Firewall for Transmission

  • Good evening at all , i need a help for setting correctly the omv firewall rules for Transmission plugin .
    I've follow the Tekkb's thread regardin 'Firewall' and when i put the last rule 'REJECT All' the port of Transmission became in closed state, and router dont recive Upnp.
    My OMV3 IP is : 192.168.0.X and port for Transmission 51413 (default).
    I dont understand how is the correct set for that rule, INPUT?? OUTPUT??
    Any advice will be appreciate!!
    Thank you all !
    Please help me :)

    HP GEN 8 ,SSD OS , 4x4TB WD RED ,16 G ECC Ram

  • Good evening every body , nobody had problem with transmission????
    i post my iptables -L :
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
    ACCEPT all -- anywhere anywhere
    ACCEPT icmp -- 192.168.0.0/24 192.168.0.3
    ACCEPT tcp -- 192.168.0.0/24 192.168.0.3 tcp dpt:ssh
    ACCEPT tcp -- 192.168.0.0/24 192.168.0.3 tcp dpt:http
    ACCEPT udp -- 192.168.0.0/24 anywhere udp dpt:netbios-ns
    ACCEPT udp -- 192.168.0.0/24 anywhere udp dpt:netbios-dgm
    ACCEPT tcp -- 192.168.0.0/24 192.168.0.3 tcp dpt:netbios-ssn
    ACCEPT tcp -- 192.168.0.0/24 192.168.0.3 tcp dpt:microsoft-ds
    ACCEPT tcp -- anywhere 192.168.0.3 tcp dpt:8443
    ACCEPT tcp -- 192.168.0.0/24 anywhere tcp dpt:9091
    DROP all -- anywhere anywhere



    Chain FORWARD (policy DROP)
    target prot opt source destination
    DOCKER-USER all -- anywhere anywhere
    DOCKER-ISOLATION all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
    DOCKER all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere
    ACCEPT all -- anywhere anywhere



    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
    ACCEPT all -- anywhere anywhere
    ACCEPT tcp -- anywhere anywhere tcp spt:domain
    ACCEPT udp -- anywhere anywhere udp spt:domain
    ACCEPT icmp -- anywhere anywhere
    ACCEPT tcp -- anywhere anywhere tcp dpt:http
    ACCEPT tcp -- anywhere anywhere tcp dpt:8443
    ACCEPT udp -- anywhere 192.168.0.0/24 udp spt:netbios-ns
    ACCEPT udp -- anywhere 192.168.0.0/24 udp spt:netbios-dgm
    ACCEPT tcp -- anywhere 192.168.0.0/24 tcp spt:netbios-ssn
    ACCEPT tcp -- anywhere 192.168.0.0/24 tcp spt:microsoft-ds



    Chain DOCKER (1 references)
    target prot opt source destination
    ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:8888



    Chain DOCKER-ISOLATION (1 references)
    target prot opt source destination
    RETURN all -- anywhere anywhere



    Chain DOCKER-USER (1 references)
    target prot opt source destination
    RETURN all -- anywhere anywhere



    I have tried some configuration find in ubuntu\wiki iptables ,for open the port of transmission without solve the problem.
    For example :
    iptables -A INPUT -m state --state RELATED,ESTABLISHED -p udp --dport 51413 -j ACCEPT
    iptables -A OUTPUT -p udp --sport 51413 -j ACCEPT


    Every advice is well accepted :)

    HP GEN 8 ,SSD OS , 4x4TB WD RED ,16 G ECC Ram

  • I use transmission and do not need to use OMV Firewall rules.


    I need to open apropiate ports on my router , but thats all, no need to touch OMV Firewall.



    PD: Can you please provide a link of your mentioned Tekkb's thread

  • Hi raulfg3 thank's for reply :thumbup: , the tekkb's thread link is :


    Example of OMV's firewall


    In my case the router have upnp active , and before i put the "last rule" " reject All " the status of the port in transmission was open , also if i dont' make a rule for the transmission web port It 'doesnt work.
    I take away the last rule, and restart transmission service , the state of the port on router , and in transmission web return open, so I think i have to create a rule in INPUT chain, or FORWARD chain , but at the moment I do not find the solution.


    some screenshot of firewall rules in Omv tab :

  • my opinion:


    no need to use OMV Firewall, please delete all rules, and configure your router firewall instead.


    You need to protect your local LAN from outside (INTERNET), not your OMV NAS from your local lan, have no sense for me.

    • Offizieller Beitrag

    If you have no idea what are the fw rules actually doIng you need to find out by putting a log rule before the drop all. For debugging purposes change drop to reject also.


    Once rejected traffic gets logged you’ll find out what additional rules do you need. This is rule number two when trying to create a iptables ruleset. Rule number one is create a temporary cron job to flush the rules every five minutes in case you get locked out.


    All those output rules unnecessary default policy is acccept.
    Also as @raulfg3 says if this is home lan, then why the paranoia?

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!