Question: How do you use port triggering in post-firewall?
I know I'm answering my own question but I thought some people may be curious. I got the information by experimenting with iptables. After enabling port triggering, I noticed the following entry when I typed iptables -L -v -t nat:
Code:
0 0 autofw tcp -- br0 any anywhere anywhere tcp dpt:6881 autofw tcp dpt:6881-6999 to:6881-6999
Answer:
iptables -t nat -A PREROUTING -i br0 -p INCOMING_PROTOCOL --dport TRIGGER_PORT_FROM(-TRIGGER_PORT_TO) -j autofw --related-proto TRIGGER_PROTOCOL --related-dport INCOMING_PORT_FROM(-INCOMING_PORT_TO) --related-to INCOMING_PORT_FROM(-INCOMING_PORT_TO)
For example, to set up a trigger for BitTorrent, you'd use this:
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 6881 -j autofw --related-proto tcp --related-dport 6881-6999 --related-to 6881-6999