intelligent iptables gui's

Vinicius cviniciusm at terra.com.br
Mon Apr 11 13:32:11 UTC 2005


Gene Heskett escreveu:
> Hi;
> 
> I've been watching the iptables threads, hoping I'd find some clues as 
> to how to go about carving a hole a few port numbers wide for 
> bittorrents use.
> 
> As I also have an external router, a linksys BESFR41, I'd probably 
> have to setup something in it also, and that seems fairly clear, but 
> I've never been able to get a torrent going through it.  My iptables 
> rules ATM are fairly bulletptoof, (you cannot see me from the 
> internet other than a closed identd port) so my question is this:
> 
> Do any of these iptables gui front ends have a preset option to output 
> a pre-canned ruleset that will pass the torrent, but still maintain a 
> reasonable level of security outside this open port range that the 
> torrent needs?
> 

I don't know, but this is my iptables' rule:
"
$ iptables -I RH-Firewall-1-INPUT X -p tcp --dport 6881:6999 -j ACCEPT
$ service iptables save
"

where X is an appropriate position inside your iptables' rules. If I did 
do "iptables -A ..." instead, the rule did not work, because the 
previous rule is "iptables -j REJECT --reject-with icmp-host-prohibited" 
(it will reject everything).

I can do a NAT rule on my modem to translate these ports, the rule is 
called RDR. Ask to Linksys how to do this. You can search the Linksys 
knowledge base about this, too.

IHTH,
Vinicius.




More information about the fedora-list mailing list