UFW port forwarding trouble [solved]

[jerol]

Hey, I'm no longer on gentoo, but since you guys are always so useful and knowledgeable, I thought I might aswell give it a try. Networking has been something I've always struggled with and I'd like to learn more but it sometimes makes my head hurt :S

Been battling with this for a bit and would like some insight.

Forwarded a port on my VPN, now that's all good and I thought I was pretty much set but I was wrong. I followed the ufw gentoo wiki page and created a very simple configuration:

[NeddySeagoon]

jerol,

We need t understand your network topology together with the location in that topology of your VPN and firewall.
A little bit of ASCII art goes a long way, or a picture is worth 1k words :)
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

[jerol]

Sorry, for not providing I hope these help.

UFW Status: https://bpa.st/N5CQ

UFW Config: https://bpa.st/4VBQ (Also I have no idea as to why the file is named: "ufw-bittorent", but it seems to work. I think it was previously named "ufw-bittorrent", but I don't remember renaming it at all.)

AirVPN Port: https://imgur.com/a/WD7oHM8

I'm also willing to configure this all in iptables if it doesn't work out this way, but first I need to do a bit of studying on it :p

[NeddySeagoon]

jerol,

By topology' I mean describe how the various systems are interconnected.

e.g. I have a boundary firewall on one system that looks after my entire home network..
I have a DMZ, a protected and untrusted zones.
The DMZ is for servers. Any permitted uninvited incoming traffic is DNATed there.
Untrusted is anything not Gentoo. TV, Mobile Phones and so on, that cannot be trusted.

DMZ can make permitted connections to the internet.
Untrusted can make permitted connections to DMZ and internet but not to trusted.
Trusted can make permitted connections anywhere.

My firewall is paranoid.
By default, incoming is DROPed and outgoing is REJECTed.

You need not be doing it all on one system. That matters.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

[jerol]

I'll try to explain it however I can, but I can just say that mine isn't complex. I only have my gateway (with a somewhat configured firewall on it), this pc (with ufw on it) and the VPN.

But I think I figured it out, the port showed as closed because nothing was listening to it apparently? As soon as I opened qBittorrent it showed as open in https://canyouseeme.org/, I also changed the UFW config file to include both 3997/tcp & 3997/udp after forwarding it for both protocols in the VPN.

Edit: Still not able to seed for some reason, even though there are plenty of peers and almost no seeds. I'm a bit conflicted on if the port number matters, some say it's better to be in the 50-60k range. I think I'm wrong since there seems to be no "perfect" port, as long as I can open it to the world, and I indeed can when https://canyouseeme.org/ shows me that it can see the service.

I think it was down to peers, the good thing is that it works now.