adminguy
/
IT_Articles

\documentclass[11pt]{article}%Gummi|065|=)\title{\textbf{Transmission Torrent Setup Notes}}\usepackage{graphicx}\usepackage{caption  }\author{Steak Electronics}\date{2019}\begin{document}
%\maketitle

\section{Overview}Transmission is a Bittorrent server that can be deployed on a computer or dedicated seedbox. It's installable with apt-get install transmission-daemon. There is transmission-remote-gtk to view the torrents over the LAN.\section{Setup Notes}I setup transmission behind a VPN, and forward ports appropriately. In order to do this, I have an outbound VPN from my LAN that goes to a remote server, then the ports for transmission are open on the remote server.
\subsection{Setup Start}Install openvpn road warrior from Nyr on github. This is deployed on the remote VPS. Create a client certificate and install that on the LAN seedbox.
\vspace{0.2in}
On server you need to forward ports:
\begin{verbatim}iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 52000 \-j DNAT --to-destination 10.8.0.2:52000iptables -t nat -I PREROUTING -i eth0 -p udp --dport 52000 \-j DNAT --to-destination 10.8.0.2:52000\end{verbatim}In fact, you probably only need one, but here we are opening TCP and UDP. This example assumes you are using the default transmission ports. It's advised to change the default ports.
On transmission daemon client, you don't need anything (for iptables). The remote VPN server does all firewall routing.
\section{What can go wrong}
\subsection{Changing transmission configs}In order to change any settings.json of transmission, you must stop transmission. Otherwise, the running program will overwrite / ignore your changes.
\subsection{/var/lib/transmission/config/settings.json}Make sure peer port is 52000, or whatever you set it to.Disable random peer port (shouldn't be enabled by default).
\vspace{0.2in}
make sure bind-address ipv4 has your vpn address, or make it 0.0.0.0IF you have it to a previous or incorrect ipv4 address, it will look like * (for all ports) in your \# netstat -ano , but it just won't work. TRAP
\vspace{0.2in}
\subsection{All Bittorrent traffic through Transmission}If your vpn for all the traffic is working correctly when you examine ifconfig you will see the packet numbers for eth0 and tun0 be comparable in numbers.
if it seems like eth0 is moving more packets than tun0, your tunnel is not workingthe torrent client is leaking.
Verify it by doing either a netstat or more helpfully a tcpdump for the local interface
\subsubsection{Block WAN traffic to transmission}You can block the WAN traffic that isn't from the VPN to the transmission daemon at the router.
So wan > no vpn > router > seedbox -- BLOCKand on top of that (insert for iptables, not append)
Wan > yes vpn > router > seedbox -- ALLOW
\subsection{RPC}RPC on transmission. This is the protocol that you can access transmission through from another machine.
\textbf{Problem:}Only works through http. If you want it on a VPS, you have a problem (It's not encrypted and passwords are in plain text). There's no way to access the Seedbox remotely (securely).
\textbf{Solution:}Use it through a VPN tunnel. e.g. Transmission-remote-gui.
Force binding of RPC to be only the TUN IP address as well. This way RPC is not accessible from WAN.
\section{Conclusion}

Basically:\begin{itemize}\item install nyr on server\item server, add two prerouting commands (just these two!)\item client, double check transmission settings.json if necessary.\item client, watch /var/log/transmission/, and verify the port is open via transmission-remote-gtk\end{itemize}


\end{document}