intelligent iptables gui's
Gene Heskett
gene.heskett at verizon.net
Mon Apr 11 18:19:35 UTC 2005
On Monday 11 April 2005 12:37, Pedro Macedo wrote:
>Em Seg, 2005-04-11 às 10:32 -0300, Vinicius escreveu:
>> Gene Heskett escreveu:
>> > As I also have an external router, a linksys BESFR41, I'd
>> > probably have to setup something in it also, and that seems
>> > fairly clear, but I've never been able to get a torrent going
>> > through it. My iptables rules ATM are fairly bulletptoof, (you
>> > cannot see me from the internet other than a closed identd port)
>> > so my question is this:
>>
>> I don't know, but this is my iptables' rule:
>> "
>> $ iptables -I RH-Firewall-1-INPUT X -p tcp --dport 6881:6999 -j
>> ACCEPT $ service iptables save
>> "
>>
>> where X is an appropriate position inside your iptables' rules. If
>> I did do "iptables -A ..." instead, the rule did not work, because
>> the previous rule is "iptables -j REJECT --reject-with
>> icmp-host-prohibited" (it will reject everything).
>
>I would suggest two things: get a client that uses only one port (or
>configure your client to use a smaller port range - the first option
> is the best one) and try to avoid the 6881-6999 range. Some ISPs
> are throtling ports in these range , trying to control the
> bittorrent usage, which in turn means longer download times...
I didn't know that, thanks. See my other post a few seconds ago,
showing a tracker startup failure. Comment if you can.
>> I can do a NAT rule on my modem to translate these ports, the rule
>> is called RDR. Ask to Linksys how to do this. You can search the
>> Linksys knowledge base about this, too.
>
>As for the linksys router , it's easy.. go to the admin interface
>(usually it's on 192.168.1.1 if you kept the default settings) , no
>user , password "admin" . Then go to advanced setup , port
> forwarding... In the bottom of the page , there's a button that
> takes you to the port range forwarding (the initial page is only
> for single ports). There you can the forwarding of the range , the
> protocol and the destination machine (I'm just not sure if
> forwarding works with DHCP... in my setup , all machines have
> static ips...)
Humm, mine (BEFSR41) shows only ranges on the base page of port
forwarding. ISTR I did see one where it only took single ports.
Looked to be a bit limiting TBT.
>--
>Pedro Macedo
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.34% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.
More information about the fedora-list
mailing list