[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Azureus and the TCP port 6881

On Monday 06 February 2006 07:30, Marcelo Chiapparini wrote:
>Hello Gene,
>
>thank you very much for your answer. However, I am a completly
> ignorant regarding NAT... after reading your advice, I went to the
> NAT howto and I was scared...
>
>On Mon, 2006-01-30 at 19:26 -0500, Gene Heskett wrote:
>> On Monday 30 January 2006 17:59, Marcelo Chiapparini wrote:
>> >Dear debianners,
>> >
>> >I've just installed Azureus as my .torrent client. During its
>> >configuration the wizard checks for the 6881 TCP port reporting the
>> >following message: "Testing port 6881...   NAT error". I would like
>> > to know how to open this port. I've surfed the list, googled the
>> > web without success. I am wired to the Internet by an ADSL
>> > connection. I wonder if this problem involves my Internet
>> > provider...
>> >Thanks in advance for any help!
>>
>> More than likely you'll need to setup a NAT rule in iptables.
>
>iptables is, in fact, an (from the man page) "administration tool for
>IPv4 packet filtering and NAT". You suggest to use iptables to set up
> a NAT rule, isn't?
>
>> I have
>> the NAT being done in the router,
>
>my router, I guess, is with my IP provider... I can't do anything in
>that machine...

Then you are essentially at his mercy.  I'd lock it up as tightly as I 
could with iptables, portsentry, and tcpwrappers.  I use them all.

>> by forwarding this range of ports
>> directly to this machines address.  Its all setup in the router for
>> that.
>>
>> But I also have to open up iptables a wee bit on my firewall box,
>> with this rule:
>
>I don't have a firewall installed in my machine...

Ouch! Do so ASAP!  There are scripts around to take some of the mystery 
and apprehension out of that, and I've heard that 'firestarter' is a 
good one although I've never used any of those types of tools myself.

With the upcoming cybersecurity exersize, I'd try to be well prepared.  
From what I read, the network will be dossed pretty good by this.  I do 
expect to see an entry or 2 in my logs although attackers have only 
made it to the logs 3 times in 3 years and thats as far as they got.

An aggressive scan by satan & its ilk from outside, finds nothing, and 
doesn't make the logs here.  So I think I've in pretty good shape.

>> -----------
>> #!/bin/bash
>> BTFORWARDADDR=192.168.xx.3 PORTSTART=6881 PORTEND=6999
>> /sbin/iptables -A FORWARD -s $BTFORWARDADDR -p tcp --dport
>> $PORTSTART: $PORTEND -j ACCEPT
>> -----------
>> Where the "xx" is a real number of course.
>
>My problem is that I want to open port 6881 (or another one,following
>Chris Howie's tip) for Azureus. I have sarge installed in my machine
> at home, wired to my Internet Provider trough an ADSL connection. I
> would like to be able to open the ports without having to study the
> gory details of NAT... sorry, I am not lazy, I don't have the time
> for it...
>
>With the best regards,
>
>Marcelo
>
>
>--
>Marcelo Chiapparini
>chiappa@oi.com.br

-- 
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
Reply to: