iptables and Torrent - Security

This is a discussion on iptables and Torrent - Security ; I wish to download Torrent files to one of my computers which is behind a Linux firewall. uTorrent is configured to use port 31234 for incoming connections but the uTorrent Port Checker states: Error! Port 31234 does not appear to ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: iptables and Torrent

  1. iptables and Torrent

    I wish to download Torrent files to one of my computers which is
    behind a Linux firewall. uTorrent is configured to use port 31234 for
    incoming connections but the uTorrent Port Checker states:
    Error! Port 31234 does not appear to be open.

    iptables -L -v shows the counters increasing for TCP and UDP packets
    to this dport but my download speed is VERY slow so I presume that the
    uTorrent Port Checker is correct and detected a problem that I am not
    seeing.

    Can someone point out the error in my iptables config? Here are the
    relevant lines:

    global=xx.xx.xx.xx
    bob1=192.168.0.2
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    iptables -t nat -A PREROUTING -p tcp -d $global --dport 31234 -j DNAT
    --to $bob1
    iptables -t nat -A PREROUTING -p udp -d $global --dport 31234 -j DNAT
    --to $bob1

    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -d $bob1 -p tcp --dport 31234 -j ACCEPT
    iptables -A FORWARD -d $bob1 -p udp --dport 31234 -j ACCEPT



  2. Re: iptables and Torrent

    On Mon, 09 Jun 2008 14:21:02 -0500, Bob Simon wrote:

    >I wish to download Torrent files to one of my computers which is
    >behind a Linux firewall. uTorrent is configured to use port 31234 for
    >incoming connections but the uTorrent Port Checker states:
    >Error! Port 31234 does not appear to be open.
    >
    >iptables -L -v shows the counters increasing for TCP and UDP packets
    >to this dport but my download speed is VERY slow so I presume that the
    >uTorrent Port Checker is correct and detected a problem that I am not
    >seeing.
    >
    >Can someone point out the error in my iptables config? Here are the
    >relevant lines:
    >
    >global=xx.xx.xx.xx
    >bob1=192.168.0.2
    >iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    >iptables -t nat -A PREROUTING -p tcp -d $global --dport 31234 -j DNAT
    >--to $bob1
    >iptables -t nat -A PREROUTING -p udp -d $global --dport 31234 -j DNAT
    >--to $bob1
    >
    >iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    >iptables -A FORWARD -d $bob1 -p tcp --dport 31234 -j ACCEPT
    >iptables -A FORWARD -d $bob1 -p udp --dport 31234 -j ACCEPT
    >

    I have:

    X_WORLD="ppp0"
    MSTATE="--match state --state"
    TORRENT_HOST=""
    TORRENT_PORT=""
    ....
    iptables -A FORWARD -p all $MSTATE ESTABLISHED,RELATED -j ACCEPT
    ....
    # for torrent (1 of 2)
    if [ -n "$TORRENT_PORT" ]
    then
    iptables -t nat -A PREROUTING -p tcp -i $X_WORLD \
    --dport $TORRENT_PORT \
    -j DNAT --to-destination $TORRENT_HOST
    iptables -t nat -A PREROUTING -p udp -i $X_WORLD \
    --dport $TORRENT_PORT \
    -j DNAT --to-destination $TORRENT_HOST
    fi
    ....
    # for torrent, tcp only (2 of 2, other part in NAT)
    if [ -n "$TORRENT_PORT" ]
    then
    iptables -A FORWARD -p tcp $MSTATE NEW \
    --dport $TORRENT_PORT -j ACCEPT
    iptables -A FORWARD -p udp --dport $TORRENT_PORT -j DROP
    fi

    You might decide to accept UDPs.

    Grant.
    --
    http://bugsplatter.mine.nu/

+ Reply to Thread