Linux-Noob Forums

Full Version: Forwarding ports for emule
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Hey there, I have my Linux box working as a gateway for my windows computer. How do I open ports so that my windows box will get a high ID on emule? My current iptables config is



Code:
# Generated by iptables-save v1.2.9 on Sun Oct 17 16:42:51 2004
*filter
:INPUT ACCEPT [5483:1000737]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [6884:1994487]
-A INPUT -i ppp0 -p tcp -m tcp --sport 23 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 4661 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --sport 4661 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --sport 4662 -m state --state ESTABLISHED -j ACCEPT
-A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o ppp0 -j ACCEPT
COMMIT
# Completed on Sun Oct 17 16:42:51 2004
# Generated by iptables-save v1.2.9 on Sun Oct 17 16:42:51 2004
*nat
:PREROUTING ACCEPT [1943:97405]
:POSTROUTING ACCEPT [3:359]
:OUTPUT ACCEPT [1285:83346]
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4661 -j DNAT --to-destination 10.0.0.254:4661
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4662 -j DNAT --to-destination 10.0.0.254:4662
-A PREROUTING -i ppp0 -p udp -m udp --dport 4672 -j DNAT --to-destination 10.0.0.254:4672
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Sun Oct 17 16:42:51 2004




 

and iptable -L gives me

 



Code:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:telnet state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:4661 state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:4661 state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:4662 state ESTABLISHED

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination




 

What am I doing wrong here?


Quote:-A INPUT -i eth0 -p tcp -m tcp --sport 4661 -m state --state ESTABLISHED -j ACCEPT-A INPUT -i ppp0 -p tcp -m tcp --sport 4661 -m state --state ESTABLISHED -j ACCEPT

-A INPUT -i ppp0 -p tcp -m tcp --sport 4662 -m state --state ESTABLISHED -j ACCEPT
Are you sure you want '--sport' (source port)? I'm not really into that eMule stuff but I am pretty sure you mean destination ports (like you used in the PREROUTING chain): '--dport'. 

Quote:-A INPUT -i ppp0 -p tcp -m tcp --sport 23 -m state --state ESTABLISHED -j ACCEPT
What is that good for anyways (besides the '--sport' thing)? You only accept incoming telnet connections when they're already established - with INPUT's and OUTPUT's default policy ACCEPT. o_O

 

Quote:-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4661 -j DNAT --to-destination 10.0.0.254:4661
'iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 4661 -j DNAT --to 10.0.0.254' is quite enough.

 

z0ny


ok I kinda modified my config, it looks like this now:



Code:
# Generated by iptables-save v1.2.9 on Mon Oct 18 18:49:02 2004
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4661 -j DNAT --to-destination 10.0.0.254
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 18 18:49:02 2004
# Generated by iptables-save v1.2.9 on Mon Oct 18 18:49:02 2004
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -m state --state ESTABLISHED -j ACCEPT
-A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o ppp0 -j ACCEPT
COMMIT
# Completed on Mon Oct 18 18:49:02 2004




 

But still I get a lowID on all servers.. Any ideas?




Code:
// Flush (clear) all relevant tables
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING

// Setup the default policies
iptables -P INPUT ACCEPT // you may want DROP here...
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP // ...or even ACCEPT over here :)
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT

// Enable port routing
iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 4661 -j DNAT --to 10.0.0.254
// Enable port forwarding and in-to-out communication
iptables -I FORWARD -i ppp0 -p tcp --dport 4661 -j ACCEPT
iptables -I FORWARD -i eth1 -j ACCEPT
// Enable masquerading (NAT)
iptables -t nat -I POSTROUTING -i eth1 -j MASQUERADE




 

Try it exactly like this before complaining again! [img]<___base_url___>/uploads/emoticons/default_ph34r.png[/img] The paket enters your computer on 4661/tcp through ppp0 and enters the PREROUTING chain. This chain sends the paket (due to the above ruleset) to the FORWARD chain which allows the forwarding of 4661/tcp. Afterwards it will be sent to the POSTROUTING chain (where it won't be touch in this case). This should work... B)

 

z0ny


Last line doesnt work

 



Code:
[root@amdbox root]# iptables -t nat -I POSTROUTING -i eth1 -j MASQUERADE
iptables v1.2.9: Can't use -i with POSTROUTING

Try `iptables -h' or 'iptables --help' for more information.





ok I got it.. kinda combined the code you z0ny gave me with my masquerade script so now my code looks like this:



Code:
IPTABLES=/sbin/iptables
EXTIF="ppp0"
INTIF="eth1"
                                                                                                             
                                                                                                             
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
                                                                                                             
$IPTABLES -t nat -I PREROUTING -i ppp0 -p tcp --dport 4661 -j DNAT --to 10.0.0.254
$IPTABLES -I FORWARD -i ppp0 -p tcp --dport 4661 -j ACCEPT
$IPTABLES -I FORWARD -i eth1 -j ACCEPT
                                                                                                             
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
                                                                                                             
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE




 

Thanks alot for your help!