中司と申します。 BitTrrent のポート番号は、6881 - 6889 と 認識しているのですが、うまくGWの設定ができないです。 cableインターネットを使用しているのですが、 GWをかえさずに実行すると下りで150kB/s程度 GWを介入させて実行すると下りで 3kB/s程度 です。 使用しているソフトはWin用で、BitComet 0.97 です。 (1)当方のGWの設定は、 #!/bin/bash HOME='192.168.0.0/24' #ローカルネットワークアドレス IPTABLES='/sbin/iptables' #IPフォワードの停止 echo 0 > /proc/sys/net/ipv4/ip_forward #全てのルールを削除する $IPTABLES -F #すべてのアクセスを拒否する $IPTABLES -P INPUT DROP $IPTABLES -P FORWARD DROP $IPTABLES -P OUTPUT DROP ### ループバックアドレスに関するアクセスを全て許可 ### $IPTABLES -A INPUT -i lo -j ACCEPT $IPTABLES -A OUTPUT -o lo -j ACCEPT # for localnet (ローカルネット) # eth0(内部)からのアクセスはすべて許可(ACCEPT) $IPTABLES -A INPUT -i eth0 -j ACCEPT $IPTABLES -A OUTPUT -o eth0 -j ACCEPT # for ping(imcp) #自端末からの入力を許可 $IPTABLES -A INPUT -i lo -p icmp -j ACCEPT $IPTABLES -A INPUT -i eth0 -p icmp -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p icmp -j ACCEPT ### DNSサーバからの外部DNS問い合わせを許可 ### $IPTABLES -A OUTPUT -p udp --dport 53 -j ACCEPT $IPTABLES -A OUTPUT -p tcp -m state --state NEW --dport 53 -j ACCEPT # for output # (localから外部)ntp による接続を許可 $IPTABLES -A OUTPUT -p udp --dport 123 -j ACCEPT # for www www の閲覧も許可(ACCEPT) $IPTABLES -A OUTPUT -p tcp --dport 80 -j ACCEPT #http $IPTABLES -A OUTPUT -p tcp --dport 443 -j ACCEPT #https # for ftp $IPTABLES -A OUTPUT -p tcp --dport 20 -j ACCEPT $IPTABLES -A OUTPUT -p tcp --dport 21 -j ACCEPT # for masquerade # IP マスカレードの定義 # #$IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE $IPTABLES -t nat -A POSTROUTING -s 192.168.0.0/255.255.255.0 -j MASQUERADE # for www www の閲覧も許可(ACCEPT) $IPTABLES -A FORWARD -i eth0 -p tcp --dport 80 -j ACCEPT #http $IPTABLES -A FORWARD -i eth0 -p tcp --dport 443 -j ACCEPT #https # for ftp $IPTABLES -A FORWARD -i eth0 -p tcp --dport 20 -j ACCEPT #http $IPTABLES -A FORWARD -i eth0 -p tcp --dport 21 -j ACCEPT #https # for POP メールの受信許可 $IPTABLES -A FORWARD -i eth0 -p tcp --dport 110 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p tcp --dport 143 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p tcp --dport 993 -j ACCEPT # for SMTP メールの送信許可 $IPTABLES -A FORWARD -i eth0 -p tcp --dport 25 -j ACCEPT # for DNS $IPTABLES -A FORWARD -i eth0 -p udp --dport 53 -j ACCEPT # for ntpdate $IPTABLES -A FORWARD -i eth0 -p udp --dport 123 -j ACCEPT # for WWW-Go $IPTABLES -A FORWARD -i eth0 -p tcp --dport 10001 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p tcp --dport 10005 -j ACCEPT # for BitTrrent $IPTABLES -A FORWARD -i eth0 -p tcp --dport 6881 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p tcp --dport 6882 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p tcp --dport 6883 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p tcp --dport 6884 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p tcp --dport 6885 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p tcp --dport 6886 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p tcp --dport 6887 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p tcp --dport 6888 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p tcp --dport 6889 -j ACCEPT # for BitTrrent $IPTABLES -A FORWARD -i eth0 -p udp --dport 6881 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p udp --dport 6882 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p udp --dport 6883 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p udp --dport 6884 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p udp --dport 6885 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p udp --dport 6886 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p udp --dport 6887 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p udp --dport 6888 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p udp --dport 6889 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p tcp --dport 13302 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -p udp --dport 13302 -j ACCEPT # #----------------------------------------------------------------------- #次に、既にconnectionが張られている通信を許可します。 # for establish # 接続が確立したパケットは許可 $IPTABLES -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # logging $IPTABLES -A INPUT -j LOG -m limit --limit 5/minute --log-prefix "Dropping[inp]: " $IPTABLES -A OUTPUT -j LOG -m limit --limit 5/minute --log-prefix "Dropping[out]: " $IPTABLES -A FORWARD -j LOG -m limit --limit 5/minute --log-prefix "Dropping[for]: " /sbin/iptables-save > /etc/sysconfig/iptables echo 1 > /proc/sys/net/ipv4/ip_forward (2)iptables -L の結果は、 # iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level warning prefix `Dropping[inp]: ' Chain FORWARD (policy DROP) target prot opt source destination ACCEPT icmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:ntp ACCEPT tcp -- anywhere anywhere tcp dpt:10001 ACCEPT tcp -- anywhere anywhere tcp dpt:10005 ACCEPT tcp -- anywhere anywhere tcp dpt:6881 ACCEPT tcp -- anywhere anywhere tcp dpt:6882 ACCEPT tcp -- anywhere anywhere tcp dpt:6883 ACCEPT tcp -- anywhere anywhere tcp dpt:6884 ACCEPT tcp -- anywhere anywhere tcp dpt:6885 ACCEPT tcp -- anywhere anywhere tcp dpt:6886 ACCEPT tcp -- anywhere anywhere tcp dpt:6887 ACCEPT tcp -- anywhere anywhere tcp dpt:6888 ACCEPT tcp -- anywhere anywhere tcp dpt:6889 ACCEPT udp -- anywhere anywhere udp dpt:6881 ACCEPT udp -- anywhere anywhere udp dpt:6882 ACCEPT udp -- anywhere anywhere udp dpt:6883 ACCEPT udp -- anywhere anywhere udp dpt:6884 ACCEPT udp -- anywhere anywhere udp dpt:6885 ACCEPT udp -- anywhere anywhere udp dpt:6886 ACCEPT udp -- anywhere anywhere udp dpt:6887 ACCEPT udp -- anywhere anywhere udp dpt:6888 ACCEPT udp -- anywhere anywhere udp dpt:6889 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level warning prefix `Dropping[for]: ' Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:ntp ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpt:ftp LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level warning prefix `Dropping[out]: ' です。