Iptable port opening problem

[e2rdvonc]

Hey !

I used the headstart made by Raas + the post-firewall (from here) file that was on the forum. My router is in a home gateway mode and the firewall form the webinterface is disabled. The problem is that the torrent port 65534 is still closed :-/ That's what iptables -L gives me:

Code:

[admin@WL-001D60D3CAF8 root]$ iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere           tcp dpt:65534 flags:                                    SYN,RST,ACK/SYN
DROP       all  --  anywhere             anywhere           state INVALID
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABL                                    ISHED
ACCEPT     all  --  anywhere             anywhere           state NEW
ACCEPT     all  --  anywhere             anywhere           state NEW

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere           state INVALID
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABL                                    ISHED
DROP       all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere           ctstate DNAT
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain MACS (0 references)
target     prot opt source               destination

Chain SECURITY (0 references)
target     prot opt source               destination
RETURN     tcp  --  anywhere             anywhere           tcp flags:SYN,RST,AC                                    K/SYN limit: avg 1/sec burst 5
RETURN     tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RS                                    T,ACK/RST limit: avg 1/sec burst 5
RETURN     udp  --  anywhere             anywhere           limit: avg 5/sec bur                                    st 5
RETURN     icmp --  anywhere             anywhere           limit: avg 5/sec bur                                    st 5
DROP       all  --  anywhere             anywhere

Chain logaccept (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere           state NEW LOG level                                     warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT     all  --  anywhere             anywhere

Chain logdrop (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere           state NEW LOG level                                     warning tcp-sequence tcp-options ip-options prefix `DROP '
DROP       all  --  anywhere             anywhere

Anyone knows what I'm doing wrong ??

[wirespot]

Have you figured it out yet?

The first line of the INPUT chain is what you need. It looks fine, but it seems you cropped the output and I can't see the flags. Here is how my line looks:

Code:

ACCEPT     tcp  --  anywhere             anywhere           tcp dpts:65534 flags:SYN,RST,ACK/SYN

And the post-firewall command to open it is this:

Code:

iptables -I INPUT 1 -p tcp -i "$1" --syn --dport 65534 -j ACCEPT

If you did all this then the port is open. Why do you think it's not? You may have a problem with your rtorrent setup.

Run "netstat -tlnp" and see what address and port rtorrent is actually using.

Check your ~/.rtorrent.rc and make sure your "ip" and "bind" commands indicate your external interface (run "ifconfig vlan1" to find out what the address is) and your "port_range" command is 65534. (If you use DynDNS/ddclient and have a dynamic host address you can use that for ip and bind.)