intelligent iptables gui's
Pedro Macedo
webmaster at margo.bijoux.nom.br
Mon Apr 11 16:37:02 UTC 2005
Em Seg, 2005-04-11 às 10:32 -0300, Vinicius escreveu:
> Gene Heskett escreveu:
> > As I also have an external router, a linksys BESFR41, I'd probably
> > have to setup something in it also, and that seems fairly clear, but
> > I've never been able to get a torrent going through it. My iptables
> > rules ATM are fairly bulletptoof, (you cannot see me from the
> > internet other than a closed identd port) so my question is this:
> >
> I don't know, but this is my iptables' rule:
> "
> $ iptables -I RH-Firewall-1-INPUT X -p tcp --dport 6881:6999 -j ACCEPT
> $ service iptables save
> "
>
> where X is an appropriate position inside your iptables' rules. If I did
> do "iptables -A ..." instead, the rule did not work, because the
> previous rule is "iptables -j REJECT --reject-with icmp-host-prohibited"
> (it will reject everything).
>
I would suggest two things: get a client that uses only one port (or
configure your client to use a smaller port range - the first option is
the best one) and try to avoid the 6881-6999 range. Some ISPs are
throtling ports in these range , trying to control the bittorrent usage,
which in turn means longer download times...
> I can do a NAT rule on my modem to translate these ports, the rule is
> called RDR. Ask to Linksys how to do this. You can search the Linksys
> knowledge base about this, too.
>
As for the linksys router , it's easy.. go to the admin interface
(usually it's on 192.168.1.1 if you kept the default settings) , no
user , password "admin" . Then go to advanced setup , port forwarding...
In the bottom of the page , there's a button that takes you to the port
range forwarding (the initial page is only for single ports). There you
can the forwarding of the range , the protocol and the destination
machine (I'm just not sure if forwarding works with DHCP... in my
setup , all machines have static ips...)
--
Pedro Macedo
More information about the fedora-list
mailing list