intelligent iptables gui's
Vinicius
cviniciusm at terra.com.br
Mon Apr 11 13:32:11 UTC 2005
Gene Heskett escreveu:
> Hi;
>
> I've been watching the iptables threads, hoping I'd find some clues as
> to how to go about carving a hole a few port numbers wide for
> bittorrents use.
>
> As I also have an external router, a linksys BESFR41, I'd probably
> have to setup something in it also, and that seems fairly clear, but
> I've never been able to get a torrent going through it. My iptables
> rules ATM are fairly bulletptoof, (you cannot see me from the
> internet other than a closed identd port) so my question is this:
>
> Do any of these iptables gui front ends have a preset option to output
> a pre-canned ruleset that will pass the torrent, but still maintain a
> reasonable level of security outside this open port range that the
> torrent needs?
>
I don't know, but this is my iptables' rule:
"
$ iptables -I RH-Firewall-1-INPUT X -p tcp --dport 6881:6999 -j ACCEPT
$ service iptables save
"
where X is an appropriate position inside your iptables' rules. If I did
do "iptables -A ..." instead, the rule did not work, because the
previous rule is "iptables -j REJECT --reject-with icmp-host-prohibited"
(it will reject everything).
I can do a NAT rule on my modem to translate these ports, the rule is
called RDR. Ask to Linksys how to do this. You can search the Linksys
knowledge base about this, too.
IHTH,
Vinicius.
More information about the fedora-list
mailing list