Hello,
I’m at my wits end trying to figure out how to port forward in IPFire to Transmission bitTorrent client on my desktop on the green network. I’m following the guide in the IPFire wiki:
https://wiki.ipfire.org/configuration/firewall/rules/port-forwarding
Here’s the two rules I have uploaded as three pictures:
What am I doing wrong and how can I make this work? I’m using the “test port” function in the preferences in Transmission to check if it is open, and it always shows it is closed.
That rules ain’t right.
Source: Firewall + Port
Destination: Client of Green Network + Port
I haven’t tried it yet, but damn… That makes way more sense than what the IPFire wiki is showing. Does documentation need to be updated?
My guess is the documentation is correct, I used to do that here when I was using bittorrent.
Did you possibly block bittorrent under P2P networks?
DJ-Melo,
I didn’t even know that was a thing. But it appears the default is for it not to be blocked. I’ve tried Max Mustermann’s advice and it still does not work. But perhaps I have not configured something properly. I’m going to need more specific information.
Client firewall opened correctly? What does ipfire’s nmap say?
nmap -sU -sS -p 49942 192.168.0.2
Source should be any NOT 192.168.0.1!
My rules ( I think they are functional ) are
Any | Firewall:<BTport> -> <BTclientIP>:<BTport>
BTW: I followed the wiki article.
@donteatyellowsnow And I want to advise you to use service groups.
Xeonim,
You nailed it! Thank you so much! It was my client firewall not accepting incoming for this port forward. I feel like a bit of a dummy for forgetting that that had to be done. The original configuration that I first posted and got from the IPFire wiki worked correctly. No need to change the documentation unless someone thinks it’s worthwhile to add a reminder to open the client firewall.
Xeonium,
Why do you advise that using service groups is important?
It does make changes easier. You can change the host once and it will affect in multiple rules. Or one rule set (service group) can be use on another client quickly.
It reduce the sum of firewall rules all together.
I do so and will do it in future BUT it’s not mandatory.
In testing environment and setups I use protocol type, source, destination manually
Xeonium,
Thank you so much for recommending that. It does make sense to use it.
Xeonium,
For what it’s worth… After having played with service groups for a while, I can see how this would be convenient in certain circumstances. I’m assuming many users where common rules need to be added frequently.
My circumstances with using Bit Torrent is that the client is set to pick a random incoming port number each time the application is opened. What I’ve noticed is that it takes a little longer and a few more clicks to get to the service groups to change the port number than if it was just in the firewall rules where I can edit it. So I’ll likely go back to not using service groups, but I appreciate you having suggested it in the first place. Thank you again.
I think the BitTorrent client is a special case.
Or you made a fw rule set with multiple ports 40000-40099 open and during installation of BT clients you select manually one unique of these ports.
