cichy
22-10-2009, 23:03
Hello, i've been having some problems with port forwarding. I'm using DC++ and i wanted to forward few ports i.e 1026 (tcp) 1027 (udp). My post-firewall looks like this:
!/bin/sh
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 62924 -d 192.168.1.10 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
iptables -I INPUT -m tcp -p tcp --dport 22 -j ACCEPT
and it's working quite well (torrent is active, port open). After typing netstat -L -v -t nat i got sth like this:
iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 5980 packets, 666K bytes)
pkts bytes target prot opt in out source destination
5556 629K VSERVER all -- any any anywhere wanip
Chain POSTROUTING (policy ACCEPT 1821 packets, 123K bytes)
pkts bytes target prot opt in out source destination
270 14074 MASQUERADE all -- any vlan1 !wanip anywhere
10 1897 SNAT all -- any br0 192.168.1.0/24 192.168.1.0/24 to:192.168.1.1
Chain OUTPUT (policy ACCEPT 1818 packets, 124K bytes)
pkts bytes target prot opt in out source destination
Chain VSERVER (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:www to:192.168.1.1:8081
0 0 DNAT udp -- any any anywhere anywhere udp dpt:www to:192.168.1.1:8081
2 120 DNAT tcp -- any any anywhere anywhere tcp dpt:62924 to:192.168.1.10:62924
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:2007 to:192.168.1.10:2007
0 0 DNAT udp -- any any anywhere anywhere udp dpt:2007 to:192.168.1.10:2007
200 10673 DNAT tcp -- any any anywhere anywhere tcp dpt:51413 to:192.168.1.1:51413
5 292 DNAT tcp -- any any anywhere anywhere tcp dpt:1026 to:192.168.1.10:1026
0 0 DNAT udp -- any any anywhere anywhere udp dpt:1026 to:192.168.1.10:1026
8 480 DNAT tcp -- any any anywhere anywhere tcp dpt:1027 to:192.168.1.10:1027
0 0 DNAT udp -- any any anywhere anywhere udp dpt:1027 to:192.168.1.10:1027
Ports 1026 & 1027 are added thru web-gui as you see but they're not working as they should. I can download from all users (passive and active) but searching files in active mode (udp port forwarded) gives me less scores then in passive mode:( i.e active - 5-10 mp3's from 3 users, passive 50-70 mp3's from 20-60 users.
How should i forward this ports (and other) to work properly, to give me same amount of results in active mode like in passive mode. I've read some stuff about it but it gives me headache :P Maybe a simple rule, a way to do it correctly and thus to work properly.
Greets
!/bin/sh
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --dport 62924 -d 192.168.1.10 -j ACCEPT
iptables -A INPUT -p tcp --dport 8000 -j ACCEPT
iptables -I INPUT -m tcp -p tcp --dport 22 -j ACCEPT
and it's working quite well (torrent is active, port open). After typing netstat -L -v -t nat i got sth like this:
iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 5980 packets, 666K bytes)
pkts bytes target prot opt in out source destination
5556 629K VSERVER all -- any any anywhere wanip
Chain POSTROUTING (policy ACCEPT 1821 packets, 123K bytes)
pkts bytes target prot opt in out source destination
270 14074 MASQUERADE all -- any vlan1 !wanip anywhere
10 1897 SNAT all -- any br0 192.168.1.0/24 192.168.1.0/24 to:192.168.1.1
Chain OUTPUT (policy ACCEPT 1818 packets, 124K bytes)
pkts bytes target prot opt in out source destination
Chain VSERVER (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:www to:192.168.1.1:8081
0 0 DNAT udp -- any any anywhere anywhere udp dpt:www to:192.168.1.1:8081
2 120 DNAT tcp -- any any anywhere anywhere tcp dpt:62924 to:192.168.1.10:62924
0 0 DNAT tcp -- any any anywhere anywhere tcp dpt:2007 to:192.168.1.10:2007
0 0 DNAT udp -- any any anywhere anywhere udp dpt:2007 to:192.168.1.10:2007
200 10673 DNAT tcp -- any any anywhere anywhere tcp dpt:51413 to:192.168.1.1:51413
5 292 DNAT tcp -- any any anywhere anywhere tcp dpt:1026 to:192.168.1.10:1026
0 0 DNAT udp -- any any anywhere anywhere udp dpt:1026 to:192.168.1.10:1026
8 480 DNAT tcp -- any any anywhere anywhere tcp dpt:1027 to:192.168.1.10:1027
0 0 DNAT udp -- any any anywhere anywhere udp dpt:1027 to:192.168.1.10:1027
Ports 1026 & 1027 are added thru web-gui as you see but they're not working as they should. I can download from all users (passive and active) but searching files in active mode (udp port forwarded) gives me less scores then in passive mode:( i.e active - 5-10 mp3's from 3 users, passive 50-70 mp3's from 20-60 users.
How should i forward this ports (and other) to work properly, to give me same amount of results in active mode like in passive mode. I've read some stuff about it but it gives me headache :P Maybe a simple rule, a way to do it correctly and thus to work properly.
Greets