Split Nox-WebUI Traffic from Torrent Traffic

Linux specific questions, problems.
Post Reply
travisjayclark

Split Nox-WebUI Traffic from Torrent Traffic

Post by travisjayclark »

Goal: To have torrent traffic running through only network interface tun0 and access the webUI through eth0.

System- trying on both RPi3- Raspbian and Ubuntu 14 lts the qbittorrent-nox install seemed the same on both simply using apt-get install.
VPNService from FrootVPN. - Although this seems irrelevant to the results.
WebUI running on port 8080 per default config.

Setup based on - https://github.com/qbittorrent/qBittorr ... d-newer%29

Things I have tried:

I added the following lines for my config file and restarted the server.

Connection\Interface=tun0
Connection\InterfaceListenIPv6=false
Connection\InterfaceName=tun0

Oddly enough I expected this to bind the connection to tun0 as it works in the non-nox version.  I tested by starting an Ubuntu.iso torrent while connected to vpn (tun0) and the torrent started.  I killed the vpn session and tun0 was gone from my interfaces.  The download continued.  I restarted the server and brought up qbittorrent and the DL still continued.  So it appears that adding that to my config file did not actually prevent it from using other interfaces.

When connected to the vpn it also forwarded the webUI along the vpn connection.  So I could actually pull up my webUI from my external facing swedish IP address at the end of the tunnel!  Cool but not what I want at all, seems like a security risk for me.

I spent a few hours digging through this forum, and other help sites and google searches.  None of the results are really qbittorrent specific it seem like alot of people use rtorrent and transmission in this situation.

There was half a solution to run qbittorent through a VM(and have the VM traffic routed differently), but that would not split the webUI traffic from the torrent traffic.  It also seems like a waste of system resources to run an entire VM just to route traffic differently.

There was a solution using namespace to route all traffic from a specific user a certain way.  I believe this probably a good solution however it is above my head quite honestly I don't understand it.  And I guess I would need different rules for the same qbittorrent user to spit the traffic.

The solution I am leaning towards it in my vpn client config to end the automated route pushes and specify 1 port to route instead.  If I make sure that same port is used for torrent traffic.  Then I should be good right?  Is there anything else I need to consider?  Maybe I can use iptables  to only open that port when the vpn is running and then close it when vpn is off?  Does that make sense and cover everything?

Would it help to set up the web UI to run through an apache webserver?  Are there any built in was to make this work?  Like bind the webUI to eth0 and the torrents to tun0 in the config?  Any advice would be appreciated.
Zongdang
Newbie
Newbie
Posts: 10
Joined: Fri Jan 05, 2018 9:31 pm

Re: Split Nox-WebUI Traffic from Torrent Traffic

Post by Zongdang »

Did you ever find a solution to this issue?  I am interested in doing the same thing with a Pi zero.  I have nox working there just fine and can access through the Web interface but I too want to use my VPN with tun0 for downloading and still access the WebUI locally through eth0.
sebstr

Re: Split Nox-WebUI Traffic from Torrent Traffic

Post by sebstr »

[quote="travisjayclark"]
Goal: To have torrent traffic running through only network interface tun0 and access the webUI through eth0.

System- trying on both RPi3- Raspbian and Ubuntu 14 lts the qbittorrent-nox install seemed the same on both simply using apt-get install.
VPNService from FrootVPN. - Although this seems irrelevant to the results.
WebUI running on port 8080 per default config.

Setup based on - https://github.com/qbittorrent/qBittorr ... d-newer%29

Things I have tried:

I added the following lines for my config file and restarted the server.

Connection\Interface=tun0
Connection\InterfaceListenIPv6=false
Connection\InterfaceName=tun0

Oddly enough I expected this to bind the connection to tun0 as it works in the non-nox version.  I tested by starting an Ubuntu.iso torrent while connected to vpn (tun0) and the torrent started.  I killed the vpn session and tun0 was gone from my interfaces.  The download continued.  I restarted the server and brought up qbittorrent and the DL still continued.  So it appears that adding that to my config file did not actually prevent it from using other interfaces.

When connected to the vpn it also forwarded the webUI along the vpn connection.  So I could actually pull up my webUI from my external facing swedish IP address at the end of the tunnel!  Cool but not what I want at all, seems like a security risk for me.

I spent a few hours digging through this forum, and other help sites and google searches.  None of the results are really qbittorrent specific it seem like alot of people use rtorrent and transmission in this situation.

There was half a solution to run qbittorent through a VM(and have the VM traffic routed differently), but that would not split the webUI traffic from the torrent traffic.  It also seems like a waste of system resources to run an entire VM just to route traffic differently.

There was a solution using namespace to route all traffic from a specific user a certain way.  I believe this probably a good solution however it is above my head quite honestly I don't understand it.  And I guess I would need different rules for the same qbittorrent user to spit the traffic.

The solution I am leaning towards it in my vpn client config to end the automated route pushes and specify 1 port to route instead.  If I make sure that same port is used for torrent traffic.  Then I should be good right?  Is there anything else I need to consider?  Maybe I can use iptables  to only open that port when the vpn is running and then close it when vpn is off?  Does that make sense and cover everything?

Would it help to set up the web UI to run through an apache webserver?  Are there any built in was to make this work?  Like bind the webUI to eth0 and the torrents to tun0 in the config?  Any advice would be appreciated.
[/quote]

It's easy. You just have to setup static routing.

Add this to your

Code: Select all

/etc/network/interfaces
file

Code: Select all

auto ethX
iface ethX inet static
      address <your IP>
      netmask <your netmask>
      up route add -net <ip for internal network 1> netmask <netmask network1> gw <gateway network1>
      up route add -net <ip for internal network 2> netmask <netmask network2> gw <gateway network2>
Add more networks as needed.
Post Reply