Are you connected directly to the internet? (Do you have an external ip?)
If yes, you should just open 6880 (or whatever the default listen-port is for torrents).
If no, you need to do port-forwarding in your router/firewall.
Forward port 6880 to the computer with Azureus. This works for me!
Btw. these days some isps block the default torrent port, so you could possibly change the default port in Azureus.
I use port 33001, which makes logging harder for my ISP
( Go to Tools-->Options-->Connection, and change "Incoming TCP listen port", or just use iptables to open the current port.)
A simple iptables script that will work on a computer connected directly to the internet (i.e. a firewall with forwarding). This script also enables torrents on an internal computer. On the firewall/external computer you need to change the Incoming TCP listen port to 33001, and the internal computer will use the default port:
Code:
#!/bin/bash
EXTIF="ppp0" # External interface
LAN="eth0" # Internal interface
# This is another computer with Azureus installed:
torrentPC="192.168.0.5"
# Flush/Delete chains/Zero counters:
$cIP -F
$cIP -t nat -F
$cIP -X
$cIP -Z
# Set default policies:
$cIP -P INPUT DROP
$cIP -P OUTPUT ACCEPT
$cIP -P FORWARD ACCEPT
# Allow already established, related connections, and allow NEW outgoing connections:
$cIP -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$cIP -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$cIP -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# Enable MASQUERADING:
$cIP -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
# Allow services to communicate with localhost:
$cIP -A INPUT -i lo -j ACCEPT
$cIP -A OUTPUT -o lo -j ACCEPT
# Local Open Ports, these ports will be accessible from the internet.
# I have allowed all access from the internal LAN, so internal ports does not need to be explicitly opened.
# The commented lines below can be opened if needed:
# $cIP -A INPUT -i $EXTIF -p tcp --dport 80 -j ACCEPT # Open HTTP server port
$cIP -A INPUT -i $EXTIF -p tcp --dport 33001 -j ACCEPT # Azureus TCP Listen Port
$cIP -A INPUT -i $EXTIF -p udp --dport 33001 -j ACCEPT # Azureus UDP Listen Port
# Allow External SSH port (custom port, not the usual 22):
# $cIP -A INPUT -i $EXTIF -p tcp --dport 22 -j ACCEPT
# Allow all LAN->Internet connections (not stopped by the earlier rules):
$cIP -A INPUT -i $LAN -j ACCEPT
$cIP -A OUTPUT -o $LAN -j ACCEPT
$cIP -A FORWARD -i $LAN -s $LAN0 -j ACCEPT
# Forwarding:
# Forward port 6880 to internal torrent computer (I'll only do TCP):
$cIP -t nat -A PREROUTING -i $EXTIF -p tcp --dport 6880 -j DNAT --to-destination $torrentPC
$cIP -A FORWARD -p tcp -i $EXTIF -d $torrentPC --dport 6880 -j ACCEPT
# Enable logging of dropped packages:
$cIP -A INPUT -j LOG --log-prefix "DROP_INPUT: "
$cIP -A FORWARD -j LOG --log-prefix "DROP_FORWARD: "
$cIP -A OUTPUT -j LOG --log-prefix "DROP_OUTPUT: "
# Turn on forwarding:
echo 1 > /proc/sys/net/ipv4/ip_forward
As I said, the above script is for a basic firewall/gateway with 2 interfaces.
Copy the above into a text file, "chmod +x <textfile_name>" and execute it (./<textfile_name>)
If you only need a local firewall script (only one interface, with an external IP):
Code:
#!/bin/bash
cIP="/sbin/iptables" # Location of iptables
# Flush/delete/zero:
$cIP -F
$cIP -t nat -F
$cIP -X
$cIP -Z
$cIP -P INPUT DROP
$cIP -P OUTPUT ACCEPT
# Allow established incomming, and new outgoing connections:
$cIP -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$cIP -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Services/programs needs access to loopback device
$cIP -A INPUT -i lo -j ACCEPT
$cIP -A OUTPUT -o lo -j ACCEPT
# Open ports 80 (if you have a webserver running), SSH and azureus port 6880:
$cIP -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT # SSH
$cIP -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT # HTTP
$cIP -A INPUT -i eth0 -p tcp --dport 6880 -j ACCEPT # TORRENT
# Everything else will be blocked by the default INPUT policy...
# Some logging might be interesting:
$cIP -A INPUT -j LOG --log-prefix "DROP_INPUT: "
$cIP -A OUPUT -j LOG --log-prefix "DROP_OUPUT: "
The same procedure of copy/past chmod +x <filename>, ./<filename> goes here...
If any of these scripts fail, check my syntax
might be a syntax error in there. You might also need certain modules compiled or loaded.
If the script fails on the "-j LOG", just try to comment it out (disable/delete it), or recompile your kernel with the correct modules.
The first script is not a bulletproof firewall, but it should be safe enough to get you started. Later it can be made stricter, but as long as you trust the LAN you should be fine.
The second script is ONLY useful if you are directly connected to the internet.
If not, you might need to open some more ports, or possibly allow access from your NFS server (portmap is a b**ch) etc... You will also have to forward port 6880 to the computer running this script.
Hope this can help some of you! I've had the same "Behind firewall" and NAT errors in Azureus, and the above scripts helped me (and even got me higher average download speeds).