What's new

AP mode+port forwarding

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

thielspeaker

New Around Here
I have an asus RT-AC66U (merlin 3.0.0.4.384_82072) which is connected to a wireless router (RT-AC86U) using Access Point (AP) mode.
I want to use RT-AC66U solely as a seedbox for torrents.
LAN IP setting of RT-AC66U is 192.168.10 for static ip and 192.168.1.1 (RT-AC86) for default gateway and DNS.


I installed transmission on RT-AC66U and it works great except port 51413 is not open and trackers are not reachable . (checked from transmission web interface).
I created firewall rules and added the following lines to /jffs/scripts/firewall-start on RT-AC66U.

#!/bin/sh
iptables -I INPUT -p tcp --destination-port 9091 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 51413 -j ACCEPT
iptables -I INPUT -p udp --destination-port 51413 -j ACCEPT


Of course port forwarding to 192.168.1.10 of port 51413 (udp and tcp) is enabled from RT-AC86U (192.168.1.1)

Can anyone help me to resolve this issue?







 
Last edited:
As long as transmission is bound to the LAN network interface and not just the WAN (something you'd have to check), it should work. It shouldn't even require firewall rules since LAN to LAN communications is never firewalled anyway.
 
As long as transmission is bound to the LAN network interface and not just the WAN (something you'd have to check), it should work. It shouldn't even require firewall rules since LAN to LAN communications is never firewalled anyway.

I am seeding my torrents to out of my LAN.

What should I check in this case?
 
I'm not familiar w/ Merlin running on an old MIPS router such as the ASUS RT-AC66U, and there may be others more familiar w/ running transmission from the LAN w/ Merlin who can answer more directly, but in general, if you dump the process table (ps command) from a shell (ssh) and find the transmission process, there's usually a configuration file option on the command line. And within that config file should be an indication of which network interfaces are bound to the process (e.g., 0.0.0.0 would mean all network interfaces).
 
Here are screenshots from transmission UI.



transmission.png
transmission remote.png
 
But that doesn't tell me to which network interfaces the transmission process is bound. I have a suspicion it's only the WAN. And if that's the case, it's inaccessible from the LAN, which is your only option when configured as an AP (WAP). That's why I'd like to see the underlying config file, where the network interfaces bound to the process are defined.

P.S. Notice one of the tabs is titled "Network (WAN)"!
 
But that doesn't tell me to which network interfaces the transmission process is bound. I have a suspicion it's only the WAN. And if that's the case, it's inaccessible from the LAN, which is your only option when configured as an AP (WAP). That's why I'd like to see the underlying config file, where the network interfaces bound to the process are defined.

P.S. Notice one of the tabs is titled "Network (WAN)"!
Thanks very much for kind interest.

here is the ps result

620 admin 32656 S transmission-daemon -g /opt/etc/transmission

and the configuration file is



# cat /opt/etc/transmission/settings.json
{
"alt-speed-down": 50,
"alt-speed-enabled": false,
"alt-speed-time-begin": 540,
"alt-speed-time-day": 127,
"alt-speed-time-enabled": false,
"alt-speed-time-end": 1020,
"alt-speed-up": 50,
"bind-address-ipv4": "0.0.0.0",
"bind-address-ipv6": "::",
"blocklist-enabled": false,
"blocklist-url": "http://list.iblocklist.com/?list=bt_level1",
"cache-size-mb": 2,
"dht-enabled": true,
"download-dir": "/tmp/mnt/sda1/transmission/downloads",
"download-queue-enabled": true,
"download-queue-size": 5,
"encryption": 0,
"idle-seeding-limit": 30,
"idle-seeding-limit-enabled": false,
"incomplete-dir": "/tmp/mnt/sda1/transmission/incomplete",
"incomplete-dir-enabled": true,
"lpd-enabled": true,
"message-level": 1,
"peer-congestion-algorithm": "",
"peer-id-ttl-hours": 6,
"peer-limit-global": 80,
"peer-limit-per-torrent": 30,
"peer-port": 51413,
"peer-port-random-high": 65535,
"peer-port-random-low": 49152,
"peer-port-random-on-start": false,
"peer-socket-tos": "lowcost",
"pex-enabled": true,
"port-forwarding-enabled": true,
"preallocation": 1,
"prefetch-enabled": false,
"queue-stalled-enabled": true,
"queue-stalled-minutes": 30,
"ratio-limit": 2,
"ratio-limit-enabled": false,
"rename-partial-files": true,
"rpc-authentication-required": false,
"rpc-bind-address": "0.0.0.0",
"rpc-enabled": true,

"rpc-port": 9091,
"rpc-url": "/transmission/",

"rpc-whitelist": "127.0.0.1",
"rpc-whitelist-enabled": false,
"scrape-paused-torrents-enabled": true,
"script-torrent-added-enabled": false,
"script-torrent-added-filename": "",
"script-torrent-done-enabled": false,
"script-torrent-done-filename": "",
"seed-queue-enabled": false,
"seed-queue-size": 10,
"speed-limit-down": 1000,
"speed-limit-down-enabled": true,
"speed-limit-up": 200,
"speed-limit-up-enabled": true,
"start-added-torrents": true,
"trash-original-torrent-files": true,
"umask": 18,
"upload-slots-per-torrent": 14,
"utp-enabled": true,
"watch-dir": "/tmp/mnt/sda1/transmission/watchdir",
"watch-dir-enabled": true
}
 
Well it appears it *is* bound to all network interfaces, which is good.

Code:
bind-address-ipv4": "0.0.0.0"
 
Note, I'm not an expert w/ transmission. But just based on overall experience, I *think* what's happening is that port 51413 is only the *initial* port used by remote clients to contact the transmission server, but then those clients are assigned to ephemeral ports in the following range.

Code:
"peer-port-random-high": 65535,
"peer-port-random-low": 49152,

When this happens on the primary router's WAN, those ports are probably opened automatically, perhaps using UPnP, or based on the Peers tab. But when transmission is running behind the WAN on some standalone router, those same ports can't be forwarded from the WAN. IOW, you have to include them as well in your manual port forwarding.

What you could try (assuming the peer table lets you) is change that range to something much much smaller (I personally don't like the idea of leaving that many ports open), then forwarding that range as well to the RT-AC66U.
 
Last edited:
Note, I'm not an expert w/ transmission. But just based on overall experience, I *think* what's happening is that port 51413 is only the *initial* port used by remote clients to contact the transmission server, but then those clients are assigned to ephemeral ports in the following range.

Code:
"peer-port-random-high": 65535,
"peer-port-random-low": 49152,

When this happens on the primary router's WAN, those ports are probably opened automatically, perhaps using UPnP, or based on the Peers tab. But when transmission is running behind the WAN on some standalone router, those same ports can't be forwarded from the WAN. IOW, you have to include them as well in your manual port forwarding.

What you could try (assuming the peer table lets you) is change that range to something much much smaller (I personally don't like the idea of leaving that many ports open), then forwarding that range as well to the RT-AC66U.

Thanks for advice.

Now I found what is the real problem.
Trackers using port 443 are not reachable from transmission running on RT-AC66U.

https://xxxx.xxx.xxx:443
Announce error: Could not connect to tracker - Today 03:06:37 AM
Announce not scheduled
Scrape error: Could not connect to tracker - Today 03:10:10 AM


Port 443 is standard port for https and cannot be redirected.

How can I solve this issue?
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top