1

It's driving me crazy but I can't figure out how to configure UFW for transmission-daemon.

I have the following rule on UFW

> 51412                      ALLOW       Anywhere                   
> 64000:64999/udp            ALLOW       Anywhere                   
> 64000:64999/tcp            ALLOW       Anywhere

I have the following NAT rules on my ISP box. FW of this box can be disable or enable it has no effect. OrangeBox NAT rules

I tried both following conf for Transmission

"peer-port": 64931,
"peer-port-random-high": 64999,
"peer-port-random-low": 64000,
"peer-port-random-on-start": true,

and

"peer-port": 51412,
"peer-port-random-high": 64999,
"peer-port-random-low": 64000,
"peer-port-random-on-start": false,

Results : If UFW is enabled I get "could not connect to tracker" in transmission.log. The torrent doesn't download or upload (I'm downloading kubuntu image for testing purpose).

If UFW is disabled, everything is ok.

I tried also to use UPNP, it works if UFW is disable, it doesn't if UFW is enable.

There is nothing in the log of ufw. I can see some "allow out" from port 51412 to public IP, but there is no answer (nor blocked or allowed). But as soon as I disable UFW, I can see in transmission.log that I'm connected to tracker and I get 50 peers.

So UFW is clearly blocking something but I can't understand what:

  1. If I don't want to use UPNP, what is wrong with my rules ?
  2. If I want to use UPNP, what rule is missing ? (allowing port 1900 and 1901 doesn't work)

Thank you for any hints !

Improve this question
2
  • what is the UFW loglevel setting?
    – uSlackr
    Commented Apr 26, 2019 at 20:54
  • medium so I can also see the "allow"
    – Okeur
    Commented Apr 26, 2019 at 20:57

1 Answer 1

Reset to default
1

Ok I found the issue, it was a rule in "before.rules" from UFW.

Be careful there are no logs about droped packets because of before rule...

Edit : more details after a comment.

I was working before on a split tunneling with UFW and transmission. So I created a rule in the /etc/ufw/before.rules file. This file contains IPtables formated rules that are applied before the UFW specific rule. So from my understanding, these rules (in before.rules file) are applied by IPTables and not UFW itself. That's why you don't see anything in /var/log/ufw.log about traffic dropped by this rule, because it's not UFW which is handling them. I removed this rule and everything worked as expected...

So guys, be careful with your before and after rules in UFW!

Improve this answer
2
  • Please explain your answer so that other readers can understand it.
    – Biswapriyo
    Commented Apr 30, 2019 at 18:55
  • Done, hope it's more clear now
    – Okeur
    Commented May 1, 2019 at 19:50

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .