On Tue, Sep 23, 2003 at 05:16:41PM +0800, Tom wrote: > The following is my iptables rules.According to my understanding, BT > use the ports 6881 to 6889,Then I forward these ports to my machines > in LAN. I have no idea about bittorrent and it's protocol, sorry. > > #! /bin/sh > iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 6881:6889 -j DNAT --to 192.168.1.90:6881-6889 > iptables -A FORWARD -p tcp -s 192.168.1.90 --dport 6881:6889 -j ACCEPT > Those rules say 'nat any port between 6881:6889 to any port between 6881:6889'. i.e. port 6881 can be NAT'ed to 6884, happening in a non-deterministic manner. try 9 seperate rules for every port if you want to have that guarantee. > Tom Cheung > 23 Sept 2003 -- - Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
pgp00593.pgp
Description: PGP signature
