Port Forwarding Help

Palula · 04-12-2006, 11:46 PM

Hi everybody!

I'm using a Torrent Client called microTorrent (very nice and slim by the way). But the thing is that had to make port forwarding lines within my iptables firewall to use it on a machine inside my network.

I'd like you guys to help me ou wit this one.

Here are the lines:

Code:

/sbin/iptables -A FORWARD -p tcp --dport ("port") -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -i $wanic -p tcp --dport ("port") -j DNAT --to ("ip_address:port")

Here is the response from microTorrent:
Unable to map UPnP port to "ip_address_inside_lan

ort"

What is wrong with this?
Indeed, if I make a port check from the Internet to the "port". It appears Stealthed...

Thanks!!!

Centinul · 04-13-2006, 04:41 PM

Quote:

Originally Posted by Palula

Here is the response from microTorrent:
Unable to map UPnP port to "ip_address_inside_lan

ort"

Does this torrent client use UPnP? If so a regular static port forward won't work (to my knowledge) because when an application uses UPnP ports are allocated dynamically. This might be the cause of your problem. I'm not sure though. Hope this helps!

fotoguy · 04-13-2006, 07:45 PM

If you want anyone from the internet to access the machine on the inside of your network you first need to accept the packet on the INPUT chain, then preroute it, then push it onto the forward chain.

/sbin/iptables -A INPUT -i $wanic -p tcp --dport ("port") -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -i $wanic -p tcp --dport ("port") -j DNAT --to ("ip_address

ort")
/sbin/iptables -A FORWARD -i $wanic -p tcp --dport ("port") -j DNAT --to ("ip_address

ort")

Centinul · 04-13-2006, 09:58 PM

fotoguy -- I thought the PREROUTING chain was hit BEFORE the INPUT chain. At least that is how I understand it from this tutorial. Please let me know if I'm misunderstanding it

In that case, OP, I would switch your rules so the PREROUTING rule is before the forward rule. Also, take note of what I mentioned above.

fotoguy · 04-14-2006, 03:47 AM

Quote:

Originally Posted by Centinul

fotoguy -- I thought the PREROUTING chain was hit BEFORE the INPUT chain. At least that is how I understand it from this tutorial. Please let me know if I'm misunderstanding it

In that case, OP, I would switch your rules so the PREROUTING rule is before the forward rule. Also, take note of what I mentioned above.

I think you are right, I have read example which tell you to accept on the INPUT chain before you can preroute it, so I may have to do some more research on the subject.

Thanks for that