Firewall/NAT

Hi,

I've just installed m0n0wall 1.3.b13 onto a pcengines ALIX box, everything appears to be perfect except the NAT & firewall configuration for bittorrent.

Upon firing up the bittorrent client (mldonkey 2.9.5) the download speeds are fine, but then begin to degrade, typically reaching zero overnight.
When the box is directly connected to the WAN (ie no NAT/no m0n0wall) this doesn't happen.

My configuration is thus:
NAT TCP ports 6881-6889 from the WAN interface to 192.168.xx.yy, checking 'auto-add firewall rule'

Further investigation shows the firewall logs beginning to fill with:
X LAN 192.168.xx.yy, port 6881 aa.bb.cc.dd, port nnnn TCP

To me it looks like m0n0wall is blocking the replies to torrent packets.

My questions are:
1. Is this really the cause of my degrading download speed or a red herring?
2. Why isn't the default outbound NAT translating 192.168.xx.yy to the WAN address, so the packet gets through? (I assume it's being blocked due to the default private address routing rule)

Thanks for any hints.

Further information:
I turned on the logging for the incoming rule and can see this:

OK WAN aa.bb.cc.dd, port 60713 192.168.xx.yy, port 6881 TCP

followed shortly by:

X LAN 192.168.xx.yy, port 6881 aa.bb.cc.dd, port 60713 TCP

So it is indeed blocking some of the outgoing traffic in direct response to incoming traffic.

Did you remove the "Default LAN -> any" rule?

I had the same problem...

Torrent creates by nature a lot of connections, and not all firewalls/routers can handle that very well.

Go to the "Firewall states displayed" under System -> Advanced and set it to 3000.
With the default settings in utorrent (10 Mbit download) and some downloads, this generates well over 2000 connections, you can see that on the Diagnostics -> Firewall states.

So after 3-4 hours my m0n0wall (Alix 2c) seems to die, at least in can't make any connection trough the wan. But a "Reset state" on Diagnostics saves the day.

I don't know why m0n0wall can't handle these connections, the memory usage is about 30% so no problem there.

The only solution for me so far, is to lower the connections allowed in utorrent.
But if any one has another fix / explanation I'm all ears.

/Christian

I don't know what the issue might be but I've ~1800 states now and the Alix 2c3 have been up for 23 days (rebooted for config change) and the only problem I have is a little slow internet browsing but that might be a configuration mistake by me in the traffic shaping.

I've just tried Azureus and it seems to perform just fine.
So it looks like a problem specific to mldonkey.
Thanks for the suggestions though.

PS. My ALIX2 can handle 2000+ firewall states without breaking a sweat, so that's definitely not an issue for me.