Re: iptables and Torrents

Andy Furniss wrote:
Bob Simon wrote:
I wish to download Torrent files to one of my computers which is
behind a Linux firewall. uTorrent is configured to use port 31234 for
incoming connections but the uTorrent Port Checker states:
Error! Port 31234 does not appear to be open.

iptables -L -v shows the counters increasing for TCP and UDP packets
to this dport but my download speed is VERY slow so I presume that the
uTorrent Port Checker is correct and detected a problem that I am not
seeing. Can someone point out the error in my iptables config? Here are the
relevant lines:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A PREROUTING -p tcp -d $global --dport 31234 -j DNAT
--to $bob1
iptables -t nat -A PREROUTING -p udp -d $global --dport 31234 -j DNAT
--to $bob1

iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -d $bob1 -p tcp --dport 31234 -j ACCEPT
iptables -A FORWARD -d $bob1 -p udp --dport 31234 -j ACCEPT

If the counters look OK maybe it's a/the windows firewall that is blocking them. You could tcpdump on the lan facing nic to double check they are getting through, or see what utorrent is doing to test it.

A first look the rules seem OK - but when appending you need to know what rules are already there. I assume the default for forward has been set to drop or everything will be ACCEPTed anyway.

If eth0 is wan and a different nic is lan you should really add -i eth0 to the DNAT rules.

It would also be better to use -m state --state NEW on the forward rules.

If the default on forward wasn't DROP and you change it you will need to add -i eth0 to the RELATED,ESTABLISHED rule as well - unless you have other rules to allow new connections that are not shown.

It's hard to guess what will happen without seeing the full picture when it comes to iptables rules.