing ffrom the internet then you need to forward on the router (if it is NATing) and on pfsense.