Linux-Noob Forums
Forwarding ports for emule - Printable Version

+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: Security and Firewalls (https://www.linux-noob.com/forums/forum-87.html)
+--- Thread: Forwarding ports for emule (/thread-3110.html)

Forwarding ports for emule - pofkezas - 2004-10-17


Hey there, I have my Linux box working as a gateway for my windows computer. How do I open ports so that my windows box will get a high ID on emule? My current iptables config is



Code:
# Generated by iptables-save v1.2.9 on Sun Oct 17 16:42:51 2004 *filter :INPUT ACCEPT [5483:1000737] :FORWARD DROP [0:0] :OUTPUT ACCEPT [6884:1994487] -A INPUT -i ppp0 -p tcp -m tcp --sport 23 -m state --state ESTABLISHED -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 4661 -m state --state ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --sport 4661 -m state --state ESTABLISHED -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --sport 4662 -m state --state ESTABLISHED -j ACCEPT -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o ppp0 -j ACCEPT COMMIT # Completed on Sun Oct 17 16:42:51 2004 # Generated by iptables-save v1.2.9 on Sun Oct 17 16:42:51 2004 *nat :PREROUTING ACCEPT [1943:97405] :POSTROUTING ACCEPT [3:359] :OUTPUT ACCEPT [1285:83346] -A PREROUTING -i ppp0 -p tcp -m tcp --dport 4661 -j DNAT --to-destination 10.0.0.254:4661 -A PREROUTING -i ppp0 -p tcp -m tcp --dport 4662 -j DNAT --to-destination 10.0.0.254:4662 -A PREROUTING -i ppp0 -p udp -m udp --dport 4672 -j DNAT --to-destination 10.0.0.254:4672 -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Sun Oct 17 16:42:51 2004




 

and iptable -L gives me

 



Code:
Chain INPUT (policy ACCEPT) target     prot opt source               destination ACCEPT     tcp  --  anywhere             anywhere            tcp spt:telnet state ESTABLISHED ACCEPT     tcp  --  anywhere             anywhere            tcp spt:4661 state ESTABLISHED ACCEPT     tcp  --  anywhere             anywhere            tcp spt:4661 state ESTABLISHED ACCEPT     tcp  --  anywhere             anywhere            tcp spt:4662 state ESTABLISHED Chain FORWARD (policy DROP) target     prot opt source               destination ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED ACCEPT     all  --  anywhere             anywhere Chain OUTPUT (policy ACCEPT) target     prot opt source               destination




 

What am I doing wrong here?



Forwarding ports for emule - z0ny - 2004-10-18


Quote:-A INPUT -i eth0 -p tcp -m tcp --sport 4661 -m state --state ESTABLISHED -j ACCEPT-A INPUT -i ppp0 -p tcp -m tcp --sport 4661 -m state --state ESTABLISHED -j ACCEPT

-A INPUT -i ppp0 -p tcp -m tcp --sport 4662 -m state --state ESTABLISHED -j ACCEPT
Are you sure you want '--sport' (source port)? I'm not really into that eMule stuff but I am pretty sure you mean destination ports (like you used in the PREROUTING chain): '--dport'. 

Quote:-A INPUT -i ppp0 -p tcp -m tcp --sport 23 -m state --state ESTABLISHED -j ACCEPT
What is that good for anyways (besides the '--sport' thing)? You only accept incoming telnet connections when they're already established - with INPUT's and OUTPUT's default policy ACCEPT. o_O

 

Quote:-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4661 -j DNAT --to-destination 10.0.0.254:4661
'iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 4661 -j DNAT --to 10.0.0.254' is quite enough.

 

z0ny



Forwarding ports for emule - pofkezas - 2004-10-18


ok I kinda modified my config, it looks like this now:



Code:
# Generated by iptables-save v1.2.9 on Mon Oct 18 18:49:02 2004 *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A PREROUTING -i ppp0 -p tcp -m tcp --dport 4661 -j DNAT --to-destination 10.0.0.254 -A POSTROUTING -o ppp0 -j MASQUERADE COMMIT # Completed on Mon Oct 18 18:49:02 2004 # Generated by iptables-save v1.2.9 on Mon Oct 18 18:49:02 2004 *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i eth0 -p tcp -m tcp --dport 23 -m state --state ESTABLISHED -j ACCEPT -A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o ppp0 -j ACCEPT COMMIT # Completed on Mon Oct 18 18:49:02 2004




 

But still I get a lowID on all servers.. Any ideas?



Forwarding ports for emule - z0ny - 2004-10-19




Code:
// Flush (clear) all relevant tables iptables -F INPUT iptables -F OUTPUT iptables -F FORWARD iptables -t nat -F PREROUTING iptables -t nat -F POSTROUTING // Setup the default policies iptables -P INPUT ACCEPT // you may want DROP here... iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP // ...or even ACCEPT over here :) iptables -t nat -P PREROUTING ACCEPT iptables -t nat -P POSTROUTING ACCEPT // Enable port routing iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 4661 -j DNAT --to 10.0.0.254 // Enable port forwarding and in-to-out communication iptables -I FORWARD -i ppp0 -p tcp --dport 4661 -j ACCEPT iptables -I FORWARD -i eth1 -j ACCEPT // Enable masquerading (NAT) iptables -t nat -I POSTROUTING -i eth1 -j MASQUERADE




 

Try it exactly like this before complaining again! [img]<___base_url___>/uploads/emoticons/default_ph34r.png[/img] The paket enters your computer on 4661/tcp through ppp0 and enters the PREROUTING chain. This chain sends the paket (due to the above ruleset) to the FORWARD chain which allows the forwarding of 4661/tcp. Afterwards it will be sent to the POSTROUTING chain (where it won't be touch in this case). This should work... B)

 

z0ny



Forwarding ports for emule - pofkezas - 2004-10-20


Last line doesnt work

 



Code:
[root@amdbox root]# iptables -t nat -I POSTROUTING -i eth1 -j MASQUERADE iptables v1.2.9: Can't use -i with POSTROUTING Try `iptables -h' or 'iptables --help' for more information.






Forwarding ports for emule - pofkezas - 2004-10-20


ok I got it.. kinda combined the code you z0ny gave me with my masquerade script so now my code looks like this:



Code:
IPTABLES=/sbin/iptables EXTIF="ppp0" INTIF="eth1"                                                                                                                                                                                                                             $IPTABLES -P INPUT ACCEPT $IPTABLES -F INPUT $IPTABLES -P OUTPUT ACCEPT $IPTABLES -F OUTPUT $IPTABLES -P FORWARD DROP $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P POSTROUTING ACCEPT                                                                                                               $IPTABLES -t nat -I PREROUTING -i ppp0 -p tcp --dport 4661 -j DNAT --to 10.0.0.254 $IPTABLES -I FORWARD -i ppp0 -p tcp --dport 4661 -j ACCEPT $IPTABLES -I FORWARD -i eth1 -j ACCEPT                                                                                                               $IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT                                                                                                               $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE




 

Thanks alot for your help!