[BSD] openbsd pf vs. torrent, szabaly beszurasa + Doksi keszites

2004. Júl. 2., P, 00:07:05 CEST

Sziasztok!

Van egy OpenBSD 3.5 tuzfalam, amin keresztul szeretnem feleleszteni a 
BitTorrent-et (azaz a LAN-rol torrenteket letolteni). Vegiggugliztam a 
netet, s azt talaltam, hogy be lehet ad hoc szurni szabalyokat un. 
anchor-okkal, s azokat kivenni keresre.

Nos megalkottam (persze az interneten talaltak szerint) a kovetkezoket:

/etc/pf.torrent
_____________________________________________
ext_if=tun0
TorrentPorts = "{ 6969, 8082, 6881:6889 }"
pass in quick on $ext_if inet proto tcp from any to any port 
$TorrentPorts flags S/SAFR keep state label BitTorrent
pass out quick on $ext_if inet proto tcp from any to any port 
$TorrentPorts flags S/SAFR keep state label BitTorrent
_____________________________________________

/etc/nat.torrent
_____________________________________________
ext_if="tun0"
TorrentClients= "10.100.240.10"
IntNet = "10.100.240.0/24"
rdr on $ext_if proto tcp from !$IntNet to any port 6969 -> 
$TorrentClients port 6969
rdr on $ext_if proto udp from !$IntNet to any port 6881:6889 -> 
$TorrentClients port 6881:*
_____________________________________________

/usr/local/sbin/pfctl.torrent
_____________________________________________
#! /bin/sh
#
#
case $1 in

 start )
    echo "Enabling BitTorrent to 10.100.240.10..."
    pfctl -vv -a passin:bittorrent -f /etc/pf.torrent
    pfctl -vv -a redirect:bittorrent -f /etc/nat.torrent
    echo "Done."
 ;;

 stop )
    echo "Disabling BitTorrent to 10.100.240.10..."
    pfctl -a passin:bittorrent -F rules
    pfctl -a redirect:bittorrent -F nat
 ;;

 * )
    echo " usage: `basename $0` start|stop"
    echo
 ;;
esac
________________________________

Ha ezt betoltom, nem megy a bittorrent (Linuxszal és Winnel probaltam).
Az Azureus (bt kliens) logja ilyesmit mond:
________________________________
[23:48:38]  [CoreUpdater]   Downloading: 
http://azureus.aelitis.com/version.php?id=dxfApbA9yahbG3nGIkw5&version=2.1.0.2&os=Linux
[23:48:38]  [CoreUpdater] Anonymous ID usage report ok
[23:48:41]  Saving Download List (2 items)
[23:48:42]  PEPeerServer is bound on port 6881
[23:48:42]  PEPeerServer is ready to accept incoming connections
[23:48:42]  Tracker Client Created using url : { 
http://transamrit.net:8082/announce }
[23:48:42]  TRTrackerClient: imported 50 cached peers
[23:48:42]  Saving Download List (2 items)
[23:48:43]  Saving Download List (2 items)
[23:49:43]  Tracker Client is sending a start Request
[23:49:43]  Tracker Client is Requesting : 
http://transamrit.net:8082/announce?info_hash=%E8%DA8%E8%C0M%F4d%E9Q%05p1%14%C7%06%1F%BBu%85&peer_id=-AZ2102-sCFNt9X2JMnU&port=6881&uploaded=0&downloaded=0&left=682819837&event=started&numwant=100&compact=1&key=ARiFXjC6
[23:49:43]  Exception while processing the Tracker Request : 
ConnectException:A csatlakozás megtagadva
[23:49:43]  TRTrackerClient: returned 50 cached peers
[23:49:43]  Creating outgoing connection to 213.17.230.246 : 6881
[23:49:43]  Error in StateConnecting: (213.17.230.246 : 6881 ) : 
java.io.IOException: A csatlakozás megtagadva
[23:49:43]  Connection Ended with 213.17.230.246 : 6881 (  )
[23:49:43]  213.17.230.246:6881 Disconnected
[23:49:45]  Creating outgoing connection to 208.255.11.92 : 6881
[23:49:45]  Error in StateConnecting: (208.255.11.92 : 6881 ) : 
java.io.IOException: A csatlakozás megtagadva
[23:49:45]  Connection Ended with 208.255.11.92 : 6881 (  )
[23:49:45]  208.255.11.92:6881 Disconnected
[23:49:47]  Creating outgoing connection to 82.92.108.135 : 6881
[23:49:47]  Error in StateConnecting: (82.92.108.135 : 6881 ) : 
java.io.IOException: A csatlakozás megtagadva
[23:49:47]  Connection Ended with 82.92.108.135 : 6881 (  )
[23:49:47]  82.92.108.135:6881 Disconnected
________________________________

pfctl -e -n -t -i pflog0 kimenete:
________________________________
________Jul 01 23:50:07.282999 rule 4/0(match): block out on tun0: 
195.56.50.2.62046 > 66.53.181.236.6881: S 1961571289:1961571289(0) win 
5840 <mss 1460,sackOK,timestamp[|tcp]> (DF)
Jul 01 23:50:09.285506 rule 4/0(match): block out on tun0: 
195.56.50.2.55497 > 193.2.115.2.6882: S 1967726374:1967726374(0) win 
5840 <mss 1460,sackOK,timestamp[|tcp]> (DF)
Jul 01 23:50:11.288086 rule 4/0(match): block out on tun0: 
195.56.50.2.59476 > 67.169.250.207.6881: S 1962240191:1962240191(0) win 
5840 <mss 1460,sackOK,timestamp[|tcp]> (DF)
Jul 01 23:50:13.290670 rule 4/0(match): block out on tun0: 
195.56.50.2.59186 > 148.204.45.210.6881: S 1969092199:1969092199(0) win 
5840 <mss 1460,sackOK,timestamp[|tcp]> (DF)
Jul 01 23:50:15.293244 rule 4/0(match): block out on tun0: 
195.56.50.2.55183 > 194.70.240.138.6881: S 1975290789:1975290789(0) win 
5840 <mss 1460,sackOK,timestamp[|tcp]> (DF)
________________________

Nem tudok tovabblepni. Tud valaki segiteni?

            * * *

Masik problemam:
Irok egy doksit arrol, hogy mikent kell OpenBSD-vel ADSL/NAT/GW/tuzfalat 
csinalni. OOo-ban kezdtem el, nemsokara kesz, de valami jo formatum 
kene, a DocBook-ra gondoltam. Tud valaki egy jo (egyszeru) oktatoanyagot 
(magyar v. angol)...

Udv,
Akos.