diff --git a/configs/config.yaml b/configs/config.yaml
index d9bbda3..6575da1 100644
--- a/configs/config.yaml
+++ b/configs/config.yaml
@@ -7,6 +7,7 @@ gateway:
   enabled: true
   port: 9877
   max_upload_size: 10GB
+  public_url: "https://gateway.sovbit.host"  # Public URL for BitTorrent/DHT bootstrap
 
 # Embedded Blossom server
 blossom_server:
diff --git a/internal/api/handlers.go b/internal/api/handlers.go
index da2ee7d..d1e96aa 100644
--- a/internal/api/handlers.go
+++ b/internal/api/handlers.go
@@ -366,7 +366,14 @@ func NewGateway(cfg *config.Config, storage *storage.Backend) *Gateway {
 	}
 	
 	// Set public URL for tracker functionality
-	publicURL := fmt.Sprintf("http://localhost:%d", cfg.Gateway.Port)
+	publicURL := cfg.Gateway.PublicURL
+	if publicURL == "" {
+		// Fallback to localhost if not configured (for development)
+		publicURL = fmt.Sprintf("http://localhost:%d", cfg.Gateway.Port)
+		log.Printf("Warning: No public_url configured, using localhost fallback: %s", publicURL)
+	} else {
+		log.Printf("Using configured public URL: %s", publicURL)
+	}
 
 	// Initialize transcoding manager
 	var transcodingManager TranscodingManager
diff --git a/internal/config/config.go b/internal/config/config.go
index 775c68a..8316b8b 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -32,6 +32,7 @@ type GatewayConfig struct {
 	Enabled       bool   `yaml:"enabled"`
 	Port          int    `yaml:"port"`
 	MaxUploadSize string `yaml:"max_upload_size"`
+	PublicURL     string `yaml:"public_url"`
 }
 
 // BlossomServerConfig configures the embedded Blossom server
diff --git a/internal/transcoding/manager.go b/internal/transcoding/manager.go
index edb5ca3..8331a38 100644
--- a/internal/transcoding/manager.go
+++ b/internal/transcoding/manager.go
@@ -195,6 +195,7 @@ func (tm *Manager) markTranscodingQueued(fileHash string) {
 // markTranscodingCompleted records that transcoding completed successfully
 func (tm *Manager) markTranscodingCompleted(fileHash string) {
 	tm.updateTranscodingStatus(fileHash, "completed")
+	log.Printf("DEBUG: Marked transcoding completed for file %s", fileHash)
 }
 
 // markTranscodingFailed records that transcoding failed
diff --git a/internal/web/static/upload.js b/internal/web/static/upload.js
index 4ee6ffa..142971d 100644
--- a/internal/web/static/upload.js
+++ b/internal/web/static/upload.js
@@ -405,6 +405,18 @@ class GatewayUI {
             const response = await fetch('/api/files');
             if (response.ok) {
                 const data = await response.json();
+                
+                // Debug logging
+                console.log('API /api/files response:', {
+                    fileCount: data.files ? data.files.length : 0,
+                    files: data.files ? data.files.map(f => ({
+                        name: f.name,
+                        hash: f.file_hash?.substring(0, 8),
+                        is_video: f.is_video,
+                        storage_type: f.storage_type
+                    })) : []
+                });
+                
                 if (data.files && data.files.length > 0) {
                     // Merge server files with local uploads, avoiding duplicates
                     const allFiles = [...data.files];
diff --git a/scripts/setup_systemd.sh b/scripts/setup_systemd.sh
index ea7d752..ee5ccfa 100755
--- a/scripts/setup_systemd.sh
+++ b/scripts/setup_systemd.sh
@@ -545,6 +545,39 @@ fi
 # Enable and start nginx
 systemctl start nginx
 
+# Configure firewall (UFW)
+echo "🔥 Configuring firewall (UFW)..."
+if command -v ufw >/dev/null 2>&1; then
+    # Enable UFW if not already enabled (non-interactive)
+    ufw --force enable
+    
+    # Allow essential ports
+    echo "   Opening HTTP/HTTPS ports..."
+    ufw allow 80/tcp comment "HTTP (nginx)"
+    ufw allow 443/tcp comment "HTTPS (nginx)"
+    
+    echo "   Opening SSH access..."
+    ufw allow 22/tcp comment "SSH"
+    
+    echo "   Opening BitTorrent/DHT ports..."
+    ufw allow 9877/tcp comment "Gateway API"
+    ufw allow 6883/udp comment "DHT node (peer discovery)"
+    
+    # Optional: Standard BitTorrent ports for better peer connectivity
+    ufw allow 6881:6889/tcp comment "BitTorrent TCP"
+    ufw allow 6881:6889/udp comment "BitTorrent UDP"
+    
+    # Reload firewall rules
+    ufw --force reload
+    
+    echo "✅ Firewall configured successfully"
+    echo "   Active rules:"
+    ufw status numbered | head -20
+else
+    echo "⚠️  UFW not found - firewall not configured"
+    echo "   Please manually open ports: 80, 443, 22, 9877/tcp, 6883/udp"
+fi
+
 echo ""
 echo "🎉 Torrent Gateway systemd setup completed!"
 echo ""
@@ -559,6 +592,14 @@ echo "3. Check status:"
 echo "   systemctl status torrent-gateway"
 echo "   journalctl -u torrent-gateway -f"
 echo ""
+echo "🔥 Firewall ports opened:"
+echo "   80/tcp   - HTTP (nginx)"
+echo "   443/tcp  - HTTPS (nginx)"  
+echo "   22/tcp   - SSH"
+echo "   9877/tcp - Gateway API"
+echo "   6883/udp - DHT node (CRITICAL for peer discovery)"
+echo "   6881-6889/tcp,udp - BitTorrent protocol"
+echo ""
 echo "4. Run health checks:"
 echo "   $INSTALL_DIR/scripts/health_check.sh"
 echo ""
diff --git a/torrent-gateway b/torrent-gateway
new file mode 100755
index 0000000..9ff9ffc
Binary files /dev/null and b/torrent-gateway differ