[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: intelligent iptables gui's

Gene Heskett escreveu:

I've been watching the iptables threads, hoping I'd find some clues as to how to go about carving a hole a few port numbers wide for bittorrents use.

As I also have an external router, a linksys BESFR41, I'd probably have to setup something in it also, and that seems fairly clear, but I've never been able to get a torrent going through it. My iptables rules ATM are fairly bulletptoof, (you cannot see me from the internet other than a closed identd port) so my question is this:

Do any of these iptables gui front ends have a preset option to output a pre-canned ruleset that will pass the torrent, but still maintain a reasonable level of security outside this open port range that the torrent needs?

I don't know, but this is my iptables' rule: " $ iptables -I RH-Firewall-1-INPUT X -p tcp --dport 6881:6999 -j ACCEPT $ service iptables save "

where X is an appropriate position inside your iptables' rules. If I did do "iptables -A ..." instead, the rule did not work, because the previous rule is "iptables -j REJECT --reject-with icmp-host-prohibited" (it will reject everything).

I can do a NAT rule on my modem to translate these ports, the rule is called RDR. Ask to Linksys how to do this. You can search the Linksys knowledge base about this, too.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]