Ok so I went back and stopped the daemon and made sure rpc was enabled and the whitelist was disabled, here is a copy of my settings :
{
«alt-speed-down»: 50,
«alt-speed-enabled»: false,
«alt-speed-time-begin»: 540,
«alt-speed-time-day»: 127,
«alt-speed-time-enabled»: false,
«alt-speed-time-end»: 1020,
«alt-speed-up»: 50,
«bind-address-ipv4»: «0.0.0.0»,
«bind-address-ipv6»: «::»,
«blocklist-date»: 1284303977,
«blocklist-enabled»: false,
«blocklist-updates-enabled»: true,
«dht-enabled»: true,
«download-dir»: «/home/brandon/Downloads»,
«encryption»: 1,
«filter-mode»: «show-all»,
«incomplete-dir»: «/home/brandon/Downloads»,
«incomplete-dir-enabled»: false,
«inhibit-desktop-hibernation»: false,
«lazy-bitfield-enabled»: true,
«main-window-height»: 500,
«main-window-is-maximized»: 0,
«main-window-layout-order»: «menu,toolbar,filter,list,statusbar»,
«main-window-width»: 467,
«main-window-x»: 50,
«main-window-y»: 50,
«message-level»: 2,
«minimal-view»: false,
«open-dialog-dir»: «/home/brandon»,
«open-file-limit»: 32,
«peer-limit-global»: 240,
«peer-limit-per-torrent»: 60,
«peer-port»: 51413,
«peer-port-random-high»: 65535,
«peer-port-random-low»: 49152,
«peer-port-random-on-start»: false,
«peer-socket-tos»: 0,
«pex-enabled»: true,
«play-download-complete-sound»: true,
«port-forwarding-enabled»: true,
«preallocation»: 1,
«prompt-before-exit»: true,
«proxy»: «»,
«proxy-auth-enabled»: false,
«proxy-auth-password»: «»,
«proxy-auth-username»: «»,
«proxy-enabled»: false,
«proxy-port»: 80,
«proxy-type»: 0,
«ratio-limit»: 2.0000,
«ratio-limit-enabled»: false,
«rename-partial-files»: true,
«rpc-authentication-required»: false,
«rpc-bind-address»: «0.0.0.0»,
«rpc-enabled»: true,
«rpc-password»: «{7a2106cf3cea9d3f0f441f43d0732f80ca117948zOlM4FoI»,
«rpc-port»: 9091,
«rpc-username»: «brandon»,
«rpc-whitelist»: «192.168.2.4»,
«rpc-whitelist-enabled»: false,
«show-backup-trackers»: false,
«show-desktop-notification»: true,
«show-extra-peer-details»: false,
«show-filterbar»: true,
«show-notification-area-icon»: false,
«show-options-window»: true,
«show-statusbar»: true,
«show-toolbar»: true,
«show-tracker-scrapes»: false,
«sort-mode»: «sort-by-name»,
«sort-reversed»: false,
«speed-limit-down»: 100,
«speed-limit-down-enabled»: false,
«speed-limit-up»: 100,
«speed-limit-up-enabled»: false,
«start-added-torrents»: true,
«statusbar-stats»: «total-ratio»,
«trash-original-torrent-files»: false,
«umask»: 18,
«upload-slots-per-torrent»: 14,
«user-has-given-informed-consent»: true,
«watch-dir»: «/home/brandon/Downloads»,
«watch-dir-enabled»: false
}
Then rather than just restarting the daemon I rebooted my server and when i went to the address http://192.168.2.3:9091/ I still get the exact same message :
403: Forbidden
Unauthorized IP Address.
Either disable the IP address whitelist or add your address to it.
If you’re editing settings.json, see the ‘rpc-whitelist’ and ‘rpc-whitelist-enabled’ entries.
If you’re still using ACLs, use a whitelist instead. See the transmission-daemon manpage for details.
The command I am using to pull up my settings file is sudo gedit ~/.config/transmission/settings.json is it possible that transmission is actually looking at a different settings file somewhere else?
Проблема связана с тем, что по умолчанию TCP\8090 transmission «светит» в интернет и из вне боты могут пытаться подобрать пароль — брутфорсить.
После несколько попыток неудачного подбора пароля, RPC блокирует доступ в веб и пока демон не будет перезапущен, доступ не появится.
В будущих версиях планируется исправления данной проблемы.
На счет TCP\8090, сейчас его можно зафильтровать в межсетевом экране на интерфейсе, через который вы выходите в интернет.
Пример:
Добавьте запрещающее правило для TCP\8090:
И чтобы управлять загрузками через Transmission Remote, потребуется настроить домен 4го уровня:
В настройках сервера на стороне Remote указываете:
Получаете защищенный, зашифрованный доступ в RPC торрент-клиента.
——
@yerebakan Add a firewall rule for TCP\8090 in CLI, example:
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
Sign in
to your account
Closed
amandamana opened this issue
Aug 19, 2021
· 6 comments
Comments
The remote access web interface when set to require authentication stops working after a few days, apparently due to erroneously detecting a brute force attack. I’ve seen this using a normal install of version 3.00 on macOS in a secure LAN, where actual unsuccessful login attempts are extremely unlikely.
This issue was seen as far back as Oct 2020.
More information in this longer thread of both docker and normal installations.
Can confirm — quite annoying at times.
There seem to be changes in master (see pull #1447) that allow configuration and the ability to disable the brute force protection but no official release for that yet.
Can also confirm. Logins are limited to IPs on my machine so I know it’s not external unsuccessful logins.
I have upgraded my debian from buster to bullseye and this induced transmission to be upgraded from 2.94 to 3.0 . Previously with transmission 2.94 or even older versions I did not have this issue. Could anybody support us somehow, to avoid this issue?
Sorry, I have forgotten to reply on this topic. In my case I had a perl script triggered by cron. This script tried to gain up- and download statistics information into an rrdtool database. Something was wrong with that script, I did not bother with it at least 1 year. I simply deactivated that script because it was not really important for me and since some weeks transmission 3.0 is working fine for me.
This was referenced
Nov 12, 2022
Transmission Remote GUI 403 Forbidden, please help
Hi, I am trying to set up Transmission (installed on Ubuntu Mate), and remote-GUI it from a local Windows 10 system.
After setting the hostname and user/password, I have been able to access the webclient from the Ubuntu Mate system.
However, attempting remote from Windows throws me this error:
403: Forbidden Unauthorized IP Address. Either disable the IP address whitelist or add your address to it. If you're editing settings.json, see the 'rpc-whitelist' and 'rpc-whitelist-enabled' entries. If you're still using ACLs, use a whitelist instead. See the transmission-daemon manpage for details.
Naturally, I have gone to Google it. But all of them (are 2016 and older threads) mention a transmission-daemon folder in /home/*/.configs, but I do not have such a folder. Instead, I only have a transmissions folder, with a similar settings.json that everyone else talks about, with the same rpc-whitelist entries.
However, even after editing that with root, and stopping and re-starting transmission-daemon, I still get the same error. I have closed the settings.json and re-opened it to check that my edits have persisted, they have.
I have also manually created a transmissions-daemon folder and copied the editted settings.json, it doesn’t seem to affect anything.
Does anyone know what I should do instead?
Не могу завести веб-интерфейс для сабжа. На данный момент конфиг выглядит так:
$cat /etc/transmission-daemon/settings.json
{
«blocklist-enabled»: 0,
«download-dir»: «\/var\/lib\/transmission-daemon\/downloads»,
«download-limit»: 100,
«download-limit-enabled»: 0,
«encryption»: 1,
«max-peers-global»: 200,
«peer-port»: 51413,
«pex-enabled»: 1,
«port-forwarding-enabled»: 0,
«rpc-authentication-required»: false,
«rpc-password»: «transmission»,
«rpc-port»: 9091,
«rpc-username»: «transmission»,
«rpc-whitelist»: «127.0.0.1,192.168.1.4»,
«rpc-whitelist-enabled»: true,
«rpc-enabled»: true,
«upload-limit»: 100,
«upload-limit-enabled»: 0
}
Упорно получаю
403: Forbidden
Unauthorized IP Address.
Either disable the IP address whitelist or add your address to it.
If you’re editing settings.json, see the ‘rpc-whitelist’ and ‘rpc-whitelist-enabled’ entries.
If you’re still using ACLs, use a whitelist instead. See the transmission-daemon manpage for details.
Все это под debian sqeeze. Что не так?
Upd: Вопрос в догонку, может быть посоветуете еще какой-нибудь консольный торрент клиент? Важна простота добавление торрентов и наличие либо веб-морды, либо что-то типа Transmission Remote GUI, причем кроссплатформеного — пользоваться будет все семейство.