Nice work!
Glad to hear it helped someone.
Did you have any luck with this? I’m trying to convert over to Proton for port forwarding from Mullvad and finding documentation for Proxmox pretty weak.
I have an openwrt LXC container from proxmox helper scripts, and a qbittorrent container from the same. I have Proton working for everything but port forwarding.
I set the static port in qbittorrent to 51820 and I also installed netpmp and iptables to the same lxc. I can’t install netpmp to openwrt container because it only supports an old, bugged out version.
Does qbittorrent need to have the public port in its settings? Or is it supposed to detect that automatically whenever I run natpmpc -g 10.2.0.1 -a 51820 51820 tcp 60 ?
hey mate, yep I got it all set up.
first up - port 51820 is the wireguard port, not the port forwarded from Proton. You need to find the port that is forwarded from proton and configure that in qBittorrent.
For the wireguard setup, I used the instructions here: https://protonvpn.com/support/wireguard-linux I have it running in a Debian LXC, and have configured wireguard as a service in systemd so it’s always running and will reconnect if it drops. This LXC is also setup with custom iptables rules so that it can only send/receive IP traffic through the wireguard tunnel. This is essentially a DIY router with strict firewall rules.
My qBittorrent is in a separate LXC and uses the wireguard LXC as its internet gateway. So qBit can only talk to the internet via the wireguard LXC, and the wireguard LXC can only communicate to the internet via the wireguard tunnel. I assume you are trying to configure something similar given that you have openwrt.
To setup the port forwarding (on the wireguard LXC) I followed these instructions: https://protonvpn.com/support/port-forwarding-manual-setup In these instructions there is a bash script to create a loop to run natpmpc every 45 seconds - when run, it will return the forwarded port to you in the terminal. *This is the port you need to configure in qbit*. As you are using openwrt, you probably need to configure it to forward the port from openwrt to your qbit instance also (I had to do this in my iptables script).
Okay, following the above will get you connected with port forwarding, but it doesn’t tackle any of the automation. let me know if you want any details on how I automated configuring the port number in iptables & qbit.
edit: it’s worth mentioning that, because this is running on a 24/7 server, my connection hasn’t actually dropped since I first configured it over 2 weeks ago - and thus my port number hasn’t changed.
thanks very much! I might have to blow up my OpenWRT container. It does not support natpmp v2023.XXXX which is mandatory. The v2015 that comes in the OpenWRT repo is totally broken and that’s been a huge headache. I can run natpmp fine from qbit’s LXC but the script to update iptables won’t do me much good there. ChatGPT says I can ssh into OpenWRT but that seems needlessly complicated.
Also were you able to test your port via canyouseeme or a similar website? I ran natpmp to get my public port, then I set portchecker to my ProtonVPN IP and public port. I check the port within the 60second window but its closed.
I didn’t actually check. Once I got it set up, I was confident I had it right. It was also pretty clear when my torrents started seeding basically immediately.
Ah it turned out to be the iptable as you said in your first comment.
I ran it from a Debian LXC terminal that I started with the ‘screen’ tool so it’s running in the background and hasn’t changed ports. I’ll figure out some update automation later but it seems like a proper pain in the ass with separate containers in Proxmox
Wouldn’t say it’s a proper main in the ass with proxmox - just a learning curve. Glad you got it working mate.