intelligent iptables gui's

[Gene Heskett]

On Monday 11 April 2005 09:32, Vinicius wrote:
>Gene Heskett escreveu:
>> Hi;
>>
>> I've been watching the iptables threads, hoping I'd find some
>> clues as to how to go about carving a hole a few port numbers wide
>> for bittorrents use.
>>
>> As I also have an external router, a linksys BESFR41, I'd probably
>> have to setup something in it also, and that seems fairly clear,
>> but I've never been able to get a torrent going through it.  My
>> iptables rules ATM are fairly bulletptoof, (you cannot see me from
>> the internet other than a closed identd port) so my question is
>> this:
>>
>> Do any of these iptables gui front ends have a preset option to
>> output a pre-canned ruleset that will pass the torrent, but still
>> maintain a reasonable level of security outside this open port
>> range that the torrent needs?
>
>I don't know, but this is my iptables' rule:
>"
>$ iptables -I RH-Firewall-1-INPUT X -p tcp --dport 6881:6999 -j
> ACCEPT $ service iptables save
>"
>
>where X is an appropriate position inside your iptables' rules. If I
> did do "iptables -A ..." instead, the rule did not work, because
> the previous rule is "iptables -j REJECT --reject-with
> icmp-host-prohibited" (it will reject everything).
>
>I can do a NAT rule on my modem to translate these ports, the rule
> is called RDR. Ask to Linksys how to do this. You can search the
> Linksys knowledge base about this, too.

I've setup in the router, port forwarding to the firewall boxes 
outside addres, for those ports in the 6881-6999, and applied that 
rule into my iptables init script in the proper (I think) order 
within that script in /etc/sysconfig, and then did a service iptables 
restart, which didn't report any errors.  And the rule does show for 
an iptables -L:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere           tcp 
dpts:6881:6999


And I just went after the latest BitTorrent 4.0.something and 
installed that.  Digging thru the docs, the first thing I need to do 
is start a 'tracker', but that fails with an error message that I 
don't quite grok:
[root at gene /]# bttrack.py --port 6969 --dfile dstate
Traceback (innermost last):
  File "/usr/bin/bttrack.py", line 16, in ?
    from BitTorrent.track import track
ImportError: No module named BitTorrent.track

Now what?  There isn't any such module in the 
python-2.3/site-packages/BittTorrent subdir, and no such file exists 
in the archive either.

>IHTH,

Some, thanks.

>Vinicius.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.34% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.