Firewall for Transmission

    • OMV 3.x

    This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

    • Firewall for Transmission

      Good evening at all , i need a help for setting correctly the omv firewall rules for Transmission plugin .
      I've follow the Tekkb's thread regardin 'Firewall' and when i put the last rule 'REJECT All' the port of Transmission became in closed state, and router dont recive Upnp.
      My OMV3 IP is : 192.168.0.X and port for Transmission 51413 (default).
      I dont understand how is the correct set for that rule, INPUT?? OUTPUT??
      Any advice will be appreciate!!
      Thank you all !
      Please help me :)
      HP GEN 8 ,SSD OS , 4x4TB WD RED ,16 G ECC Ram
    • Good evening every body , nobody had problem with transmission????
      i post my iptables -L :
      Chain INPUT (policy ACCEPT)
      target prot opt source destination
      ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
      ACCEPT all -- anywhere anywhere
      ACCEPT icmp -- 192.168.0.0/24 192.168.0.3
      ACCEPT tcp -- 192.168.0.0/24 192.168.0.3 tcp dpt:ssh
      ACCEPT tcp -- 192.168.0.0/24 192.168.0.3 tcp dpt:http
      ACCEPT udp -- 192.168.0.0/24 anywhere udp dpt:netbios-ns
      ACCEPT udp -- 192.168.0.0/24 anywhere udp dpt:netbios-dgm
      ACCEPT tcp -- 192.168.0.0/24 192.168.0.3 tcp dpt:netbios-ssn
      ACCEPT tcp -- 192.168.0.0/24 192.168.0.3 tcp dpt:microsoft-ds
      ACCEPT tcp -- anywhere 192.168.0.3 tcp dpt:8443
      ACCEPT tcp -- 192.168.0.0/24 anywhere tcp dpt:9091
      DROP all -- anywhere anywhere


      Chain FORWARD (policy DROP)
      target prot opt source destination
      DOCKER-USER all -- anywhere anywhere
      DOCKER-ISOLATION all -- anywhere anywhere
      ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
      DOCKER all -- anywhere anywhere
      ACCEPT all -- anywhere anywhere
      ACCEPT all -- anywhere anywhere


      Chain OUTPUT (policy ACCEPT)
      target prot opt source destination
      ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
      ACCEPT all -- anywhere anywhere
      ACCEPT tcp -- anywhere anywhere tcp spt:domain
      ACCEPT udp -- anywhere anywhere udp spt:domain
      ACCEPT icmp -- anywhere anywhere
      ACCEPT tcp -- anywhere anywhere tcp dpt:http
      ACCEPT tcp -- anywhere anywhere tcp dpt:8443
      ACCEPT udp -- anywhere 192.168.0.0/24 udp spt:netbios-ns
      ACCEPT udp -- anywhere 192.168.0.0/24 udp spt:netbios-dgm
      ACCEPT tcp -- anywhere 192.168.0.0/24 tcp spt:netbios-ssn
      ACCEPT tcp -- anywhere 192.168.0.0/24 tcp spt:microsoft-ds


      Chain DOCKER (1 references)
      target prot opt source destination
      ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:8888


      Chain DOCKER-ISOLATION (1 references)
      target prot opt source destination
      RETURN all -- anywhere anywhere


      Chain DOCKER-USER (1 references)
      target prot opt source destination
      RETURN all -- anywhere anywhere


      I have tried some configuration find in ubuntu\wiki iptables ,for open the port of transmission without solve the problem.
      For example :
      iptables -A INPUT -m state --state RELATED,ESTABLISHED -p udp --dport 51413 -j ACCEPT
      iptables -A OUTPUT -p udp --sport 51413 -j ACCEPT

      Every advice is well accepted :)
      HP GEN 8 ,SSD OS , 4x4TB WD RED ,16 G ECC Ram
    • I use transmission and do not need to use OMV Firewall rules.

      I need to open apropiate ports on my router , but thats all, no need to touch OMV Firewall.


      PD: Can you please provide a link of your mentioned Tekkb's thread
      OMV 3.0.96 x64 on a HP T510, 16GB CF as Boot Disk & 32GB SSD 2,5" disk for Data, 4 GB RAM, CPU VIA EDEN X2 U4200 is x64 at 1GHz

      Post: HPT510 SlimNAS ; HOWTO Install Pi-Hole ; HOWTO install MLDonkey ; HOHTO Install ZFS-Plugin ; OMV_OldGUI ; ShellinaBOX ;
      Dockers: MLDonkey ; PiHole ;
      Videos: @TechnoDadLife
    • Hi raulfg3 thank's for reply :thumbsup: , the tekkb's thread link is :

      Example of OMV's firewall

      In my case the router have upnp active , and before i put the "last rule" " reject All " the status of the port in transmission was open , also if i dont' make a rule for the transmission web port It 'doesnt work.
      I take away the last rule, and restart transmission service , the state of the port on router , and in transmission web return open, so I think i have to create a rule in INPUT chain, or FORWARD chain , but at the moment I do not find the solution.

      some screenshot of firewall rules in Omv tab :
      Images
      • Schermata a 2017-10-31 18-54-45.png

        116.55 kB, 1,366×768, viewed 237 times
      • Schermata a 2017-10-31 18-54-52.png

        112.82 kB, 1,366×768, viewed 205 times
      HP GEN 8 ,SSD OS , 4x4TB WD RED ,16 G ECC Ram
    • my opinion:

      no need to use OMV Firewall, please delete all rules, and configure your router firewall instead.

      You need to protect your local LAN from outside (INTERNET), not your OMV NAS from your local lan, have no sense for me.
      OMV 3.0.96 x64 on a HP T510, 16GB CF as Boot Disk & 32GB SSD 2,5" disk for Data, 4 GB RAM, CPU VIA EDEN X2 U4200 is x64 at 1GHz

      Post: HPT510 SlimNAS ; HOWTO Install Pi-Hole ; HOWTO install MLDonkey ; HOHTO Install ZFS-Plugin ; OMV_OldGUI ; ShellinaBOX ;
      Dockers: MLDonkey ; PiHole ;
      Videos: @TechnoDadLife
    • If you have no idea what are the fw rules actually doIng you need to find out by putting a log rule before the drop all. For debugging purposes change drop to reject also.

      Once rejected traffic gets logged you’ll find out what additional rules do you need. This is rule number two when trying to create a iptables ruleset. Rule number one is create a temporary cron job to flush the rules every five minutes in case you get locked out.

      All those output rules unnecessary default policy is acccept.
      Also as @raulfg3 says if this is home lan, then why the paranoia?
      New wiki
      chat support at #openmediavault@freenode IRC | Spanish & English | GMT+10
      telegram.me/openmediavault broadcast channel
      openmediavault discord server