Re: iptables and Torrent



On Mon, 09 Jun 2008 14:21:02 -0500, Bob Simon <nobody@xxxxxxxxxxx> wrote:

I wish to download Torrent files to one of my computers which is
behind a Linux firewall. uTorrent is configured to use port 31234 for
incoming connections but the uTorrent Port Checker states:
Error! Port 31234 does not appear to be open.

iptables -L -v shows the counters increasing for TCP and UDP packets
to this dport but my download speed is VERY slow so I presume that the
uTorrent Port Checker is correct and detected a problem that I am not
seeing.

Can someone point out the error in my iptables config? Here are the
relevant lines:

global=xx.xx.xx.xx
bob1=192.168.0.2
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -d $global --dport 31234 -j DNAT
--to $bob1
iptables -t nat -A PREROUTING -p udp -d $global --dport 31234 -j DNAT
--to $bob1

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -d $bob1 -p tcp --dport 31234 -j ACCEPT
iptables -A FORWARD -d $bob1 -p udp --dport 31234 -j ACCEPT

I have:

X_WORLD="ppp0"
MSTATE="--match state --state"
TORRENT_HOST="<local ip>"
TORRENT_PORT="<port>"
....
iptables -A FORWARD -p all $MSTATE ESTABLISHED,RELATED -j ACCEPT
....
# for torrent (1 of 2)
if [ -n "$TORRENT_PORT" ]
then
iptables -t nat -A PREROUTING -p tcp -i $X_WORLD \
--dport $TORRENT_PORT \
-j DNAT --to-destination $TORRENT_HOST
iptables -t nat -A PREROUTING -p udp -i $X_WORLD \
--dport $TORRENT_PORT \
-j DNAT --to-destination $TORRENT_HOST
fi
....
# for torrent, tcp only (2 of 2, other part in NAT)
if [ -n "$TORRENT_PORT" ]
then
iptables -A FORWARD -p tcp $MSTATE NEW \
--dport $TORRENT_PORT -j ACCEPT
iptables -A FORWARD -p udp --dport $TORRENT_PORT -j DROP
fi

You might decide to accept UDPs.

Grant.
--
http://bugsplatter.mine.nu/
.


Quantcast