Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
shorewall & amule + high ip... :(
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
RlC
Guru
Guru


Joined: 30 Jul 2005
Posts: 358
Location: austria

PostPosted: Tue Sep 06, 2005 10:20 pm    Post subject: shorewall & amule + high ip... :( Reply with quote

trying to get a high id with amule (works without shorewall)

depending lines of my /etc/shorewall/rules:
Code:

ACCEPT   fw             net             tcp     4662 #amule
ACCEPT   fw             net             udp     4672 #amule


as i said, when shorewall´s not running, i get a high id, else a low (wich i doesn´t want :wink:)

so what could i do?

sure, ports are that one i use in amule
Back to top
View user's profile Send private message
krapo
n00b
n00b


Joined: 11 Mar 2005
Posts: 49
Location: Earth

PostPosted: Wed Sep 07, 2005 2:57 pm    Post subject: Reply with quote

Hi,

you must accept connection from net to firewall also
Code:

ACCEPT   net             fw             tcp     4662 #muleTCP
ACCEPT   net             fw             udp     4672 #muleUDP
ACCEPT   fw              net            tcp     4662 #muleTCP
ACCEPT   fw              net            udp     4672 #muleUDP
Back to top
View user's profile Send private message
RlC
Guru
Guru


Joined: 30 Jul 2005
Posts: 358
Location: austria

PostPosted: Wed Sep 07, 2005 4:26 pm    Post subject: Reply with quote

oh shit....
found out that there is/was an error in my config:
Code:
ACCEPT  fw             net             tcp     2234-2239


when i uncommented this line it wasn´t even possible to connect :(

i configured my shorewall as in prompt and powerful shorewall howto described

what to do now?

thanks ric
Back to top
View user's profile Send private message
pogi
Tux's lil' helper
Tux's lil' helper


Joined: 13 May 2005
Posts: 124
Location: Hungary

PostPosted: Wed Sep 07, 2005 6:08 pm    Post subject: Reply with quote

Quote:
If you set TCP port in aMule to XX and UDP port to YY then you have to set your firewall like this:

iptables -A INPUT -p tcp --dport XX -j ACCEPT
iptables -A INPUT -p udp --dport XX+3 -j ACCEPT
iptables -A INPUT -p udp --dport YY -j ACCEPT
[url]wiki.amule.org[/url]


so you have to enable udp transfer through port 4665.
although, i've never had this problem with only ports 4672 and 4662 open, so you should double check your firewall rules.

regards,
pogi
_________________
Free! Tibet
Back to top
View user's profile Send private message
krapo
n00b
n00b


Joined: 11 Mar 2005
Posts: 49
Location: Earth

PostPosted: Thu Sep 08, 2005 12:00 pm    Post subject: Reply with quote

you should try these in your rules

Quote:

# AMULE

ACCEPT net fw tcp 4662 -
ACCEPT fw net tcp 4662 -
ACCEPT net fw udp 4672 -
ACCEPT fw net udp 4672 -
ACCEPT fw net tcp 4661 -
ACCEPT fw net udp 4665 -
ACCEPT net fw tcp 4711 -


don't forget /etc/init.d/shorewall restart

the first five rules work good for me...
if not, post your rules file
Back to top
View user's profile Send private message
RlC
Guru
Guru


Joined: 30 Jul 2005
Posts: 358
Location: austria

PostPosted: Thu Sep 08, 2005 1:57 pm    Post subject: Reply with quote

doesn´t work...
Code:
ric ric # grep -v ^[#] /etc/shorewall/rules
ACCEPT   fw             net             tcp     80 #http
ACCEPT   fw             net             udp     80 #http
ACCEPT   fw             net             tcp     443 #https
ACCEPT   fw             net             udp     443 #https
ACCEPT   fw             net             tcp     21 #ftp
ACCEPT   fw             net             tcp     53 #DNS
ACCEPT   fw             net             udp     53 #DNS
ACCEPT   fw             net             tcp     110 #unsecure Pop3
ACCEPT   fw             net             tcp     995 #Secure Pop3
ACCEPT   fw             net             tcp     873 #rsync
ACCEPT   fw             net             tcp     25 #unsecure SMTP
ACCEPT   fw             net             tcp     465 #SMTP over SSL
ACCEPT   fw             net             tcp     5190 #AIM/ICQ

ACCEPT net fw tcp 4661 -
ACCEPT fw net tcp 4661 -

ACCEPT net fw udp 4672 -
ACCEPT fw net udp 4672 -

ACCEPT fw net tcp 4662 -
ACCEPT net fw tcp 4662 -

ACCEPT fw net udp 4665 -
ACCEPT net fw udp 4665 -

ACCEPT net fw tcp 4711 -
ACCEPT fw net tcp 4711 -

ACCEPT      fw   net   tcp   domain
ACCEPT      fw   net   udp   domain


crazy thing...

maybe also useful:
Code:
ric ric # shorewall start
Loading /usr/share/shorewall/functions...
Processing /etc/shorewall/params ...
Processing /etc/shorewall/shorewall.conf...
Starting Shorewall...
Initializing...
Shorewall has detected the following iptables/netfilter capabilities:
   NAT: Available
   Packet Mangling: Available
   Multi-port Match: Available
   Extended Multi-port Match: Not available
   Connection Tracking Match: Available
   Packet Type Match: Available
   Policy Match: Not available
   Physdev Match: Not available
   IP range Match: Available
   Recent Match: Available
   Owner Match: Not available
   Ipset Match: Not available
   ROUTE Target: Not available
   Extended MARK Target: Not available
   CONNMARK Target: Not available
   Connmark Match: Not available
Determining Zones...
   Zones: net
Validating interfaces file...
Validating hosts file...
Validating Policy file...
Determining Hosts in Zones...
   Internet Zone: eth0:0.0.0.0/0
Processing /etc/shorewall/init ...
Pre-processing Actions...
   Pre-processing /usr/share/shorewall/action.DropSMB...
   Pre-processing /usr/share/shorewall/action.RejectSMB...
   Pre-processing /usr/share/shorewall/action.DropUPnP...
   Pre-processing /usr/share/shorewall/action.RejectAuth...
   Pre-processing /usr/share/shorewall/action.DropPing...
   Pre-processing /usr/share/shorewall/action.DropDNSrep...
   Pre-processing /usr/share/shorewall/action.AllowPing...
   Pre-processing /usr/share/shorewall/action.AllowFTP...
   Pre-processing /usr/share/shorewall/action.AllowDNS...
   Pre-processing /usr/share/shorewall/action.AllowSSH...
   Pre-processing /usr/share/shorewall/action.AllowWeb...
   Pre-processing /usr/share/shorewall/action.AllowSMB...
   Pre-processing /usr/share/shorewall/action.AllowAuth...
   Pre-processing /usr/share/shorewall/action.AllowSMTP...
   Pre-processing /usr/share/shorewall/action.AllowPOP3...
   Pre-processing /usr/share/shorewall/action.AllowICMPs...
   Pre-processing /usr/share/shorewall/action.AllowIMAP...
   Pre-processing /usr/share/shorewall/action.AllowTelnet...
   Pre-processing /usr/share/shorewall/action.AllowVNC...
   Pre-processing /usr/share/shorewall/action.AllowVNCL...
   Pre-processing /usr/share/shorewall/action.AllowNTP...
   Pre-processing /usr/share/shorewall/action.AllowRdate...
   Pre-processing /usr/share/shorewall/action.AllowNNTP...
   Pre-processing /usr/share/shorewall/action.AllowTrcrt...
   Pre-processing /usr/share/shorewall/action.AllowSNMP...
   Pre-processing /usr/share/shorewall/action.AllowPCA...
   Pre-processing /usr/share/shorewall/action.Drop...
   Pre-processing /usr/share/shorewall/action.Reject...
Deleting user chains...
Processing /etc/shorewall/continue ...
Processing /etc/shorewall/routestopped ...
Setting up Accounting...
Creating Interface Chains...
Configuring Proxy ARP
Setting up NAT...
Setting up NETMAP...
Adding Common Rules
Processing /etc/shorewall/initdone ...
Adding rules for DHCP
IP Forwarding Enabled
Processing /etc/shorewall/tunnels...
Processing /etc/shorewall/ipsec...
Processing /etc/shorewall/rules...
   Rule "ACCEPT fw net tcp 80" added.
   Rule "ACCEPT fw net udp 80" added.
   Rule "ACCEPT fw net tcp 443" added.
   Rule "ACCEPT fw net udp 443" added.
   Rule "ACCEPT fw net tcp 21" added.
   Rule "ACCEPT fw net tcp 53" added.
   Rule "ACCEPT fw net udp 53" added.
   Rule "ACCEPT fw net tcp 110" added.
   Rule "ACCEPT fw net tcp 995" added.
   Rule "ACCEPT fw net tcp 873" added.
   Rule "ACCEPT fw net tcp 25" added.
   Rule "ACCEPT fw net tcp 465" added.
   Rule "ACCEPT fw net tcp 5190" added.
   Rule "ACCEPT net fw tcp 4661 -" added.
   Rule "ACCEPT fw net tcp 4661 -" added.
   Rule "ACCEPT net fw udp 4672 -" added.
   Rule "ACCEPT fw net udp 4672 -" added.
   Rule "ACCEPT fw net tcp 4662 -" added.
   Rule "ACCEPT net fw tcp 4662 -" added.
   Rule "ACCEPT fw net udp 4665 -" added.
   Rule "ACCEPT net fw udp 4665 -" added.
   Rule "ACCEPT net fw tcp 4711 -" added.
   Rule "ACCEPT fw net tcp 4711 -" added.
   Rule "ACCEPT fw net tcp domain" added.
   Rule "ACCEPT fw net udp domain" added.
Processing Actions...
   Generating Transitive Closure of Used-action List...
Processing /usr/share/shorewall/action.Drop for Chain Drop...
   Rule "RejectAuth" added.
   Rule "dropBcast" added.
   Rule "AllowICMPs - - icmp" added.
   Rule "dropInvalid" added.
   Rule "DropSMB" added.
   Rule "DropUPnP" added.
   Rule "dropNotSyn - - tcp" added.
   Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.Reject for Chain Reject...
   Rule "RejectAuth" added.
   Rule "dropBcast" added.
   Rule "AllowICMPs - - icmp" added.
   Rule "dropInvalid" added.
   Rule "RejectSMB" added.
   Rule "DropUPnP" added.
   Rule "dropNotSyn - - tcp" added.
   Rule "DropDNSrep" added.
Processing /usr/share/shorewall/action.RejectAuth for Chain RejectAuth...
   Rule "REJECT - - tcp 113" added.
Processing /usr/share/shorewall/action.AllowICMPs for Chain AllowICMPs...
   Rule "ACCEPT - - icmp fragmentation-needed" added.
   Rule "ACCEPT - - icmp time-exceeded" added.
Processing /usr/share/shorewall/action.DropSMB for Chain DropSMB...
   Rule "DROP - - udp 135" added.
   Rule "DROP - - udp 137:139" added.
   Rule "DROP - - udp 445" added.
   Rule "DROP - - tcp 135" added.
   Rule "DROP - - tcp 139" added.
   Rule "DROP - - tcp 445" added.
Processing /usr/share/shorewall/action.DropUPnP for Chain DropUPnP...
   Rule "DROP - - udp 1900" added.
Processing /usr/share/shorewall/action.DropDNSrep for Chain DropDNSrep...
   Rule "DROP - - udp - 53" added.
Processing /usr/share/shorewall/action.RejectSMB for Chain RejectSMB...
   Rule "REJECT - - udp 135" added.
   Rule "REJECT - - udp 137:139" added.
   Rule "REJECT - - udp 445" added.
   Rule "REJECT - - tcp 135" added.
   Rule "REJECT - - tcp 139" added.
   Rule "REJECT - - tcp 445" added.
Processing /etc/shorewall/policy...
   Policy REJECT for fw to net using chain all2all
   Policy DROP for net to fw using chain net2all
Masqueraded Networks and Hosts:
Processing /etc/shorewall/tos...
Processing /etc/shorewall/ecn...
Activating Rules...
Processing /etc/shorewall/start ...
Shorewall Started
Processing /etc/shorewall/started ...


amule always says connection lost or something....

thanks for your help
Back to top
View user's profile Send private message
pogi
Tux's lil' helper
Tux's lil' helper


Joined: 13 May 2005
Posts: 124
Location: Hungary

PostPosted: Thu Sep 08, 2005 7:06 pm    Post subject: Reply with quote

ok, i can recommend three things to you:

- check your aMule's log, to know what the problem exactly is
- rethink your firewall configuration if you set it up correctly
- visit http://www.amule.org/testport.php to check if the ports are open

regards,
pogi
_________________
Free! Tibet
Back to top
View user's profile Send private message
infirit
l33t
l33t


Joined: 11 Jan 2003
Posts: 778
Location: Hoofddorp / The Netherlands

PostPosted: Mon Oct 24, 2005 5:30 pm    Post subject: Reply with quote

This is how i got it working with shorewall on my linksys router running openwrt. Hope this might help someone! Note that it forwards ports tcp 4663 and udp 4673 to my workstation. Also note that these are not the standard e-mule ports ;) AFAIK you can only have one ip per port with hi id anyway?

Code:
DNAT   net             loc:192.168.1.127            tcp     4663 #muleTCP
DNAT   net             loc:192.168.1.127            udp     4673 #muleUDP
ACCEPT   loc             net            tcp     4663 #muleTCP
ACCEPT   loc             net            udp     4673 #muleUDP

_________________
EASY TO INSTALL = Difficult to install, but instruction manual has pictures.
Join the adopt an unanswered post initiative today
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum