intelligent iptables gui's

Kevin kvonb at yahoo.com
Mon Apr 11 03:53:13 UTC 2005 

--- Gene Heskett <gene.heskett at verizon.net> wrote:
> On Saturday 09 April 2005 12:52, Claude Jones wrote:
> >Gene Heskett wrote:
> >> Hi;
> >>
> >> I've been watching the iptables threads, hoping
> I'd find some
> >> clues as to how to go about carving a hole a few
> port numbers wide
> >> for bittorrents use.
> >>
> >> As I also have an external router, a linksys
> BESFR41, I'd probably
> >> have to setup something in it also, and that
> seems fairly clear,
> >> but I've never been able to get a torrent going
> through it.  My
> >> iptables rules ATM are fairly bulletptoof, (you
> cannot see me from
> >> the internet other than a closed identd port) so
> my question is
> >> this:
> >>
> >> Do any of these iptables gui front ends have a
> preset option to
> >> output a pre-canned ruleset that will pass the
> torrent, but still
> >> maintain a reasonable level of security outside
> this open port
> >> range that the torrent needs?
> >
> >Can't spead to FWBuilder, which I'm learning, or
> Guarddog, but
> >FireStarter which I currently use has a policy for
> BitTorrent and is
> >very easy to activate - in fact, I normally keep it
> off, and just
> > turn it on when I want to use it.
> 
> Unforch, I cannot seem to make the
> firestarter-1.0.3.src.rpm build on 
> a rh7.3 box, too many missing gnome-2 bits and
> pieces.  Likewise it 
> fails here on this FC2 box for much the same reason
> (I use kde here), 
> and allthough I was able to get the tarball to
> complete 
> a ./configure, the make bails from missing header
> files (gnome.h is 
> the first reported error) pretty quickly.
> 
> Can I trouble someone who has used it, to copy/paste
> the rules it sets 
> up for bittorrent to an email, either to me or to
> the list?
> 
> Many thanks, Claude.
> 
> -- 
> Cheers, Gene
> "There are four boxes to be used in defense of
> liberty:
>  soap, ballot, jury, and ammo. Please use in that
> order."
> -Ed Howdershelt (Author)
> 99.34% setiathome rank, not too shabby for a WV
> hillbilly
> Yahoo.com and AOL/TW attorneys please note,
> additions to the above
> message by Gene Heskett are:
> Copyright 2005 by Maurice Eugene Heskett, all rights
> reserved.
> 
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe:
> http://www.redhat.com/mailman/listinfo/fedora-list
>

(NOTE replying at the BOTTOM of the email, to keep
some grumpy old men happy, although every email client
in the world starts with the cursor at the TOP of the
page! Ah the joys of Linux, do everything upside down
and backwards to confuse and disorient its users! 
Forgetting we use a prog called TOP, which reads the
latest info from the TOP of the list, hey here's a
good idea that's sure to annoy people, why don't we
redo TOP to give us the bottom line from a file, and
make TOP take 2 lines of arguments (in chinese only)
to make it work, then lets re-write Linux yet again to
make it spit out info to a file backwards?  Cool! 
We'll feel better than everyone else in no time!)

Anyway, enough of the sarcasm.

Claude here is the link to the firestarter homepage:

http://www.fs-security.com/download.php

The very first link entitled:

Fedora Core 3 and 2, Red Hat Enterprise Linux 4

links to the RPM for firestarter, download that, then
install it (rpm -i firexxxxxxx).  Next flush all the
default iptables rules, (iptables -F off the top of my
head) to start with a clean slate.

For bittorent, first make sure that the port you wish
to use is forwaded to the machine you want to use, I
use port 10001 just to be different (typical Linux
iser!).  In the firestarter rules I found that it
didn't work with the settings they suggest, ie when
they say use x.x.x.1/24 for a global internal IP
range, I had to use x.x.x.1/255.255.255.0.  In the top
box (headed "Allow Connections from host"), put in
your internal IP range, ie 192.168.0.1/255.255.255.0. 
Create a rule for bittorent (in the bottom box headed
"Allow Service"), just type in port 10001 (or whatever
you are using) and click the dot "When the source is -
anyone".  You will need to add rules for SMB et al if
you are using that, they include ports 137, 139, 445. 
Make these available to the internal network only.

Don't forget to click on "Apply rules", and make sure
your bittorent client is set up to use the same port. 
This should now work.  I use Azureus bittorent client
which is an excellent piece of machinery which uses
java.

Regards................KEv :)


Find local movie times and trailers on Yahoo! Movies.
http://au.movies.yahoo.com

More information about the fedora-list mailing list