Here's a small script I did to forward bit torrent from my firewall box to my personal comp. It should be easy to adapt for your own setup. Just change base_port, client_ip and external_ip accordingly.
The for loop exists because I sometimes need to open multiple ports (ex games). Say I need to open 8 ports starting to 6112 (starcraft, warcraft). The for becomes : "for p in `seq 0 7`".
base_port="6881"
client_ip="192.168.0.25"
for p in 0 ; do
let "port=$base_port + p"
iptables -t nat -A PREROUTING -p tcp -d $external_ip --dport $port -j DNAT --to-destination $client_ip
iptables -A FORWARD -p tcp -d $client_ip --dport $port -j ACCEPT
iptables -t nat -A POSTROUTING -p tcp -s $client_ip --sport $port -j SNAT --to-source $external_ip
done
Note however you should consider using a physical router if you are not comfortable with iptables and need good, immediate security. It took me a long time to learn to use iptables. Every time I reviewed my firewall I fixed flaws in it.
|