transmission-daemon from external network

[alesdoc]

Dear All,

before I decided to write this post, I have looked for an answer to my problem in the site, but I were not able to find it.

Configuration

• - Ubuntu Karmic Koala
  - transmission-daemon 1.75-0ubuntu2.2

Code: Select all

{
"alt-speed-down": 500,
"alt-speed-enabled": true,
"alt-speed-time-begin": 480,
"alt-speed-time-day": 127,
"alt-speed-time-enabled": true,
"alt-speed-time-end": 0,
"alt-speed-up": 10,
"bind-address-ipv4": "0.0.0.0",
"bind-address-ipv6": "::",
"blocklist-enabled": false,
"dht-enabled": true,
"download-dir": "\/home\/user\/dl\/torrent",
"download-limit": 1000,
"download-limit-enabled": 0,
"encryption": 2,
"incomplete-dir": "\/var\/lib\/transmission-daemon\/info\/Incomplete",
"incomplete-dir-enabled": false,
"lazy-bitfield-enabled": true,
"max-peers-global": 200,
"message-level": 2,
"open-file-limit": 32,
"peer-limit-global": 240,
"peer-limit-per-torrent": 60,
"peer-port": 20683,
"peer-port-random-high": 20500,
"peer-port-random-low": 20599,
"peer-port-random-on-start": true,
"peer-socket-tos": 0,
"pex-enabled": true,
"port-forwarding-enabled": false,
"preallocation": 1,
"proxy": "",
"proxy-auth-enabled": false,
"proxy-auth-password": "",
"proxy-auth-username": "",
"proxy-enabled": false,
"proxy-port": 80,
"proxy-type": 0,
"ratio-limit": 0.2500,
"ratio-limit-enabled": true,
"rename-partial-files": true,
"rpc-authentication-required": true,
"rpc-bind-address": "0.0.0.0",
"rpc-enabled": true,
"rpc-password": "password",
"rpc-port": 9091,
"rpc-username": "transmission",
"rpc-whitelist": "127.0.0.1,*.*.*.*",
"rpc-whitelist-enabled": false,
"speed-limit-down": 1500,
"speed-limit-down-enabled": true,
"speed-limit-up": 50,
"speed-limit-up-enabled": true,
"umask": 2,
"upload-slots-per-torrent": 4,
"watch-dir": "\/home\/user\/dl\/torrent",
"watch-dir-enabled": true
}

The PC is on my DMZ, so using my IP address, acquired through http://www.whatismyip.com/, I can reach it with different services:
- ssh
- http
- ftp
- Remote desktop
- ping
- and so on

Concerning transmission, I can reach it if I am within my network, i.e. http://192.168.1.3:9091, but I am not able to reach if I try outside my network, i.e. http://my_ip_address:9091.

Is there something wrong in my settings?

Someone can help me?

Thanks.

[rb07]

"ratio-limit": 0.2500,

With that willingness to share... I'll give you the same: 25% of the answer:

You have to ma

[alesdoc]

It is the original settings.json file.

Apart from "rpc-whitelist-enabled": false,, I did not modify the other parameters including the "ratio-limit".

Before configure correctly the other parameters I would like to solve my problem.

[papibe]

In my router, when you assign DMZ to a host, it changes the host's LAN IP for a new one, and you have to restart that host in order for the DMZ rule to apply.

The only things that override DMZ are the port forwards you set manually. If you manually port forwarded 9091 to your host and then change your mind and use the DMZ option, it may be possible that 9091 is being forwarded to the (now invalid) Host's old LAN IP.

I would suggest to check all your router's firewall rules, in case 9091 is being forwarded someplace else.

Regards.

[Rolcol]

Wow.. 1.75. Any chance that you can update to 2.11? The problem could have been fixed. I don't immediately see anything wrong with your configuration file so something may be wrong in the network setup.

(Oh, and I don't have anything against you for using a share ratio of .25. I'll help you regardless)

[alesdoc]

by Rolcol
I don't immediately see anything wrong with your configuration file so something may be wrong in the network setup.

I checked and checked again last evening the configuration file and It looks ok to me too.

It has to be something in the network configuration.

@papibe

I checked the DMZ rule and it matches with the Host's LAN IP address. I also forwarded the port 9091, but somehow I am not able to reach it (port 9091 is not blocked by my ISP and I can not understand why I can easily reach port 80 of my HTTP server and not port 9091).

It seems, that http://my_ip_address:9091 can not be redirect correctly to the daemon.

In these days I have scheduled the update of my server O.S., maybe it will solve the problem. I will let you know. Anyway, if you have other suggestions, please share.

Thanks a lot.

[alesdoc]

UPDATE after Server upgrade

• - Ubuntu Server 10.0
  - transmission-daemon 2.04-0ubuntu2
  - port 9091 forwarded in the router (as I did for other ports (22, 80, and so on), which services are working properly)
  - port 9091 opened in the system (both for TCP and UDP protocols)

  Code: Select all

  alessandro@srv-alessandro:~$ sudo iptables -L INPUT
  Chain INPUT (policy ACCEPT)
  target     prot opt source               destination         
  ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
  ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
  ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps 
  ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps 
  ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:9091
  ACCEPT     udp  --  anywhere             anywhere            udp dpt:9091 
  alessandro@srv-alessandro:~$ 
  

ISP is not blocking port 9091, I tested it with http://www.canyouseeme.org/

Success: I can see your service on xxx.xxx.xxx.xxx on port (9091)
Your ISP is not blocking port 9091

Below my "still work in progress" settings.json

Code: Select all

{
    "alt-speed-down": 50, 
    "alt-speed-enabled": false, 
    "alt-speed-time-begin": 540, 
    "alt-speed-time-day": 127, 
    "alt-speed-time-enabled": false, 
    "alt-speed-time-end": 1020, 
    "alt-speed-up": 50, 
    "bind-address-ipv4": "0.0.0.0", 
    "bind-address-ipv6": "::", 
    "blocklist-enabled": false, 
    "dht-enabled": true, 
    "download-dir": "/var/lib/transmission-daemon/downloads", 
    "download-limit": 100, 
    "download-limit-enabled": 0, 
    "encryption": 1, 
    "incomplete-dir": "/home/alessandro/Downloads", 
    "incomplete-dir-enabled": false, 
    "lazy-bitfield-enabled": true, 
    "lpd-enabled": false, 
    "max-peers-global": 200, 
    "message-level": 2, 
    "open-file-limit": 32, 
    "peer-limit-global": 240, 
    "peer-limit-per-torrent": 60, 
    "peer-port": 51413, 
    "peer-port-random-high": 65535, 
    "peer-port-random-low": 49152, 
    "peer-port-random-on-start": false, 
    "peer-socket-tos": 0, 
    "pex-enabled": true, 
    "port-forwarding-enabled": false, 
    "preallocation": 1, 
    "proxy": "", 
    "proxy-auth-enabled": false, 
    "proxy-auth-password": "", 
    "proxy-auth-username": "", 
    "proxy-enabled": false, 
    "proxy-port": 80, 
    "proxy-type": 0, 
    "ratio-limit": 1.2000, 
    "ratio-limit-enabled": true, 
    "rename-partial-files": true, 
    "rpc-authentication-required": true, 
    "rpc-bind-address": "0.0.0.0", 
    "rpc-enabled": true, 
    "rpc-password": "XXX", 
    "rpc-port": 9091, 
    "rpc-username": "XXX", 
    "rpc-whitelist": "127.0.0.1", 
    "rpc-whitelist-enabled": false, 
    "script-torrent-done-enabled": false, 
    "script-torrent-done-filename": "", 
    "speed-limit-down": 100, 
    "speed-limit-down-enabled": false, 
    "speed-limit-up": 25, 
    "speed-limit-up-enabled": true, 
    "start-added-torrents": true, 
    "trash-original-torrent-files": false, 
    "umask": 18, 
    "upload-limit": 100, 
    "upload-limit-enabled": 0, 
    "upload-slots-per-torrent": 14
}

@x190
"download-limit-enabled": 0, s/b true or false
"peer-port-random-high": 20500, s/b 20599
"peer-port-random-low": 20599, s/b 20500
"rpc-whitelist-enabled": false, s/b true

Concerning "download-limit-enabled": 0, s/b true or false - "peer-port-random-high": 20500 - "peer-port-random-low": 20599, I am using the default parameters. I did not change them.

Concerning "rpc-whitelist-enabled": false, I would not that option enabled.

The problem is still there. I can reach the web interface within my network, but it is not reachable from the outside.

I do not know, what else could be or where the mistake is hiding.

Someone is faceing or faced my same problem?

Thanks for your help

[SavSevic]

I'm facing the same problem as you. I can remotely access other services but I can't access transmission.

My config is similar to yours (I can't show you now because I have not access to server now).

I still don't know what I'm doing wrong :S

[ProtocolGeek]

To conclusively test that port 9091 is open in the outbound direction to the Internet (and not being blocked in the outbound direction by your ISP, etc.) then test with http://www.firebind.com.

The Java Applet client plus Firebind server can test any of the 65535 TCP or UDP ports. The way it works is you end the port or ports you want to test, then the Firebind server listens on that port, and then the client on your machine sends packets back and forth to the Firebind server. If the packets transit from your machine to the Firebind server and back intact, then the port is open.

ProtocolGeek

[sperfect]

As described in http://raspberry-at-home.com/making-raspi-visible/
adding these two lines in for port 9091 in /etc/network/if-up.d/secure-rmc solved my problem (after applying all the rest, port forward, settings, etc)

Code: Select all

logger -t iptables "Configuring ip tables for interface $IFACE"
if [ "$IFACE" != "lo" ]; then
NETMASK=$(get_subnet $IFACE)
   iptables -A INPUT -s $NETMASK -i $IFACE -j ACCEPT
   iptables -A INPUT -i $IFACE -p tcp --dport 22 -j ACCEPT
   iptables -A INPUT -i $IFACE -p tcp --dport 9091 -j ACCEPT
   iptables -A INPUT -i $IFACE -p udp --dport 9091 -j ACCEPT
   iptables -A INPUT -i $IFACE -j DROP
fi