I am a novice Linux user maintaining my own firewall/router system which acts as a gateway for the little network I call home. The firewall works well for the most part; I can hit webpages like this one, play Starcraft on Battle.Net and run simple servers like FTP servers on the inside network, making them available to the outside world by tweaking the script properly.

I am attempting to run a BitTorrent tracker using the BitTorrent client Azureus. I have configured Azureus to use the IP address of the external machine and to run on port 6969. On the firewall/router, I have added the following lines to my rc.firewall script:

for protocol in tcp udp;
do
$IPTABLES -A $CHAIN -p $protocol --dport 6969 -j ACCEPT
$IPTABLES -t nat -A PREROUTING -d $EXT_IP -p $protocol --dport 6969 -j DNAT --to $NESTOR_IP
$IPTABLES -t nat -A POSTROUTING -s $NESTOR_IP -p $protocol --sport 6969 -j SNAT --to $EXT_IP
done
echo -n "*"

...where $EXT_IP is the firewall's external IP, $NESTOR_IP is the IP of the internal machine running the tracker, and $CHAIN is the name of a chain which later gets added to the INPUT, OUTPUT, and FORWARD chains. I've built this from a pattern I've established to work for most of my purposes.

In this case, however, it is not working. The tracker sees any BitTorrent client which does not force its IP address as having the internal IP address of the firewall. BitTorrent clients which force their IP addresses work fine.

Am I misconfigured somehow? I'm not sure if this is a firewall configuration problem or an issue I'm having with the BitTorrent protocol. Any advice is much appreciated.

The machine is based on a custom install of Slackware 9.0 with an upgrade to module-init-tools 3.0 and the Linux 2.6.5 kernel.

Thank you for your time, and cheers!