LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-23-2004, 07:13 AM   #1
nei
LQ Newbie
 
Registered: Mar 2004
Posts: 2

Rep: Reputation: 0
bittorrent / iptables (?) problem (works more or less :x)


hi

iam having trouble with bittorrent and my gateway (slack 9.1)

i launch the dowloads directly on my gw with screen...it actually works, but very bad...
the d/l rate is between a few hundreds bytes/s and 4-6k/s when it works good :/ ive also
tried on a win2k box behind the gw, but i get timouts and it also doesnt work well...
( im speaking of recent bt with a lot of seeders an leechers...)
below is my fw script and a few cmds outputs... am i missing sth ?
(btw i have an adsl 512k)

thanx for any help and sorry for my english ^^


tihis one has 80 seeds and 80 leechers... ( i used to d/l at more than 40k/s one month ago :/)
file: [AonE]_Gungrave_22_[134772B0].avi |
| size: 193,798,144 (184.8 MB) |
| dest: /home/nei/dl/[AonE]_Gungrave_22_[134772B0].avi |
| progress: |
| status: finishing in 20:35:33 (82.3%) |
| speed: 1.3 KB/s down - 10.4 KB/s up |
| totals: 6.5 MB down - 64.8 MB up


root@syhknosys:~# cat /etc/rc.d/rc.firewall
#/bin/bash

IPTABLES=/usr/local/sbin/iptables

#--------------------------------------------------------------------#

echo "1" > /proc/sys/net/ipv4/ip_forward

#Disabling IP Spoofing attacks.
echo "2" > /proc/sys/net/ipv4/conf/all/rp_filter

#Don't respond to broadcast pings (Smurf-Amplifier-Protection)
echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

#Block source routing
echo "0" > /proc/sys/net/ipv4/conf/all/accept_source_route

#Kill timestamps
echo "0" > /proc/sys/net/ipv4/tcp_timestamps

#Enable SYN Cookies
echo "1" > /proc/sys/net/ipv4/tcp_syncookies

#Kill redirects
echo "0" > /proc/sys/net/ipv4/conf/all/accept_redirects

#Enable bad error message protection
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

#Log martians (packets with impossible addresses)
echo "1" > /proc/sys/net/ipv4/conf/all/log_martians

#Set out local port range
#echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range

#Reduce DoS'ing ability by reducing timeouts
echo "30" > /proc/sys/net/ipv4/tcp_fin_timeout
echo "2400" > /proc/sys/net/ipv4/tcp_keepalive_time
echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
echo "0" > /proc/sys/net/ipv4/tcp_sack
#--------------------------------------------------------------------#
#Flush the tables
$IPTABLES -t filter -F
$IPTABLES -t filter -X
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t mangle -F
$IPTABLES -t mangle -X

#--------------------------------------------------------------------#
#Setting policies on filter table
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT DROP
$IPTABLES -P FORWARD DROP
#--------------------------------------------------------------------#
#Setting policies on the other tables
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P INPUT ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -t mangle -P FORWARD ACCEPT
$IPTABLES -t mangle -P POSTROUTING ACCEPT

$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
#--------------------------------------------------------------------#
#ACCEPTing ourselves
$IPTABLES -A INPUT -i lo -j ACCEPT
$IPTABLES -A OUTPUT -o lo -j ACCEPT
#ACCEPTing lan packets
$IPTABLES -A INPUT -i eth0 -j ACCEPT
$IPTABLES -A OUTPUT -o eth0 -m state --state NEW -j LOG --log-prefix="[eth0]new connection:"
$IPTABLES -A OUTPUT -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

$IPTABLES -A INPUT -i eth1 -j ACCEPT
$IPTABLES -A OUTPUT -o eth1 -m state --state NEW -j LOG --log-prefix="[eth1]new connection:"
$IPTABLES -A OUTPUT -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
#ACCEPTing wlan packets
$IPTABLES -A INPUT -i wlan0 -j ACCEPT
$IPTABLES -A OUTPUT -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
#FW has internet...
$IPTABLES -A OUTPUT -o ppp0 -j ACCEPT
$IPTABLES -A INPUT -i ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
#--------------------------------------------------------------------#
#NATing
$IPTABLES -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -s 192.168.16.0/24 -o ppp0 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -s 192.168.11.0/24 -o ppp0 -j MASQUERADE

#Conntrack: FORWARDing everything from the LAN/WLAN to the Net
$IPTABLES -A FORWARD -i eth0 -o ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i eth1 -o ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i wlan0 -o ppp0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#...allowing valid, already established connections from the Net
$IPTABLES -A FORWARD -i ppp0 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i ppp0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i ppp0 -o wlan0 -m state --state ESTABLISHED,RELATED -j ACCEPT
#....
$IPTABLES -A FORWARD -i eth1 -o eth0 -m state --state ! INVALID -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ! INVALID -j ACCEPT
#...
#--------------------------------------------------------------------#
#misc...-p icmp -m state --state RELATED -j ACCEPT

$IPTABLES -A INPUT -p icmp -j ACCEPT
$IPTABLES -A OUTPUT -p icmp -j ACCEPT

#ACCEPTing a few things for now:
$IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT
$IPTABLES -A INPUT -p tcp --dport http -j ACCEPT
#dns :p
$IPTABLES -A INPUT -i ppp0 -p udp --sport 53 --dport 1024: -m state --state RELATED,ESTABLISHED -j ACCEPT

# ! bittorrent ...
iptables -A INPUT -i ppp0 -p tcp --dport 6881:6889 -j ACCEPT
iptables -A INPUT -i ppp0 -p tcp --dport 6969 -j ACCEPT

#test ! bittorrent ...
#iptables -A INPUT -i ppp0 -p tcp --dport 6000:7000 -j ACCEPT

root@syhknosys:~# netstat -nap --ip |grep 688
tcp 0 0 0.0.0.0:6881 0.0.0.0:* LISTEN 16026/python
tcp 0 0 82.x4.14.xx:6881 65.33.21.184:3799 SYN_RECV -
tcp 0 0 0.0.0.0:6882 0.0.0.0:* LISTEN 4093/python
tcp 0 0 82.x4.14.xx:6881 24.210.200.68:1124 TIME_WAIT -
tcp 0 1 82.x4.14.xx:6881 80.223.145.248:1425 FIN_WAIT1 -
tcp 0 1 82.x4.14.xx:6881 24.197.24.203:1564 FIN_WAIT1 -
tcp 0 0 82.x4.14.xx:6881 66.111.59.20:50548 ESTABLISHED 16026/python
root@syhknosys:~# uname -a
Linux syhknosys 2.4.25-grsec #1 Sun Feb 22 19:21:25 CET 2004 i686 unknown unknown GNU/Linux

heres a bt screensht...

file: Kenichi_Sonoda_-_Gallant_(DPG_-_4D1D5B86)_www.animeart.com.ar.zip |
| size: 164,025,486 (156.4 MB) |
| dest: /home/nei/dl/Kenichi_Sonoda_-_Gallant_(DPG_-_4D1D5B86)_www.animeart.com.ar.zip |
| progress: #############################################################______________ |
| status: finishing in 22:58:28 (88.7%) |
| speed: 6 B/s down - 1.5 KB/s up |
| totals: 58.1 MB down - 135.0 MB up |
| error(s): [09:27:07] Problem connecting to tracker - timeout exceeded |

Last edited by nei; 03-24-2004 at 04:35 PM.
 
Old 03-30-2004, 08:33 AM   #2
nei
LQ Newbie
 
Registered: Mar 2004
Posts: 2

Original Poster
Rep: Reputation: 0
:'(
 
Old 03-31-2004, 06:34 AM   #3
Azmeen
Senior Member
 
Registered: May 2003
Location: Malaysia
Distribution: Slackware, LFS, CentOS
Posts: 1,307

Rep: Reputation: 47
I got something similar setup on my firewall, although it's not a gateway.

Maybe you should try adjusting your bittorrent section a bit to look like:
Code:
# ! bittorrent ...
$IPTABLES -A INPUT -i ppp0 -p tcp --dport 6881:6889 -j ACCEPT
I don't think that the other line is necessary.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Bittorrent works in Windows but not Linux? oudent Linux - Software 4 10-26-2005 03:55 PM
Bittorrent only works as root LOLobo Linux - Software 4 08-15-2005 11:43 PM
Mandrake works great!!! A few questions about Java and Bittorrent Kyl3 Mandriva 9 10-07-2004 10:37 PM
IPtables & Bittorrent robot5x Linux - Security 8 09-14-2004 03:53 PM
BitTorrent + iptables = a confused me GT_Onizuka Linux - Newbie 4 08-28-2003 04:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 08:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration