FreeBSD 9.0
internal network face was opened for any connections.
whitelist settings and othe one reread and rechecked about ~ 50 times. All're made as in instruction.
watching only that messages in messages log file:
Sep 26 18:15:04 estaf transmission-daemon[79085]: UDP Failed to set receive buffer: No buffer space available (tr-udp.c:58)
Sep 26 18:15:04 estaf transmission-daemon[79085]: UDP Failed to set receive buffer: requested 4194304, got 42080 (tr-udp.c:77)
Bat that moment I decided with sysctl kern.ipc.maxsockbuf=10485760 one. anyway - it's not solve problem with authorization.
Client of transmission-daemon is 4.03 version for mac.
daemon version: 2.61 (13407)
on web interface:
"403: Forbidden
Unauthorized IP Address.
Either disable the IP address whitelist or add your address to it.
If you're editing settings.json, see the 'rpc-whitelist' and 'rpc-whitelist-enabled' entries.
If you're still using ACLs, use a whitelist instead. See the transmission-daemon manpage for details."
ifconfig on the client side:
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>
ether .........
inet6 .........en0 prefixlen 64 scopeid 0x4
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active
Code: Select all
cat /usr/local/etc/transmission/settings.json
{
"alt-speed-down": 50,
"alt-speed-enabled": false,
"alt-speed-time-begin": 540,
"alt-speed-time-day": 127,
"alt-speed-time-enabled": false,
"alt-speed-time-end": 1020,
"alt-speed-up": 50,
"bind-address-ipv4": "0.0.0.0",
"bind-address-ipv6": "::",
"blocklist-enabled": false,
"dht-enabled": true,
"download-dir": "\/usr\/home\/iron\/1\/downloads",
"encryption": 1,
"incomplete-dir": "\/usr\/home\/iron\/1\/downloads\/incomplete",
"incomplete-dir-enabled": true,
"lazy-bitfield-enabled": true,
"message-level": 2,
"open-file-limit": 32,
"peer-limit-global": 240,
"peer-limit-per-torrent": 60,
"peer-port": 51413,
"peer-port-random-high": 65535,
"peer-port-random-low": 49152,
"peer-port-random-on-start": false,
"peer-socket-tos": 0,
"pex-enabled": true,
"port-forwarding-enabled": true,
"preallocation": 1,
"proxy": "",
"proxy-auth-enabled": false,
"proxy-auth-password": "",
"proxy-auth-username": "",
"proxy-enabled": false,
"proxy-port": 80,
"proxy-type": 0,
"ratio-limit": 2.0000,
"ratio-limit-enabled": false,
"rename-partial-files": true,
"rpc-authentication-required": true,
"rpc-bind-address": "192.168.1.1",
"rpc-enabled": true,
"rpc-port": 9091,
"rpc-username": "iron",
"rpc-password": "111",
"rpc-whitelist": "192.168.1.2",
"rpc-whitelist-enabled": true,
"speed-limit-down": 100,
"speed-limit-down-enabled": false,
"speed-limit-up": 100,
"speed-limit-up-enabled": false,
"umask": 18,
"upload-slots-per-torrent": 14
}
iron transmissi 79336 7 tcp4 *:9091 *:*
pf.conf
Code: Select all
cat /etc/pf.conf
ext_if="tun0"
ext_local="rl0"
int_if="nfe0"
icmp_types="{ echoreq, unreach}"
trusted_lan="{ 192.168.1.0/24, 192.168.2.0/24 }"
untrusted_lan="10.0.0.0/8"
vpn_net="192.168.11.0/24"
table <vpn_net> { 192.168.11.0/24 }
vpn_if="{ ng0, ng1, ng2, ng3, ng4, ng5, ng6, ng7, ng8, ng9, ng10, ng11, ng12, ng13, ng14, ng15, ng16, ng17, ng18, ng19, ng19, ng20, ng21, ng22 }"
localnet="127.0.0.0/8"
tcp_services="{ 20, 21, 1723, 5901 }"
udp_services="{ 5901, 1723 }"
vpn_ports="{ 3389, 20165 }"
set block-policy return
set skip on lo0
set skip on $int_if
scrub in all
nat on $ext_if from $trusted_lan to any -> ($ext_if)
nat on $ext_local from $trusted_lan to any -> ($ext_local)
antispoof quick for ($ext_if)
antispoof quick for ($ext_local)
block log all
pass out on $ext_if from ($ext_if) to any
pass out on $ext_if from $trusted_lan to any
pass out on $ext_local from ($ext_local) to any
pass out on $ext_local from $trusted_lan to any
pass log inet proto icmp all icmp-type $icmp_types
# pptp
pass in on $ext_if proto tcp from any to ($ext_if) port $tcp_services flags S/SA
pass in on vpn_if proto tcp from <vpn_net> to <vpn_net> port $vpn_ports
pass out on vpn_if proto tcp from <vpn_net> to <vpn_net> port $vpn_ports
#pass in on ng0 proto { tcp, udp } from any to <vpn_net> port $vpn_ports
#pass in on ng1 proto { tcp, udp } from any to <vpn_net> port $vpn_ports
Чем его бороть, этот суперпупер даемон, блин)))