Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm running a Slackware 9.1 box with kernelversion 2.4.22 and iptables v1.2.9 as a router/firewall. I'm using the basic firewall script from the IP-masq howto.
On my other box I'd like to use bittorrent, but it complains about nat problems, I can use it but the speed is really slow. I guess it's cause the firewall blocks all connections.
So my question is how do I open up a specific or several ports in iptables?
I've tried
If you are trying to open ports to the local machine then.
iptables -I INPUT -p tcp -dport 20:21 -j ACCEPT;
should do it. This would open tcp ports 20 through 21 to the local server from anywhere.
Originally posted by g-rod If you are trying to open ports to the local machine then.
iptables -I INPUT -p tcp -dport 20:21 -j ACCEPT;
should do it. This would open tcp ports 20 through 21 to the local server from anywhere.
Originally posted by ekerik On my other box I'd like to use bittorrent, but it complains about nat problems, I can use it but the speed is really slow. I guess it's cause the firewall blocks all connections.
So my question is how do I open up a specific or several ports in iptables?
I've tried
Where 192.168.0.2 is the computer running bittorrent and 6881 is the port I want to open. But that did not work.
//Thanks, Erik
This command looks correct, but the problem might be the -A wich will append the rule at the end of the chain. This way the packet might get dropped before reaching your rule. Change the -A to -I wich will insert the rule at the top of chain thus overruling all coming rules.
If this doesn't work then there might be other rules in other chains or tables messing with us. In this case run iptables -L and iptables -L -t nat and post the results here.
The previous reply to this thread has only to do about traffic destined for your gateway. This traffic your talking about is forward traffic.
Originally posted by ugge This command looks correct, but the problem might be the -A wich will append the rule at the end of the chain. This way the packet might get dropped before reaching your rule. Change the -A to -I wich will insert the rule at the top of chain thus overruling all coming rules.
If this doesn't work then there might be other rules in other chains or tables messing with us. In this case run iptables -L and iptables -L -t nat and post the results here.
The previous reply to this thread has only to do about traffic destined for your gateway. This traffic your talking about is forward traffic.
Thanks for your reply
I tried with I instead of A, but I still get NAT errors. First I acidentally typed in the wrong ip and didn't recived nat errors just something like "cannot test connection" but when I changed to the right ip I recivead nat errors again.
What is the verbose output of the forward chain.
iptables -L forward -n -v;
Run tail -f /var/log/messsage while try to connect. That way we can see what packets are being dropped.
Originally posted by g-rod What is the verbose output of the forward chain.
iptables -L forward -n -v;
Run tail -f /var/log/messsage while try to connect. That way we can see what packets are being dropped.
iptables -L forward -n -v:
iptables: Table does not exist (do you need to insmod?)
When I tried connecting no messages appeared in /var/log/messages
Do you have any good and easy to configure scripts for ipmasquerading and firewalls? Maybe it's my script thats messing it up.
Not that I can see. It doesn't look like tables is droping anything.
Try tail -f /var/log/messsage;
As you are trying to connect and see if anything is being logged into the kernel log.
Distribution: Fedora, CentOS, and would like to get back to Gentoo
Posts: 332
Rep:
Quote:
Originally Posted by ugge
In this case run iptables -L -t nat and post the results here.
Ugge, a quick thank you for this suggestion.
I was trying to solve a nat problem I was having and came across this thread.
By looking only at the "-t nat" results I was able to find my mistake in the clutter of all my iptables chains.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.