Red HatThis forum is for the discussion of Red Hat Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I can't get fast downloading with Azureus because of incoming TCP port errors.
The NAT/Firewall test in Azureus said there was a NAT Error. I've managed to now get:
Testing port 57571 ... Unable to test: Invalid port given, or test service failed. Another application may already be using this port.
Running netstat on the PC shows the port is listening. Going to GR (ww.grc.com) lists the port as stealth.
If I add:
-A INPUT -p tcp -m tcp --dport 57571 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
Thanks for any help. I've been doing this for several days without any success.
-redmap
My iptables file:
*nat
:PREROUTING ACCEPT [31:6008]
:POSTROUTING ACCEPT [3:252]
:OUTPUT ACCEPT [4:308]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 20 23:59:41 2003
# Generated by iptables-save v1.2.7a on Mon Oct 20 23:59:41 2003
*filter
:INPUT DROP [3:276]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [99:10703]
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.0.0/255.255.255.0 -i eth0 -j DROP
-A INPUT -s 127.0.0.0/255.0.0.0 -i eth0 -j DROP
-A INPUT -p tcp -m tcp --dport 25 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 23 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 2200 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p udp -m udp --dport 517 -j ACCEPT
-A INPUT -p udp -m udp --dport 518 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 993 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p tcp -m tcp --dport 143 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
considering that the ip you are giving is 192.168.x.x, it sounds like you are behind a router. this might sound like a stupid question but, have you forwarded the same port # to the router that you have opened in your firewall AND set as the azureus listening port? this would explain grc.com showing stealth after all the trouble you've gone to.
considering that the ip you are giving is 192.168.x.x, it sounds like you are behind a router. this might sound like a stupid question but, have you forwarded the same port # to the router that you have opened in your firewall AND set as the azureus listening port? this would explain grc.com showing stealth after all the trouble you've gone to.
Thanks for replying. I'm so dizzy with all this that I checked for the router. No router. A Netgear hub.
There's a linux box as firewall connected to the outside. The iptables are from the unix box. Its ip address is 192.168.1.1. The 192.168.1.15 address is a PC on the lan running Windows XP.
Well, I don't know what happened, but things are working. In desperation I've been making small little changes, random changes, trying the same thing over and over. And for some reason, it's now working. Who says repeating the same actions and expecting a different result is the sign of insanity?
Anyway, for any other desperate person, this last iptables entry worked:
<LAN_IP> is internal ip address (e.g. 192.168.0.2)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.