On Monday 06 February 2006 07:30, Marcelo Chiapparini wrote: >Hello Gene, > >thank you very much for your answer. However, I am a completly > ignorant regarding NAT... after reading your advice, I went to the > NAT howto and I was scared... > >On Mon, 2006-01-30 at 19:26 -0500, Gene Heskett wrote: >> On Monday 30 January 2006 17:59, Marcelo Chiapparini wrote: >> >Dear debianners, >> > >> >I've just installed Azureus as my .torrent client. During its >> >configuration the wizard checks for the 6881 TCP port reporting the >> >following message: "Testing port 6881... NAT error". I would like >> > to know how to open this port. I've surfed the list, googled the >> > web without success. I am wired to the Internet by an ADSL >> > connection. I wonder if this problem involves my Internet >> > provider... >> >Thanks in advance for any help! >> >> More than likely you'll need to setup a NAT rule in iptables. > >iptables is, in fact, an (from the man page) "administration tool for >IPv4 packet filtering and NAT". You suggest to use iptables to set up > a NAT rule, isn't? > >> I have >> the NAT being done in the router, > >my router, I guess, is with my IP provider... I can't do anything in >that machine...
Then you are essentially at his mercy. I'd lock it up as tightly as I could with iptables, portsentry, and tcpwrappers. I use them all. >> by forwarding this range of ports >> directly to this machines address. Its all setup in the router for >> that. >> >> But I also have to open up iptables a wee bit on my firewall box, >> with this rule: > >I don't have a firewall installed in my machine... Ouch! Do so ASAP! There are scripts around to take some of the mystery and apprehension out of that, and I've heard that 'firestarter' is a good one although I've never used any of those types of tools myself. With the upcoming cybersecurity exersize, I'd try to be well prepared. From what I read, the network will be dossed pretty good by this. I do expect to see an entry or 2 in my logs although attackers have only made it to the logs 3 times in 3 years and thats as far as they got. An aggressive scan by satan & its ilk from outside, finds nothing, and doesn't make the logs here. So I think I've in pretty good shape. >> ----------- >> #!/bin/bash >> BTFORWARDADDR=192.168.xx.3 PORTSTART=6881 PORTEND=6999 >> /sbin/iptables -A FORWARD -s $BTFORWARDADDR -p tcp --dport >> $PORTSTART: $PORTEND -j ACCEPT >> ----------- >> Where the "xx" is a real number of course. > >My problem is that I want to open port 6881 (or another one,following >Chris Howie's tip) for Azureus. I have sarge installed in my machine > at home, wired to my Internet Provider trough an ADSL connection. I > would like to be able to open the ports without having to study the > gory details of NAT... sorry, I am not lazy, I don't have the time > for it... > >With the best regards, > >Marcelo > > >-- >Marcelo Chiapparini >[EMAIL PROTECTED] -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
