From owner-freebsd-questions@FreeBSD.ORG Wed Feb 16 21:08:15 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 31AC316A4CE for ; Wed, 16 Feb 2005 21:08:15 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.192]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7611A43D31 for ; Wed, 16 Feb 2005 21:08:14 +0000 (GMT) (envelope-from greatnorthern@gmail.com) Received: by rproxy.gmail.com with SMTP id j1so184841rnf for ; Wed, 16 Feb 2005 13:08:13 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=qRmAZcZESvNVavli5XET83ogyhYz/pZmWZQFsGAPmLxoqL7S+dSt41J775ag/+Lp4LXkh85XzKMWwCrMoaODEBasueyKxVjnoedV+UPVjue7U8QxM2DpgjGqlEbTvd9MHvuw0uoxPmzS799+EALHEEKCc2+/8eoeFIhOlA6i9xo= Received: by 10.38.15.73 with SMTP id 73mr35345rno; Wed, 16 Feb 2005 13:08:13 -0800 (PST) Received: by 10.38.209.80 with HTTP; Wed, 16 Feb 2005 13:08:13 -0800 (PST) Message-ID: <467b1e7a05021613084191aac4@mail.gmail.com> Date: Wed, 16 Feb 2005 22:08:13 +0100 From: Fabian Anklam To: Paul , freebsd-questions@freebsd.org In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: Subject: Re: ipf, ipnat and Bittorrent X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Fabian Anklam List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Feb 2005 21:08:15 -0000 On Wed, 16 Feb 2005 13:04:28 -0000, Paul wrote: > I am trying to forward bittorrent ports on FreeBSD 5.3 with ipf and ipnat. > But the bittorrent indicator stays yellow which means it isn't set up > correctly. Also, I don't get as many connections to peers as I should and > download speeds are very poor. My ipnat.rules and ipf.rules files are shown > below: Took some toying around for me as well to get it running. For starters, Azureus is fine with one port only (set in Tools -> Options -> Incoming TCP listen port) i use 50505. >[...] > > #bittorrent > > rdr tun0 0/32 port 6881 -> 192.168.0.3 port 6881 tcp/udp > > rdr tun0 0/32 port 6882 -> 192.168.0.3 port 6882 tcp/udp > > rdr tun0 0/32 port 6883 -> 192.168.0.3 port 6883 tcp/udp > > rdr tun0 0/32 port 6884 -> 192.168.0.3 port 6884 tcp/udp > > rdr tun0 0/32 port 6885 -> 192.168.0.3 port 6885 tcp/udp > > rdr tun0 0/32 port 6886 -> 192.168.0.3 port 6886 tcp/udp > > rdr tun0 0/32 port 6887 -> 192.168.0.3 port 6887 tcp/udp > > rdr tun0 0/32 port 6888 -> 192.168.0.3 port 6888 tcp/udp > > rdr tun0 0/32 port 6889 -> 192.168.0.3 port 6889 tcp/udp > > rdr tun0 0/32 port 6890 -> 192.168.0.3 port 6890 tcp/udp The "Any IP on interface" for ipnat seems to be 0/0 instead of 0/32 and i am not sure if the tcp/udp keyword also works with ipnat. I use: rdr xl0 0/0 port 50505 -> 192.168.0.11 port 50505 tcp rdr xl0 0/0 port 50505 -> 192.168.0.11 port 50505 udp and then in ipf.rules: pass in quick on xl0 proto tcp from any to 192.168.0.11 port = 50505 flags S keep state pass in quick on xl0 proto udp from any to 192.168.0.11 port = 50505 keep state Regards