Comments on: Linux Iptables open Bittorrent tcp ports 6881 to 6889

By: SIFE

SIFE — Thu, 10 Jun 2010 18:03:16 +0000

hi, this info very good and give me some idea to apply in other services in future .
what if i want to block seeding only or leeching only ,i am using OpenBSD PF .

By: i3keba

i3keba — Thu, 06 May 2010 08:24:45 +0000

Question: how will behave iptables if I will forward one port range to different port range?
Example:
iptables -t nat -A PREROUTING -p tcp –dport 6001:6999 -j DNAT –to-destination 192.168.0.30:7001-7999
As I know 2.4 kernel was mapping port to port but 2.6.11 and up seems always mapping 6001:6999 to first port (7001) of 7001-7999 range.

Any ideas

By: stewa

stewa — Thu, 03 Sep 2009 16:52:32 +0000

Thank you! Now Torrent works great!

By: voxeljorz

voxeljorz — Wed, 15 Apr 2009 05:42:33 +0000

i use free ports for torrent, by the way using windows OS with Kerio Firewall

By: chandan kumar

chandan kumar — Tue, 24 Feb 2009 14:50:11 +0000

i know about protocol-ports.

By: Hellimod

Hellimod — Sat, 06 Sep 2008 12:47:54 +0000

Everything said in this article is true except for the port assignment. ports 6881 to 6889 are blacklisted by both ISP’s and trackers now adays. Advising people use these ports is completely incorrect. Better to just say to people to pick any ports in the 50000+ range. Not only are those ports blacklisted. Using them will get you banned from many trackets. Yep complete and utter outright ban on those ports they are not to be used EVER.

By: Gini

Gini — Wed, 02 Jul 2008 17:01:53 +0000

Hi
Is there a way that we can force a particular application to use a particular interface say wlan0 or eth0 ?

By: Sneezy Melon

Sneezy Melon — Sat, 15 Mar 2008 16:58:27 +0000

nice post! Thanks for sharing!

By: rich

rich — Tue, 08 Jan 2008 16:42:30 +0000

It took me a while to find this info… I had port forwarded 6881-6889 and didnt gain anything so I was glad to see that there’s one more step to getting it working correctly. I’ll try it out tonight:

iptables -A INPUT -p tcp –destination-port 6881:6999 -j ACCEPT
iptables -A OUTPUT -p tcp –source-port 6881:6999 -j ACCEPT

By: vivek

vivek — Thu, 06 Dec 2007 16:37:01 +0000

It should be as follows, (note double dash –)

iptables -t nat -A PREROUTING -p tcp --dport 6881:6889 -j DNAT --to-destination 192.168.0.30

By: Albert

Albert — Thu, 06 Dec 2007 15:49:24 +0000

I’m getting:

iptables -t nat -A PREROUTING -p tcp –d 6881:6889
-j DNAT –to-destination 192.168.0.30

– Bad argument ’192.168.0.30′

I looked in the help but no -to-destination argument found…

What can I do? thanks in advance.

By: Avesh

Avesh — Wed, 19 Sep 2007 08:39:13 +0000

Hi, my iptables is not working in redhat linux.
It gives me the error as iptables-restore not matched. whereas this file is /sbin.
whether i need to run the command of service iptables-save. also when i put -p in my iptables command it gives me the error. so what shud I do?

By: figure

figure — Thu, 31 May 2007 23:18:52 +0000

joe,

Here is the command you need (a little late).

/sbin/iptables -A INPUT -p tcp -v –match multiport –dports 6881:6999 -j ACCEPT

/sbin/iptables -A OUTPUT -p tcp -v –match multiport –dports 6881:6999 -j ACCEPT

To get rid of these rules after you are done,

/sbin/iptables -D INPUT -p tcp -v –match multiport –dports 6881:6999 -j ACCEPT

/sbin/iptables -D OUTPUT -p tcp -v –match multiport –dports 6881:6999 -j ACCEPT

The key change is the –match option as it loads a module that allows the –dports (or –destination-ports) to be used. It can load many other modules besides the multiport module, but this is the one we need here.

By: Darkly

Darkly — Thu, 31 May 2007 20:52:52 +0000

replace -destination-port with –destination port and you will be fine.

By: joe

joe — Sat, 17 Mar 2007 17:04:14 +0000

hi,
i tried running the sample code:

iptables -A INPUT -p tcp –destination-port 6881:6999 -j ACCEPT

but the shell spit up “bad argument ‘-destination-port’”

i looked in the help file for my version of iptables and could not find this parameter. i tried the other parameters that seemed similar, -d & –destination. The latter worked, while the former did not. In the help file the -d option appears with a ‘[!]‘ next to it – what does this indicate?

despite my success with ‘–destination’ a new error popped up. ‘-p’ was considered a bad argument. i tried ‘–proto,’ the alternative according to the help file, but to no avail.

what do you suggest?

thanks for your time,

joe

By: Anonymous

Anonymous — Fri, 22 Sep 2006 23:37:00 +0000

oh yeah! Now I don’t get that yellow ball when using BitTornado.

Thanks a lot!!! :)

By: nixcraft

nixcraft — Mon, 03 Jul 2006 02:48:00 +0000

6881:6889 ==> More than sufficient for Bittorent client.

If you are going to distribute torrents then use 6881:6999

By: Anonymous

Anonymous — Tue, 27 Jun 2006 09:10:00 +0000

is the default port range 6881:6889 or 6881:6999 – the article mentions both, seems a confict there.

By: nixcraft

nixcraft — Tue, 04 Apr 2006 00:52:00 +0000

To fix first error run command:
modprobe ip_tables iptable_filter ipt_state ip_conntrack ipt_LOG iptable_mangle

Then verify module loaded with following command:
lsmod | grep ip

If above two command fails with an error then you need to upgrade your kernel. Btw specify your Linux disto…

To fix second error, type rule as follows (it is –source-port not –source-ports ):
iptables -A OUTPUT -p tcp –source-port 6881:6999 -j ACCEPT

By: Anonymous

Anonymous — Tue, 04 Apr 2006 00:33:00 +0000

[root@server html]# iptables -A INPUT -p tcp –destination-port 6881:6999 -j ACCEPT
iptables v1.3.0: can’t initialize iptables table `filter’: iptables who? (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
[root@server html]# iptables -A OUTPUT -p tcp –source-ports 6881:6999 -j ACCEPT
iptables v1.3.0: Unknown arg `–source-ports’
Try `iptables -h’ or ‘iptables –help’ for more information.

How to fix that?