Open ports for Deluge Docker on XG firewall

Follow this KBA. 

https://community.sophos.com/kb/en-us/122976

You need a DNAT (Destination NAT). 

Hi.  I'm using torrent client deluge in a docker container.  I access this container via nas ip:8XXX.  I'd like to be able to seed.  What should be the port numbers on the service that I'll be creating?  in Destination & service section under Services- From (Source)1:65535 to (Destination)12345:12390?  I have under deluge Incoming ports and outgoing ports both 12345:12390.  In Forward to section, what should be the numbers to the Mapped port?  I guess this should be 8XXX to direct connections to the deluge docker container?  

BUMP!

BUMP!

Hi.  I'd like to revisit this again, as I wasn't able to get this fully working.  

So I use XG SFOS 17.5.10 MR-10.  I have a NAS, running Docker.  I have a Docker app called Deluge for torrent downloading, hence need seeding as well.  

As I understand it, I have to open a port, using DNAT business rule.  The following are steps I've taken:

• Created a business application rule, DNAT
• Under Source Zones, put in WAN, Allowed client networks-ANY, in Destination Host, put in Port#2, my WAN port, under Services, add new, Create New Services, Deluge, Protocol UDP, Source port 1:65535, Destination port xxxxx. (This is the port I put in incoming port of deluge)
• Protected Servers: NAS. Mapped port yyyyy (port  where I can access deluge container inside NAS). I'm assuming all that will be incoming to xxxxx, will be forwarded to NAS:yyyyy. As each port in NAS External has to be mapped to a  corresponding port in Docker container.  

With this, when I use canyouseeme.org, and check port xxxx, it says it's open.  

I'm not sure if it's truly open though.  After downloading a new file, popular one, I don't see anyone  upload activity.  Ratio not increasing.  As this could be perfectly normal, I made sure to get the most popular ones, newly released, and still the same.  How do I check this?

Hi,

Who initiates the original connection, the docker server or someone outside connecting to the docker server?

Ian

My purpose is to open port for sharing, as I can download files successfully.  I assume it's from outside coming in.

Hi.  I use canyouseeme.org to check whether ports for torrents are open.  It says it's open.  Somehow, I feel I'm not uploading, seeding effectively.  I see this in my logfiles.  Please help check why am I seeing this.  Could this be the reason I'm not seeding as much?  

Hi,

they are dead connections which have usually timed out.

Ian

so these means they are non-issue?  

So far, the logs don't show other problems regarding that same IP address where p2p is running.  Canyouseeme- open- good enough?  Or are there other steps to perform? 

Unlikely, you need to open any DNAT for this purpose. Those Apps are likely build to be initiator. 

As Ian wrote, those invalid Traffic alerts are cosmetic. https://community.sophos.com/kb/en-us/131754

You need to figure out, which Port is used and if my statement is true about NAT. 

This are the steps I've taken:

• Created a business application rule, DNAT
• Under Source Zones, put in WAN, Allowed client networks-ANY, in Destination Host, put in Port#2, my WAN port, under Services, add new, Create New Services, Deluge, Protocol UDP, Source port 1:65535, Destination port xxxxx. (This is the port I put in incoming port of deluge)
• Protected Servers: NAS. Mapped port yyyyy (port  where I can access deluge container inside NAS). I'm assuming all that will be incoming to xxxxx, will be forwarded to NAS:yyyyy. As each port in NAS External has to be mapped to a  corresponding port in Docker container.  

Anything that I missed?

The NAT seems to be fine. 

Thank you.  I guess that's it.

Thank you.  I guess that's it.