intelligent iptables gui's

[Gene Heskett]

On Sunday 10 April 2005 23:53, Kevin wrote:
>--- Gene Heskett <gene.heskett at verizon.net> wrote:
>> On Saturday 09 April 2005 12:52, Claude Jones wrote:
[...]
>(NOTE replying at the BOTTOM of the email, to keep
>some grumpy old men happy, although every email client
>in the world starts with the cursor at the TOP of the
>page! Ah the joys of Linux, do everything upside down
>and backwards to confuse and disorient its users!
>Forgetting we use a prog called TOP, which reads the
>latest info from the TOP of the list, hey here's a
>good idea that's sure to annoy people, why don't we
>redo TOP to give us the bottom line from a file, and
>make TOP take 2 lines of arguments (in chinese only)
>to make it work, then lets re-write Linux yet again to
>make it spit out info to a file backwards?  Cool!
>We'll feel better than everyone else in no time!)
>
>Anyway, enough of the sarcasm.

Chuckle.  It looked like satire to me :-)

>Claude here is the link to the firestarter homepage:
>
>http://www.fs-security.com/download.php
>
>The very first link entitled:
>
>Fedora Core 3 and 2, Red Hat Enterprise Linux 4

Unforch, it doesn't fly on an old rh7.3 box.

>links to the RPM for firestarter, download that, then
>install it (rpm -i firexxxxxxx).  Next flush all the
>default iptables rules, (iptables -F off the top of my
>head) to start with a clean slate.
>
>For bittorent, first make sure that the port you wish
>to use is forwarded to the machine you want to use, I
>use port 10001 just to be different (typical Linux
>iser!).

I assume from reading between the lines, that this port is the 
bittorrent external share port?  Or is this the actual, use it for 
downloading to your box port?

Having never used a torrent, I assume it has to advertise its presense 
so that other torrent agents can find it, particularly if its using a 
slighly oddball port?

>In the firestarter rules I found that it 
>didn't work with the settings they suggest, ie when
>they say use x.x.x.1/24 for a global internal IP
>range, I had to use x.x.x.1/255.255.255.0.

Which should be the exact same thing.  Odd...

>In the top 
>box (headed "Allow Connections from host"), put in
>your internal IP range, ie 192.168.0.1/255.255.255.0.
>Create a rule for bittorent (in the bottom box headed
>"Allow Service"), just type in port 10001 (or whatever
>you are using) and click the dot "When the source is -
>anyone".  You will need to add rules for SMB et al if
>you are using that, they include ports 137, 139, 445.
>Make these available to the internal network only.

Mine are, but they are not part of my current FW setup as its rigged 
between two nic's, one of which is the internet side of things, and 
the other is my local, several machine home network.  From this box 
to the firewall, smb connections are transparent both ways.

>Don't forget to click on "Apply rules", and make sure
>your bittorent client is set up to use the same port.
>This should now work.  I use Azureus bittorent client
>which is an excellent piece of machinery which uses
>java.
>
>Regards................KEv :)
>
>
>Find local movie times and trailers on Yahoo! Movies.
>http://au.movies.yahoo.com

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.34% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.