intelligent iptables gui's

[Pedro Macedo]

Em Seg, 2005-04-11 às 10:32 -0300, Vinicius escreveu:
> Gene Heskett escreveu:
> > As I also have an external router, a linksys BESFR41, I'd probably 
> > have to setup something in it also, and that seems fairly clear, but 
> > I've never been able to get a torrent going through it.  My iptables 
> > rules ATM are fairly bulletptoof, (you cannot see me from the 
> > internet other than a closed identd port) so my question is this:
> > 
> I don't know, but this is my iptables' rule:
> "
> $ iptables -I RH-Firewall-1-INPUT X -p tcp --dport 6881:6999 -j ACCEPT
> $ service iptables save
> "
> 
> where X is an appropriate position inside your iptables' rules. If I did 
> do "iptables -A ..." instead, the rule did not work, because the 
> previous rule is "iptables -j REJECT --reject-with icmp-host-prohibited" 
> (it will reject everything).
> 
I would suggest two things: get a client that uses only one port (or
configure your client to use a smaller port range - the first option is
the best one) and try to avoid the 6881-6999 range. Some ISPs are
throtling ports in these range , trying to control the bittorrent usage,
which in turn means longer download times...

> I can do a NAT rule on my modem to translate these ports, the rule is 
> called RDR. Ask to Linksys how to do this. You can search the Linksys 
> knowledge base about this, too.
> 
As for the linksys router , it's easy.. go to the admin interface
(usually it's on 192.168.1.1 if you kept the default settings) , no
user , password "admin" . Then go to advanced setup , port forwarding...
In the bottom of the page , there's a button that takes you to the port
range forwarding (the initial page is only for single ports). There you
can the forwarding of the range , the protocol and the destination
machine (I'm just not sure if forwarding works with DHCP... in my
setup , all machines have static ips...)

--
Pedro Macedo