Jump to content

Linux iptables firewall settings

buckprivate

By buckprivate
in Speed Problems

Recommended Posts

buckprivate Newbie

buckprivate

Posted
Posted

For NATing specific LAN IPs, use an instruction set like this.

--- cut here ---

# MASQ (SNAT) internal traffic:

EXT_IP=`cat /etc/firewall/EXT_IP` # Put your external (WAN) IP here

HARD=192.168.1.9 # Put your LAN IP here

echo 1 >/proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -o $IFE -s $HARD -j SNAT --to $EXT_IP

--- cut here ---

To allow a specific computer to accept incoming torrent connections, use an instruction set like this.

--- cut here ---

# /usr/sbin/Torrent_to_hard

# This allows access to computer HARD when incoming torrents connect to

# my external IP.

# Beware line wrap. Every long line is double spaced.

BT_PORT=24664 # Make sure this matches your BT settings

EXT_IP=`cat /etc/firewall/EXT_IP` # Put your external (WAN) IP here

HARD=192.168.1.9 # Put your LAN IP here

echo "Pass parameter 'up' to activate."

echo "EXT_IP IP $EXT_IP; HP IP $HARD."

# Tear down

iptables -t nat -D PREROUTING -p udp -d $EXT_IP --dport BT_PORT -j DNAT --to $HARD:BT_PORT >/dev/null 2>&1

iptables -t nat -D PREROUTING -p tcp -d $EXT_IP --dport BT_PORT -j DNAT --to $HARD:BT_PORT >/dev/null 2>&1

iptables -t nat -D PREROUTING -p udp -d $EXT_IP --dport 6881:6999 -j DNAT --to $HARD:BT_PORT >/dev/null 2>&1

iptables -t nat -D PREROUTING -p tcp -d $EXT_IP --dport 6881:6999 -j DNAT --to $HARD:BT_PORT >/dev/null 2>&1

iptables -D FORWARD -p udp -d $HARD --dport BT_PORT -j ACCEPT >/dev/null 2>&1

iptables -D FORWARD -p tcp -d $HARD --dport BT_PORT -j ACCEPT >/dev/null 2>&1

if [ "$1" = "up" ]; then

# Set up

iptables -t nat -I PREROUTING -p udp -d $EXT_IP --dport BT_PORT -j DNAT --to $HARD:BT_PORT

iptables -t nat -I PREROUTING -p tcp -d $EXT_IP --dport BT_PORT -j DNAT --to $HARD:BT_PORT

iptables -t nat -I PREROUTING -p udp -d $EXT_IP --dport 6881:6999 -j DNAT --to $HARD:BT_PORT

iptables -t nat -I PREROUTING -p tcp -d $EXT_IP --dport 6881:6999 -j DNAT --to $HARD:BT_PORT

iptables -I FORWARD -p udp -d $HARD --dport BT_PORT -j ACCEPT

iptables -I FORWARD -p tcp -d $HARD --dport BT_PORT -j ACCEPT

fi

--- cut here ---

If you still have problems, consider adding the following 2 lines.

--- cut here ---

iptables -A FORWARD -s $HARD -p tcp -m state --state ESTABLISHED --sport 1024:65535 --dport 1024:65535 -j ACCEPT

iptables -A FORWARD -s $HARD -p udp -m state --state ESTABLISHED --sport 1024:65535 --dport 1024:65535 -j ACCEPT

--- cut here ---

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...