QBittorrent port forwarding on Cisco 1941 failing... help please!

Glad18or · ‎05-20-2021

Hi Everyone,

I am trying to achieve a port forward for QBittorrent (P2P torrent traffic) on port 65534 to host 192.168.10.10 from GE0/0 yet QBittorrent is reporting "No Connection" and no traffic is flowing.

Other port forwards like 3389 and 32400 are working as expected, just P2P port forward/NAT I've not been able to get working correctly.

Is anyone able to tell me what I am doing wrong in this configuration?

On a side note, I am relatively new to Cisco configurations so any advise or tips with the configuration overall is encouraged.

Current configuration : 5353 bytes
!
! Last configuration change at 22:03:37 UTC Thu May 20 2021 by cisco.admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname ROUTER01
!
boot-start-marker
boot-end-marker
!
!
no logging console
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
clock timezone UTC 10 0
clock summer-time AEDT recurring 1 Sun Oct 2:00 1 Sun Apr 3:00
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.5.200 192.168.5.255
ip dhcp excluded-address 192.168.5.1 192.168.5.99
!
ip dhcp pool UNSECURE
network 192.168.5.0 255.255.255.0
default-router 192.168.5.254
dns-server 192.168.5.254
!
!
ip domain timeout 2
ip domain name BURNS.local
ip name-server 1.1.1.1
ip name-server 1.0.0.1
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9 sn FGL1552233R
license accept end user agreement
license boot module c1900 technology-package securityk9
!
!
username cisco.admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
redundancy
!
!
!

!
!
class-map match-any INT_GIG0_SHAPING
match any
!
!
policy-map SHAPING_OUTBOUND
class INT_GIG0_SHAPING
shape average 25000000
!
!
!
!
bridge irb
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description AussieBB 250/25 HFC
ip address dhcp
ip access-group INTERNET in
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
service-policy output SHAPING_OUTBOUND
!
interface GigabitEthernet0/1
description LAN
no ip address
duplex auto
speed auto
bridge-group 1
!
interface GigabitEthernet0/1.5
description UNSECURE
encapsulation dot1Q 5
bridge-group 5
!
interface BVI1
description BURNS LAN
ip address 192.168.10.254 255.255.255.0
ip access-group BURNS_LAN in
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
!
interface BVI5
description UNSECURE
ip address 192.168.5.254 255.255.255.0
ip access-group UNSECURE in
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http secure-client-auth
ip http secure-port 8001
ip flow-top-talkers
top 10
sort-by bytes
!
ip dns view default
domain timeout 2
ip dns server
ip nat inside source static tcp 192.168.10.10 32400 interface GigabitEthernet0/0 32400
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.10.10 3389 interface GigabitEthernet0/0 3389
ip nat inside source static tcp 192.168.10.10 25565 interface GigabitEthernet0/0 25565
ip nat inside source static tcp 192.168.10.10 25566 interface GigabitEthernet0/0 25566
ip nat inside source static tcp 192.168.10.10 65533 interface GigabitEthernet0/0 65533
ip nat inside source static tcp 192.168.10.10 65534 interface GigabitEthernet0/0 65534
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XX.X 254
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list extended BURNS_LAN
remark ------------------------TOP DOWN------------------------
permit tcp 192.168.10.0 0.0.0.255 192.168.5.0 0.0.0.255 eq www
deny ip 192.168.10.0 0.0.0.255 192.168.5.0 0.0.0.255
permit ip 192.168.10.0 0.0.0.255 any
ip access-list extended INTERNET
remark --------------------TOP DOWN-------------------
permit udp host 1.1.1.1 host 192.168.10.10 eq domain
permit udp host 1.0.0.1 host 192.168.10.10 eq domain
deny udp any any eq domain
permit tcp host YY.YY.YY.YYY host 192.168.10.10 eq 3389
remark -----------------------------------------------
permit tcp any host 192.168.10.10 eq 25565
permit tcp any host 192.168.10.10 eq 25566
permit tcp any host 192.168.10.10 eq 32400
permit tcp any host 192.168.10.10 eq 65534
permit udp any host 192.168.10.10 eq 65534
remark -----------------------------------------------
permit tcp any any established
remark -----------------------------------------------
permit udp any any
permit icmp any any
permit esp any any
permit gre any any
permit ahp any any
deny ip any any
ip access-list extended UNSECURE
remark -------------------------TOP DOWN-------------------------
permit udp any eq bootpc any eq bootps
permit tcp 192.168.5.0 0.0.0.255 host 192.168.10.10 eq 3389
permit tcp 192.168.5.0 0.0.0.255 host 192.168.10.10 eq 25565
permit tcp 192.168.5.0 0.0.0.255 host 192.168.10.10 eq 25566
permit tcp 192.168.5.0 0.0.0.255 host 192.168.10.10 eq 32400
deny ip 192.168.5.0 0.0.0.255 192.168.10.0 0.0.0.255 log
permit ip 192.168.5.0 0.0.0.255 any
!
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
access-list 100 permit tcp any host 192.168.10.10 eq 65534
!
!
!
!
!
!
!
!
control-plane

!
bridge 1 protocol ieee
bridge 1 route ip
bridge 5 protocol ieee
bridge 5 route ip
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
transport input all
!
scheduler allocate 20000 1000
ntp authenticate
ntp master
ntp update-calendar

ntp server au.pool.ntp.org prefer
end