"Enter"a basıp içeriğe geçin

How to Install Headless Torrent Server in FreeBSD 11.2-RELEASE

Hello everyone,

This is how you can install a headless torrent server (transmission-daemon) in FreeBSD 11.2 so you can keep feeding the internet also the world.

You just need a VPS which has a reachable IP address but please keep that in mind this document has been prepared for IPv4. IPv6 configuration might need some extra work to do beside this blog post. Enjoy it!


First of all, if you do not have any idea what’s FreeBSD, please refer here.

So it’s a free-software distribution developed by a large community in all over the world.

I’m a GNU/Linux System Engineer myself but I think I have a special interest for BSD kernel and its distributions all the time. So one day I spawned up a droplet through DigitalOcean with a FreeBSD cloud image pre-installed and it was ready to ssh (which I find so cool). I’m going to explain in this blog post technically how to install and configure transmission torrent server in FreeBSD 11.2 release and gonna mention some system administration practices such as firewalling in FreeBSD etc.

I hope no one is going to be mad at me from BSD community ((i have doubts if it even exists in Turkey but whatever) if I do some mistakes in this blog post technically (or, culturally I would say) because I have very strict GNU/Linux habits and it’s hard to switch my entire skill set to do the same thing with different ways is not a piece of cake that easily for me.


Prior proceed with the transmission server installation, we need to check and fix couple of things because it’s going to be a production torrent server.

  1. OpenSSH configuration
  2. Package/Kernel Updates
  3. Firewall (PF)
1. User Management, Authorization and OpenSSH

OpenSSH is pretty much the same software as we’re always using in our favorite GNU/Linux Distros (ok ok also in Mac too) but we need to ensure some of the openssh-server configuration.

I’m a fanatic of Math and Cryptology Science so I always trust to Math when it comes to authentication. I always disable password authentication for any user and permit root login for any method (cryptic or not). So ensure you have a RSA key-pair to use it for secure authentication.

First we need to create an admin user, it’s very simple, run below command and follow up with the instructions in CLI :

Note: make sure that this user is a member of “wheel” group because we need sudo to become root.

# adduser

Ensure /usr/local/etc/sudoers file has the correct configuration for wheel group :

# vi /usr/local/etc/sudoers ---  yeah I know what you're thinking "vi" is the default text editor in FreeBSD

%wheel ALL=(ALL) ALL

Copy your ssh public key to your newly created user’s home directory and make sure you can SSH without problem with that user

Now harden your openssh server a little bit :

# vi /etc/ssh/sshd_config PermitRootLogin no PasswordAuthentication no

I never open my root user to the world (better safe and “little paranoid” than sorry) but below also a good option :

PermitRootLogin without-password

Restart your service :

# service sshd restart

BSD distros are systemd-free operating systems. I hate that shit to be honest and trying to find some peace in my free times via tinkering BSD systems recently.

2. Package Management

pkg is the package manager for FreeBSD. There’s an also another popular way to install stuff in FreeBSD which is called “ports”. I enjoy it a lot myself but it seems like it’s compiling the source code and its dependencies all the time to install programs on your computer, I’m pretty sure that the binaries will be pretty stable btw, however; I’m going to install stuff via pkg package manager to not waste much of your time in this blog post.

Update your package index :

$ sudo pkg update

Upgrade your packages :

$ sudo pkg upgrade

Reboot (if necessary)

3. Firewalling in BSD (PF)

Packet Filter (from here on referred to as PF) is OpenBSD’s system for filtering TCP/IP traffic and doing Network Address Translation. PF is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization. PF has been a part of the GENERIC kernel since OpenBSD 3.0. For more info, please refer here.

In order to enable pf (or all services) we need to manipulate old-good rc files.

Run below commands to enable PF in the system :

$ sudo sysrc pf_enable="YES"
$ sudo sysrc pf_rules="/usr/local/etc/pf.conf"
$ sudo sysrc pflog_enable="YES"
$ sudo sysrc pflog_logfile="/var/log/pflog"

If my understanding is correct, above sysrc is a tool to safely edit system rc files so it simply adds above configuration to /etc/rc.conf if you do not say the otherwise. Now as you can see we’ve configured PF to look for its rules on /usr/local/etc/pf.conf. Here’s my pf.conf for a FreeBSD transmission server and some extra cool stuff like some preventions for SSH bruteforce attacks :

me="vtnet0" table persist icmp_types = "echoreq" junk_ports="{ 135,137,138,139,445,68,67,3222 }" junk_ip="" martians = "{,,, \,,, \, }" set loginterface vtnet0 scrub on vtnet0 reassemble tcp no-df random-id # ---- First rule obligatory "Pass all on loopback" pass quick on lo0 all # ---- Block junk logs block quick proto { tcp, udp } from any to $junk_ip block quick proto { tcp, udp } from any to any port $junk_ports # --- Drop Martians block drop in quick on $me from $martians to any block drop out quick on $me from any to $martians # --- antispoof quick for $me # ---- Second rule "Block all in and pass all out" block in log all pass out log all keep state ############### FIREWALL ############################################### # ---- Allow all traffic from my VPN pass quick proto {tcp, udp} from to $me keep state # ---- block SMTP out block quick proto tcp from $me to any port 25 # ---- Allow incoming Web/Transmission traffic pass quick proto tcp from any to $me port { 80, 443, 9091, 51413 } flags S/SA keep state pass quick proto udp from any to $me port { 123, 51413 } # ---- Allow my team member SSH access pass quick proto tcp from any to $me port ssh flags S/SA keep state # ---- Block bruteforcers block log quick from # ---- Allow SSH from trusted sources, but block bruteforcers pass quick proto tcp from any to $me port ssh \ flags S/SA keep state \ (max-src-conn 10, max-src-conn-rate 20/60, \ overload flush global) # --- # ---- Allow ICMP and be a Good Sysadmin pass in inet proto icmp all icmp-type $icmp_types keep state pass out inet proto icmp all icmp-type $icmp_types keep state # ---- This is for high TCP ports, you'll need it if you use ssh -D to this server for example. pass out inet proto tcp from $me to port > 50276 keep state

Run checks in case of you have any faulty configuration :

$ sudo service pf check

Checking pf rules.

Start the pf :

$ sudo service pf start

Now we have a secure FreeBSD VPS ready to serve anything on the internet!

Installing Torrent Server

In order to install torrent server, run below command :

$ sudo pkg install transmission-cli transmission-daemon transmission-web

Enable it in the rc :

$ sudo sysrc transmission_enable="YES"

You will need a settings.json file for transmission server configuration, my configuration with rpc-enabled can be found below :

$ sudo vi /usr/local/etc/transmission/home

"alt-speed-down": 50,
"alt-speed-enabled": false,
"alt-speed-time-begin": 540,
"alt-speed-time-day": 127,
"alt-speed-time-enabled": false,
"alt-speed-time-end": 1020,
"alt-speed-up": 50,
"bind-address-ipv4": "",
"bind-address-ipv6": "::",
"blocklist-enabled": false,
"blocklist-url": "",
"cache-size-mb": 4,
"dht-enabled": true,
"download-dir": "/usr/local/etc/transmission/home/Downloads",
"download-limit": 100,
"download-limit-enabled": 0,
"download-queue-enabled": true,
"download-queue-size": 5,
"encryption": 1,
"idle-seeding-limit": 30,
"idle-seeding-limit-enabled": false,
"incomplete-dir": "//Downloads",
"incomplete-dir-enabled": false,
"lpd-enabled": false,
"max-peers-global": 200,
"message-level": 2,
"peer-congestion-algorithm": "",
"peer-id-ttl-hours": 6,
"peer-limit-global": 200,
"peer-limit-per-torrent": 50,
"peer-port": 51413,
"peer-port-random-high": 65535,
"peer-port-random-low": 49152,
"peer-port-random-on-start": false,
"peer-socket-tos": "default",
"pex-enabled": true,
"pidfile": "/var/run/transmission/daemon.pid",
"port-forwarding-enabled": true,
"preallocation": 1,
"prefetch-enabled": true,
"queue-stalled-enabled": true,
"queue-stalled-minutes": 30,
"ratio-limit": 2,
"ratio-limit-enabled": false,
"rename-partial-files": true,
"rpc-authentication-required": true,
"rpc-bind-address": "",
"rpc-enabled": true,
"rpc-host-whitelist": "",
"rpc-host-whitelist-enabled": false,
"rpc-password": "s3cr3tp4sswO0rd",
"rpc-port": 9091,
"rpc-url": "/transmission/",
"rpc-username": "aydintd",
"rpc-whitelist": ",",
"rpc-whitelist-enabled": true,
"scrape-paused-torrents-enabled": true,
"script-torrent-done-enabled": false,
"script-torrent-done-filename": "",
"seed-queue-enabled": false,
"seed-queue-size": 10,
"speed-limit-down": 100,
"speed-limit-down-enabled": false,
"speed-limit-up": 100,
"speed-limit-up-enabled": false,
"start-added-torrents": true,
"trash-original-torrent-files": false,
"umask": 18,
"upload-limit": 100,
"upload-limit-enabled": 0,
"upload-slots-per-torrent": 14,
"utp-enabled": true

Make sure transmission’s home directory has the correct ownerships :

$ sudo chown -R transmission:transmission /usr/local/etc/transmission/home

Start the transmission service and check if it’s listening on port 9091 and 51413 via sockstat :

$ sudo service tranmission start

$ sudo service tranmission status
transmission is running as pid 5445.

$ sudo sockstat -4 -l
root sshd 9344 4 tcp4 *:22 *:*
transmission transmissi5445 9 udp4 *:23295 *:*
transmission transmissi5445 10 tcp4 *:9091 *:*
transmission transmissi5445 11 tcp4 *:51413 *:*
transmission transmissi5445 13 udp4 *:51413 *:*
root sendmail 838 3 tcp4 *:*
root syslogd 438 7 udp4 *:514 *:*

Now you should be able to access to your transmission server’s web-gui on :


Be aware that when you navigate to the above web page, tranmission web-gui will pop-up a dialog box to ask you the username and the password for RPC you’ve configured in the settings.json. RPC on the open world is not so much a reliable way, but you can handle the security issues via using rpc-whilelists as well.

In web-gui you can easily upload any kind of torrent file or directly point to its URL and it will download the related torrent content for you in “download-folder” in your remote VPS or home server powered by FreeBSD. Transmission can be used by it’s CLI tool as well :

$ transmission-cli path/of/torrent -w path/to/save/the/downloaded/file

That should be all!

Happy Torrenting!

ps. Sharing is caring 😉

Tek Yorum

  1. Anonim Anonim 18 Eylül 2020

    şu yazıyı yazma sebebim kim freebsd liyo diye bakmak içinmiş resmen içeriğe bak yaşlı komşusunu döven halil sezai isyanı

Anonim için bir cevap yazın Cevabı iptal et

E-posta hesabınız yayımlanmayacak.

This site uses Akismet to reduce spam. Learn how your comment data is processed.