On Mon, 09 Jun 2008 14:21:02 -0500, Bob Simon wrote:

>I wish to download Torrent files to one of my computers which is
>behind a Linux firewall. uTorrent is configured to use port 31234 for
>incoming connections but the uTorrent Port Checker states:
>Error! Port 31234 does not appear to be open.
>
>iptables -L -v shows the counters increasing for TCP and UDP packets
>to this dport but my download speed is VERY slow so I presume that the
>uTorrent Port Checker is correct and detected a problem that I am not
>seeing.
>
>Can someone point out the error in my iptables config? Here are the
>relevant lines:
>
>global=xx.xx.xx.xx
>bob1=192.168.0.2
>iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>iptables -t nat -A PREROUTING -p tcp -d $global --dport 31234 -j DNAT
>--to $bob1
>iptables -t nat -A PREROUTING -p udp -d $global --dport 31234 -j DNAT
>--to $bob1
>
>iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>iptables -A FORWARD -d $bob1 -p tcp --dport 31234 -j ACCEPT
>iptables -A FORWARD -d $bob1 -p udp --dport 31234 -j ACCEPT
>
I have:

X_WORLD="ppp0"
MSTATE="--match state --state"
TORRENT_HOST=""
TORRENT_PORT=""
....
iptables -A FORWARD -p all $MSTATE ESTABLISHED,RELATED -j ACCEPT
....
# for torrent (1 of 2)
if [ -n "$TORRENT_PORT" ]
then
iptables -t nat -A PREROUTING -p tcp -i $X_WORLD \
--dport $TORRENT_PORT \
-j DNAT --to-destination $TORRENT_HOST
iptables -t nat -A PREROUTING -p udp -i $X_WORLD \
--dport $TORRENT_PORT \
-j DNAT --to-destination $TORRENT_HOST
fi
....
# for torrent, tcp only (2 of 2, other part in NAT)
if [ -n "$TORRENT_PORT" ]
then
iptables -A FORWARD -p tcp $MSTATE NEW \
--dport $TORRENT_PORT -j ACCEPT
iptables -A FORWARD -p udp --dport $TORRENT_PORT -j DROP
fi

You might decide to accept UDPs.

Grant.
--
http://bugsplatter.mine.nu/