Navigation-Menus (Do Not Edit Here!)

Friday, August 19, 2011

How to Enable bit torrent client Behind a PFsense 2 Firewall








pfSense is an awesome toy to mess around with. it comes loaded with features and best part is that its free!!!!
When I started with pfSense I had a hard time getting my torrent client to work behind it.  I googled around but unable to find a useful article so i turned to the good ol' trial and error method.  After several tries I managed to get it working.
Actually once you get a basic idea about how data is handled in pfSense, working with it becomes a very pleasant experience.

so here we go..

Things we need to know
IP of the Router
Wan IP of the PF sense box
Torrent clients Port
IP of the Computer running bit torrent client

for this scenario we are going to use these IP addresses and ports
Bit torrent Client - Utorrent
Router IP - 192.168.2.1
Wan IP - 192.168.2.254
port - 26688
IP of the Computer running bit torrent client - 192.168.1.100


First off we need to make a port forwarding in the router to the Wan interface on the Pfsense Box.
login to your router interface and create a port forwarding for the port you are going to use in utorrent for the WAN IP which is 192.168.2.254 (this can be any port but for now lets just use the same port as the BT client)
have a look in portforward.com if you need any help with this

secondly you need to create 2 Nat rules and associated Firewall rules to allow incoming and outgoing Traffic to the torrent client
you can use the Utorrent's built-in port checker to test the port


Within the PfSense WebUi go to Firewall > NAT to start creating the rules

Creating the NAT Rule to allow Incoming traffic
Interface : WAN (Interface where the traffic is Generated from)
Protocol: TCP (the protocol of the traffic to be forwarded)
Source : No change
(this allows you to match a specific original source of the traffic, and is hidden behind an Advanced button as in most cases it should be "any", allowing all Internet hosts through)
Destination : type- WAN address
(this specifies the original destination IP of the traffic, as seen before being translated, and will usually be "WAN address")
Destination port range - Other / 26688
(this specifies the original destination port of the traffic, it is the outside port or ports you wish to forward. use the port number setup in the port forwarding on the router)
Redirect target IP - 192.168.1.100
(this is the internal IP in other words the IP of the PC you are running PFsense where this traffic will be forwarded)

Redirect target port - Other / 26688
(this is the internal port where this traffic will be forwarded, and is usually the same as the external port as defined in Destination port range)
No XMLRPC Sync - No Change
NAT reflection - Leave the Default value
Filter rule association - Create a new associated filter rule
(this allows you to add an associated filter rule, which gets updated when the port forward is updated)
Click save then apply settings to reload the filters
note - PFsense will automatically create the required Firewall rule for you


Creating the NAT Rule to allow outbound traffic
Interface : LAN
(Select LAN since the outbound traffic is generated from the BT client on the PC which will come to the LAN interface)
Protocol: TCP
Source : No change
Destination : type- LAN address

Destination port range - 26688
Redirect target IP - 192.168.2.1
(use the IP of the router to forward the packets )
Redirect target port - Other / 26688
(use the port number setup in the port forwarding on the router)
No XMLRPC Sync - No Change
NAT reflection - Leave the Default value
Filter rule association - Create a new associated filter rule
(this allows you to add an associated filter rule, which gets updated when the port forward is updated)
Click save then apply settings to reload the filters

go and check in the utorrent client and test the port.

20 comments:

  1. Hi,

    In my environment, all that was needed was to enable Upnp in pfsense 2.0.1. utorrent clients in various PC's on the LAN then had full connectivity without doing any explicit port forwarding or creation of firewall rules.

    ReplyDelete
    Replies
    1. Well i just took Utorrent as a example this guide was to show how to do port-forwarding in PF sense.
      plus enabling UPNP is not a good practice and in some cooperate environments it is a policy to disable it.

      Delete
  2. Excellent HowTo. Thanks!

    ReplyDelete
  3. Thanks!

    I had destination type as LAN instead of WAN, your guide made it work!

    ReplyDelete
  4. awesome tuts..but i have a question in the 2nd rule for LAN imy Pfsense BOX act as the router and my modem is in bridge mode..my pfsense box ip is 192.168.1.1 is this the IP i'll be putting in "Redirect target IP" For LAN Rule

    ReplyDelete
  5. thanks. worked for me!

    ReplyDelete
  6. Thanks man, works like a charm. I do not use upnp.

    ReplyDelete
  7. Thank you for this tutorial. It works great. Question. Is this safe way of setting this up, other words is this the only way to pass torrent traffic to the client threw pfsense. Thank you again for tutorial. Only one i found that matched what i wanted to do.

    ReplyDelete
  8. Since you are not downloading even one kilobyte, the size of the whole downpour will be added to your transfer measurements. Keep in mind, if a client goes underneath a specific proportion on a private tracker, they risk being prohibited forever. https://luckyshiner.com/kickass-torrents-proxy/

    ReplyDelete