Community discussions

 
Inovis
just joined
Topic Author
Posts: 5
Joined: Tue Feb 26, 2019 3:47 pm

Need help opening ports for Torrents on RB2011iLS-IN

Tue Feb 26, 2019 3:51 pm

Good day everyone.

Sorry, but I've been struggling for hours and still could not manage to successfully open ports for my uTorrent software.

I found numerous youtube videos and sites... but I'm realy lost.

Could someone provide me with a simple step-by-step procedure to open ports on my RB2011iLS-IN so that port 12345 is linked to my pc on 192.168.3.45 ?

Thanks a lot for your help,

David
 
christopherh
newbie
Posts: 29
Joined: Sun Feb 24, 2019 7:43 am
Location: Sydney, Australia

Re: Need help opening ports for Torrents on RB2011iLS-IN

Wed Feb 27, 2019 1:55 pm

Hi Dave,

I certainly hope you are intending to use the bittorrent protocol for seeding Linux ISOs, or other content which is permitted to be torrented and not any copyrighted material.

A Google search for the phrase "configure port forward mikrotik" yielded this as the second result: http://wiki.mikrotik.com/wiki/Manual:IP ... nation_NAT

Cheers,
Christopher H.
 
Inovis
just joined
Topic Author
Posts: 5
Joined: Tue Feb 26, 2019 3:47 pm

Re: Need help opening ports for Torrents on RB2011iLS-IN

Wed Feb 27, 2019 3:01 pm

Good morning Christopher, glad to hear from the community. Just switched to Mikrotik, I normally use Ubiquiti stuff.

Yes we're sharing open source material and we wish to keep a good ratio.

It's not workin. here is what I have done so far :
  • /ip firewall nat add chain=dstnat dst-port=1234 action=dst-nat protocol=tcp to-address=192.168.1.1 to-port=1234
  • /ip firewall nat add chain=dstnat dst-port=1234 action=dst-nat protocol=udp to-address=192.168.1.1 to-port=1234
  • I also have UPnP enabled (Allow To Disable External Interface : Unchecked, Show Dummy Rule Checked
  • I see Bytes and Packets going trough on the NAT Tab for these previous two rules
  • Under uTorrent, I have the same fixed port, Enable UPnP port mapping, Enable NAT-PMP port mapping, add windows firewall exception checked
  • I've allowed the program into my Kaspersky Firewall and Windows Firewall
  • When I check my port on Open Port Check Tool online it says that the port IS open
  • But... Under uTorrent, I get "Results : Port is not open..."

I really don't get it...
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1677
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Need help opening ports for Torrents on RB2011iLS-IN

Wed Feb 27, 2019 8:41 pm

You'll also need to allow the traffic through on firewall, in /ip(v6) firewall filter chain=forward. (On top of dst-nat rules)
 
anav
Forum Guru
Forum Guru
Posts: 2890
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Need help opening ports for Torrents on RB2011iLS-IN

Wed Feb 27, 2019 8:57 pm

You dont need the to port rules in your DST NAT rules if the dst port entered is the same.
For the firewall your need a single rule for the forward chain
add action=accept chain=forward connection-nat-state=dstnat
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
Inovis
just joined
Topic Author
Posts: 5
Joined: Tue Feb 26, 2019 3:47 pm

Re: Need help opening ports for Torrents on RB2011iLS-IN

Wed Feb 27, 2019 9:11 pm

Thanks Sebastia and Anav, but again, I'm not super-technical & knowledgeable... could you please tell me exactly what I gotta do in addition to what I already did?

Thanks a lot, realy appreciated
 
Inovis
just joined
Topic Author
Posts: 5
Joined: Tue Feb 26, 2019 3:47 pm

Re: Need help opening ports for Torrents on RB2011iLS-IN

Thu Feb 28, 2019 3:05 pm

Good morning, seems like just UPnP enabled does the trick ;) I've removed all NAT rules and got good uploads. Thanks!
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1053
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: Need help opening ports for Torrents on RB2011iLS-IN

Thu Feb 28, 2019 3:12 pm

I really can't begin to tell you what a bad idea that is.

So you're downloading P2P, maybe one of the files is infected, this then generates multiple services on the host, all of which then tell your router to open up ports which it does because UPnP is on which then enables more malicious software and activity onto your LAN.

Please do take the time to understand dst-nat and do the job properly as UPnP really is not a lasting solution you should consider.
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
anav
Forum Guru
Forum Guru
Posts: 2890
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Need help opening ports for Torrents on RB2011iLS-IN

Thu Feb 28, 2019 4:11 pm

Concur, turn UPNP off.
Simply create the necessary DST rules as you have done, for the most part they seem fine.
For filter rule as I stated in my above post create a rule allowing those connections.

As to what Steve intimated, I would put your torrent server on its own VLAN with no access to your LAN.
I would have a pc attached to the server and get any files over to your lan by air gap if you wanted them on a LAN, after perusing them with a good virus checker.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
Inovis
just joined
Topic Author
Posts: 5
Joined: Tue Feb 26, 2019 3:47 pm

Re: Need help opening ports for Torrents on RB2011iLS-IN

Thu Feb 28, 2019 9:01 pm

Wow, thank you so much!! I've removed both "Enable UPnP port maping" and "Enable NAT-PMP port maping" in uTorrent.

I've re-created the following :

[admin@MikroTik XXX] /ip firewall nat> add chain=dstnat dst-port=12345 action=dst-nat protocol=tcp to-address=192.168.3.33 to-port=12345
[admin@MikroTik XXX] /ip firewall nat> add chain=dstnat dst-port=12345 action=dst-nat protocol=udp to-address=192.168.3.33 to-port=12345

I've also added :

[admin@MikroTik XXX] /ip firewall filter> add action=accept chain=forward connection-nat-state=dstnat

And seconds after I had 1mb/s upload and green icon at the bottom right of my uTorrent Software.

I have Kaspersky running and it always kept me safe so far. I could definitely connect a dedicated pc on another vLan !

Thanks a lot everyone!
 
anav
Forum Guru
Forum Guru
Posts: 2890
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: Need help opening ports for Torrents on RB2011iLS-IN

Thu Feb 28, 2019 10:14 pm

Awesome and as noted on the NAT rules, For destination NAT if the too port is the same as the destination port in the rule (no translation required), only the destination port need be entered.
There is no harm in entering it twice and its also clear to any reader.
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)

Who is online

Users browsing this forum: No registered users and 24 guests