KTorrent:

Timeout occurred
Authentication to 83.67.97.121 : failure
Connection closed
DHT: Sending ping response
Authentication to 142.59.43.45 : ok
Authentication to 89.120.136.146 : failure
Authentication to 89.120.136.146 : failure
Timeout occurred
Authentication to 89.136.88.23 : failure
Timeout occurred
Authentication to 88.158.3.30 : failure
Timeout occurred
Authentication to 88.218.13.161 : failure
Timeout occurred
Authentication to 128.194.39.224 : failure
Timeout occurred
Authentication to 72.76.251.124 : failure
Timeout occurred
Authentication to 81.104.151.142 : failure
Timeout occurred
Authentication to 195.113.189.218 : failure
Timeout occurred
Authentication to 71.192.190.8 : failure
Timeout occurred
Authentication to 71.192.190.8 : failure
Timeout occurred
Authentication to 213.10.85.190 : failure
Chunk 6967 downloaded

Props to #openwrt especially thepeople, bartman, and mdm for helping me get my 850G on OpenWRT.  DD-WRT wouldn't cut it. 

I will be writing a small guide once I am finished with my configuration.

Presently, it seems portforwarding is not quite working.

-bash-2.05b$ ssh -l root -v ****no.ip.info
OpenSSH_4.3, OpenSSL 0.9.7g 11 Apr 2005
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to *******[75.40.***.**] port 22.
debug1: connect to address 75.40.***.*** port 22: Connection refused
ssh: connect to host ********* port 22: Connection refused

-bash-2.05b$ telnet stlpcsolutions.no-ip.info 10001
Trying 75.40.62.85..
(refused)

-bash-2.05b$ telnet stlpcsolutions.no-ip.info 10003
Trying 75.40.62.85...
(refused)

Followed these instructions for my firewall setup:
http://wiki.openwrt.org/SimpleFirewall

This is the odd message I recieve:

root@OpenWrt:/etc# . /etc/init.d/S35firewall restart
/etc/fwlib.sh: 18: interface: not found
/etc/firewall.user: 6: -j: not found
/etc/firewall.user: 6: -j: not found
/etc/firewall.user: 7: -j: not found
/etc/firewall.user: 7: -j: not found
FORWARDING 113 TO doug (192.168.0.107)
/etc/firewall.user: 21: -j: not found
/etc/firewall.user: 21: -d: not found
FORWARDING 10001:10100 TO doug (192.168.0.107)
/etc/firewall.user: 25: -j: not found
/etc/firewall.user: 25: -d: not found
iptables v1.3.3: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
/etc/firewall.user: 33: ACCEPT: not found
iptables v1.3.3: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
/etc/firewall.user: 33: ACCEPT: not found

root@OpenWrt:/etc# cat firewall.user
#!/bin/sh
. /etc/fwlib.sh
flush_firewall

### Ports accessible on the router from the WAN
allow_tcp_port 22 # SSH
allow_tcp_port 465 # HTTPS

### Ports accessible from specific hosts to the router from the WAN
# allow_tcp_port_fromhost 80 remote_access # HTTP
# allow_tcp_port_fromhost 22 remote_access

### Ports accessible to client machines.
# forward_port 22 server
#forward_port 10001:10100 doug

### if we really need _all_ ports...
# register_dmz server

# forward workstation port for application development
forward_port 113 doug

# forward a few utility port-ranges to make it easier to deal with
# bittorrent configurations and the like
forward_port 10001:10100 doug
# forward_port 10100:10199 laptop1
# forward_port 10200:10299 laptop2

### Translate port for client machines.
# translate_port 8080 printer_01 80

### Trusted hosts, full access to router
trusted_host doug

/etc/hosts
127.0.0.1 localhost OpenWrt
192.168.0.107 doug

root@OpenWrt:/etc# cat fwlib.sh
#!/bin/sh

. /etc/functions.sh

WAN=$(nvram get wan_ifname)
LAN=$(nvram get lan_ifname)

flush_firewall () {
    iptables -F input_rule
    iptables -F output_rule
    iptables -F forwarding_rule
    iptables -t nat -F prerouting_rule
    iptables -t nat -F postrouting_rule
}

### BIG FAT DISCLAIMER
### The "-i $WAN" literally means packets that came in over the $WAN
interface;
### this WILL NOT MATCH packets sent from the LAN to the WAN address.

allow_tcp_port () {
    ALLOWPORT=$1
    iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport $ALLOWPORT
-j ACCEPT
    iptables        -A input_rule      -i $WAN -p tcp --dport $ALLOWPORT
-j ACCEPT
}

allow_tcp_port_fromhost () {
    ALLOWPORT=$1
    ALLOWHOSTNAME=$2
    ALLOWHOST=`sucky_resolve $ALLOWHOSTNAME`
    echo "Allowing tcp from $ALLOWHOSTNAME to port $ALLOWPORT"
    iptables -t nat -A prerouting_rule -i $WAN -p tcp -s $ALLOWHOST
--dport $ALLOWPORT -j ACCEPT
    iptables        -A input_rule      -i $WAN -p tcp -s $ALLOWHOST
--dport $ALLOWPORT -j ACCEPT
}

sucky_resolve () {
    HOSTNAME=$1
    ###
    grep $HOSTNAME /etc/hosts | awk '{ print $1 }'
}

forward_port() {
    ALLOWPORT=$1
    ALLOWHOSTNAME=$2
    ALLOWHOST=`sucky_resolve $ALLOWHOSTNAME`
    echo "FORWARDING $ALLOWPORT TO $ALLOWHOSTNAME ($ALLOWHOST)"
    iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport $ALLOWPORT
-j DNAT --to $ALLOWHOST
    iptables        -A forwarding_rule -i $WAN -p tcp --dport $ALLOWPORT
-d $ALLOWHOST -j ACCEPT
}

translate_port() {
    ALLOWPORT=$1
    ALLOWHOSTNAME=$2
    ALLOWHOSTPORT=$3
    ALLOWHOST=`sucky_resolve $ALLOWHOSTNAME`
    echo "TRANSLATING $ALLOWPORT TO $ALLOWHOSTNAME
($ALLOWHOST:$ALLOWHOSTPORT)"
    iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport $ALLOWPORT
-j DNAT --to $ALLOWHOST:$ALLOWHOSTPORT
    iptables        -A forwarding_rule -i $WAN -p tcp --dport
$ALLOWHOSTPORT -d $ALLOWHOST -j ACCEPT
}

trusted_host (){
    ALLOWHOSTNAME=$1
    TRUSTEDHOST=`sucky_resolve $ALLOWHOSTNAME`
    iptables -t nat -A prerouting_rule -i $WAN -p tcp -s $TRUSTEDHOST -j
ACCEPT
    iptables        -A input_rule      -i $WAN -p tcp -s $TRUSTEDHOST -j
ACCEPT
}

Finally:

[b]root@OpenWrt:/etc# iptables -L[b/]
Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       tcp  --  anywhere             anywhere            tcp option=!2 flags:SYN/SYN
input_rule  all  --  anywhere             anywhere           
LAN_ACCEPT  all  --  anywhere             anywhere           
ACCEPT     icmp --  anywhere             anywhere           
ACCEPT     gre  --  anywhere             anywhere           
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            state INVALID
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
forwarding_rule  all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           

Chain LAN_ACCEPT (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere           
RETURN     all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            state INVALID
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
output_rule  all  --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain forward_ppp0 (1 references)
target     prot opt source               destination         

Chain forwarding_rule (1 references)
target     prot opt source               destination         
           tcp  --  anywhere             anywhere            tcp dpt:113
           tcp  --  anywhere             anywhere            tcp dpts:10001:10100
forward_ppp0  all  --  anywhere             anywhere           

Chain input_ppp0 (1 references)
target     prot opt source               destination         

Chain input_rule (1 references)
target     prot opt source               destination         
           tcp  --  anywhere             anywhere            tcp dpt:22
           tcp  --  anywhere             anywhere            tcp dpt:465
input_ppp0  all  --  anywhere             anywhere           

Chain output_rule (1 references)
target     prot opt source               destination     

Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2006-11-29 21:30 CST
Interesting ports on *** (75.40.***.***):
(The 1650 ports scanned but not shown below are in state: closed)
PORT     STATE    SERVICE
135/tcp  filtered msrpc
136/tcp  filtered profile
137/tcp  filtered netbios-ns
138/tcp  filtered netbios-dgm
139/tcp  filtered netbios-ssn
445/tcp  filtered microsoft-ds
1080/tcp filtered socks
3128/tcp filtered squid-http
6588/tcp filtered analogx
8081/tcp filtered blackice-icecap

Nmap run completed -- 1 IP address (1 host up) scanned in 5.598 seconds

*Port Sentry is running*
Thanks Guys!

(Last edited by MayorSlay on 30 Nov 2006, 19:00)

Any idea?

(Last edited by MayorSlay on 30 Nov 2006, 19:12)

that makes 2 of us with broken iptables that does not forward. The rules I enter all show up when I do iptables -L [-t nat] but no forwarding. So, something is not right....

(Last edited by Ateo on 30 Nov 2006, 19:47)

in #openwrt... you said your torrents weren't exceeding 50KB/s ... you do realize that is 800kbps... right?   what does your ISP provide you with for bandwidth?  also... did you ever stop to consider that the other peers in the torrent cloud are not pushing it at more than 50KB/s?

This is the message I recieve (listed above):

root@OpenWrt:/etc# . /etc/init.d/S35firewall restart
/etc/fwlib.sh: 18: interface: not found
/etc/firewall.user: 6: -j: not found
/etc/firewall.user: 6: -j: not found
/etc/firewall.user: 7: -j: not found
/etc/firewall.user: 7: -j: not found
FORWARDING 113 TO doug (192.168.0.107)
/etc/firewall.user: 21: -j: not found
/etc/firewall.user: 21: -d: not found
FORWARDING 10001:10100 TO doug (192.168.0.107)
/etc/firewall.user: 25: -j: not found
/etc/firewall.user: 25: -d: not found
iptables v1.3.3: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
/etc/firewall.user: 33: ACCEPT: not found
iptables v1.3.3: Unknown arg `-j'
Try `iptables -h' or 'iptables --help' for more information.
/etc/firewall.user: 33: ACCEPT: not found

http://btfaq.com/natcheck.pl
Attempting connect to: ****  port 10050
Fail!
Unable to connect. This likely means you need to adjust your port forwarding configuration, or there is no client running on that port.

Ports 10001-10100 are forwarded, according to the first post which lists my firewall config files.

netstat:
bash-3.1$ netstat -al
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State     
tcp        0      0 *:10050                 *:*                     LISTEN     
tcp        0      0 *:x11                   *:*                     LISTEN     
tcp        0      0 *:10001                 *:*                     LISTEN     
tcp        0      0 *:auth                  *:*                     LISTEN     
tcp        0      0 *:ssh                   *:*                     LISTEN

wait wait... you used the simplefirewall config, and then are attempting to configure rules via webif?   I dont think it works like that...

I am a fucking idiot.

Thanks CompWiz.

Everything is working!

root@OpenWrt:/etc/init.d# ./S35firewall restart
FORWARDING 113 TO doug (192.168.0.107)
FORWARDING 10001:10100 TO doug (192.168.0.107)

have fun MayorSlay!

Indeed!