From: Jochen Radmacher <jradmacher@gmx.de>
To: netfilter@lists.netfilter.org
Subject: Re: I need a clever solution for two Bittorrent machines behind a firewall
Date: Fri, 19 Nov 2004 03:01:05 +0100 [thread overview]
Message-ID: <419D53E1.7050406@gmx.de> (raw)
In-Reply-To: <260C0D3A0781D4EBEEED6053@[10.169.6.246]>
Hi,
Kenneth Porter wrote:
> --On Thursday, November 18, 2004 10:03 AM -0700 Brad Morgan
> <B-Morgan@concentric.net> wrote:
>
>> I'm using a Linux firewall with IPTables as my home firewall.
>
>
> Take a look at "port triggering". This is a feature in the Linksys
> WRT54G, which uses uClinux under the hood. When an outbound connection
> is seen to a particular port, a port forwarding rule is installed for
> the internal client. I'm guessing this is done by monitoring the
> iptables logs and installing a custom chain on demand that's removed
> after a period of inactivity.
>
I'm using a simple script to detect when someone connects to the
battle.net . The basic Idea is to check for /proc/net/ip_conntrack for
battle.net connections. Here is a simple version which has to be run
every n minutes.
Greets
Jochen Radmacher
---- cut here ----
#!/bin/bash
CONNECTED=0;
#Bugfix for netfilter bug 227
IPADDR=$(/sbin/ifconfig | grep -i "ppp0" -A 1|grep "inet addr"|cut -d "
" -f 12|
cut -d ":" -f 2)
#you can repeat the following 4 lines with different argument for grep
to make an 'OR'
egrep '213\.248\.106\.' /proc/net/ip_conntrack |grep $IPADDR >/dev/null
if [ "$?" -eq "0" ]; then
CONNECTED=1;
fi
if [ "$CONNECTED" -eq "1" ]; then
#do something
iptables -A ....
else
iptables -D ....
fi
prev parent reply other threads:[~2004-11-19 2:01 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-11-18 17:03 I need a clever solution for two Bittorrent machines behind a firewall Brad Morgan
2004-11-18 17:43 ` Jason Opperisano
2004-11-18 19:31 ` Kenneth Porter
2004-11-19 2:01 ` Jochen Radmacher [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=419D53E1.7050406@gmx.de \
--to=jradmacher@gmx.de \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox