Hey !

I used the headstart made by Raas + the post-firewall (from here) (http://www.wl500g.info/showthread.php?t=11949&highlight=post+files) file that was on the forum. My router is in a home gateway mode and the firewall form the webinterface is disabled. The problem is that the torrent port 65534 is still closed :-/ That's what iptables -L gives me:


[admin@WL-001D60D3CAF8 root]$ iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:65534 flags: SYN,RST,ACK/SYN
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABL ISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABL ISHED
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate DNAT
DROP all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain MACS (0 references)
target prot opt source destination

Chain SECURITY (0 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp flags:SYN,RST,AC K/SYN limit: avg 1/sec burst 5
RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RS T,ACK/RST limit: avg 1/sec burst 5
RETURN udp -- anywhere anywhere limit: avg 5/sec bur st 5
RETURN icmp -- anywhere anywhere limit: avg 5/sec bur st 5
DROP all -- anywhere anywhere

Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT all -- anywhere anywhere

Chain logdrop (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
DROP all -- anywhere anywhere


Anyone knows what I'm doing wrong ??

Have you figured it out yet?

The first line of the INPUT chain is what you need. It looks fine, but it seems you cropped the output and I can't see the flags. Here is how my line looks:


ACCEPT tcp -- anywhere anywhere tcp dpts:65534 flags:SYN,RST,ACK/SYN

And the post-firewall command to open it is this:


iptables -I INPUT 1 -p tcp -i "$1" --syn --dport 65534 -j ACCEPT

If you did all this then the port is open. Why do you think it's not? You may have a problem with your rtorrent setup.

Run "netstat -tlnp" and see what address and port rtorrent is actually using.

Check your ~/.rtorrent.rc and make sure your "ip" and "bind" commands indicate your external interface (run "ifconfig vlan1" to find out what the address is) and your "port_range" command is 65534. (If you use DynDNS/ddclient and have a dynamic host address you can use that for ip and bind.)