Port Fowarding not Working

I can’t get port-forwarding for bittorrent to work. Transmission, on IPFire web interface port 9091, continually reports “port is blocked”, for port 51413. When I do log the rule, fw-lograph-port 51413 details many hits showing TCP from red0 to firewall green IP port 51413 as “DROP_INPUT”

My setup is very plain - private address on LAN, no VPN, no DynDNS.

I do have IPS enabled and active on green & red, but its log shows zero entries

I have followed the current guide on https://wiki.ipfire.org/configuration/firewall/rules/port-forwarding Is this out-of-date ?

First i have no experience with this i want tell you anyway what i found and what i think :wink: It only helps if you use Transmission as addon what i think you do.

If you look on Wiki Transmission you found Info for external access rule.

This Info looks diffrent like your rule. Hope that help you.

Thanks for your suggestion. Yes, I am using the Transmission addon.

I’ve since found a discussion in the old forum - https://forum.ipfire.org/viewtopic.php?f=27&t=23456&p=127896&hilit=transmission#p127896 and followed what was suggested there. They are treating it as “port forwarding” rather than “external access”, but do agree that the wiki, for addon Transmission, is now incorrect. At the time, the community did not have access to the wiki and it could not be updated.

I deleted my rule and created a new one, only difference being that NAT firewall interface changed from “automatic” to RED. That allowed traffic to destination port 51413 to be DNAT to RED but still DROP_INPUT to GREEN. Transmission still treats the port as closed.

I guess the destination green is not correct. The addon runs on IPFire directly so the destination must be IPFire Firewall. Whatever are you sure what you want to do? I think whatever rule it is, directly to IPFire sounds not really secure. Did i say it before? I have no experience with it ;-))

1 Like

I don"t use this plugin.
If your running this in IPFIRE
I will guess you need 2 firewall rules
1 for port 9091 for green to connect to firewall
and one for transmission to connect to red on port 51413.
hope that helps.

I recognise the security issue, but could put it on a separate IPFire running on Raspberry Pi or similar that has no LAN attached to green.

The rule for port 9091 is not needed. Transmission downloads fine but can’t upload.

If the rule is set with destination as red address, the rule displays “policy blocked”. If set with destination green address, it displays “policy accepted” - but the log shows traffic being dropped and Transmission reports the port blocked.

I said destination Firewall not destination red :wink:

Thanks, that seems to have resolved it.

Previously when I tried to set destination firewall it would not accept the rule and gave a message that “port forward must be to a host, not network”. I guess firewall qualifies has host.