ipchains -- port forwarding -- bittorrent
i am a real linux n00b and a friend of mine installed an floppy LRP router in my house-network. It is an old linux installation with masquerading as firewall. I wanted to have port forwarding to work because bittorent downloads are slow if its not configured. So i researched for days and nights and finaly got it working !!! Now i wanted to share the joy and effort.
==> PLEASE COMMENT ON MY FINDINGS AND IPCHAIN RULES IF THEY NEED CHANGE FOR SECURITY REASONS
IPCHAINS vs IPTABLES
The problem was the old linux version uses ipchains instead of the newer iptables to configure/install the firewall. If you have iptables don't read further there is lots of info for you on the internet. If you have ipchains and are stuck with it: read on. There might be some help.
First you need to read at least chapter 4 of the ipchains-howto (see below for links). But i just give my working sollution rules. The commands use the tools ipchains and ipmasqadm.
Situation: I want the port 6881 to be forwarded.
1. First i punched a hole in the firewall and let all traffic to this port be accepted (i pierced all 3 default chains: input/forward/output):
#ipchains -A input -p tcp --destination-port 6881 -j ACCEPT
#ipchains -A forward -p tcp --destination-port 6881 -j ACCEPT
#ipchains -A output -p tcp --destination-port 6881 -j ACCEPT
2. Then i told the ip-masquerade that traffic to port 6881 must be continued to go to 6881
#ipmasqadm autofw -A -r tcp 6881 6881 -h 192.168.1.x
==> make sure that 192.168.1.x is the mask for your homenetwork (i got it wrong the first time)
3. Then and final necessary step for me (i couldn't find elsewere): you forward the port also with ip-masquerade portfw:
#ipmasqadm portfw -a -P tcp -L 18.104.22.168 6881 -R 192.168.1.4 6881
==>BUT you need to specify your routers-ip from the outside world: 22.214.171.124 in my case. And you need to specify your own client PC's IP in my case 192.168.1.4
CLOSING THE PORT
If you want to close the port again. Execute all the statements with the EXACT syntax but change the -A or -a option (=add the rule) into -D or -d (=delete the rule)
#ipmasqadm portfw -l ==> list all ports in portforward mode
> Basic howto ipchains especially Chapter 4
> ipchains man online -- overview ipchains commands
>ipchains Firewalling and Packet-Filtering Quick Start Guide
>ipchains help for e-donkey
> masquerade howto