Jump to content

Forwarding ports for emule


Recommended Posts

Hey there, I have my Linux box working as a gateway for my windows computer. How do I open ports so that my windows box will get a high ID on emule? My current iptables config is

# Generated by iptables-save v1.2.9 on Sun Oct 17 16:42:51 2004
*filter
:INPUT ACCEPT [5483:1000737]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [6884:1994487]
-A INPUT -i ppp0 -p tcp -m tcp --sport 23 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 4661 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --sport 4661 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i ppp0 -p tcp -m tcp --sport 4662 -m state --state ESTABLISHED -j ACCEPT
-A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o ppp0 -j ACCEPT
COMMIT
# Completed on Sun Oct 17 16:42:51 2004
# Generated by iptables-save v1.2.9 on Sun Oct 17 16:42:51 2004
*nat
:PREROUTING ACCEPT [1943:97405]
:POSTROUTING ACCEPT [3:359]
:OUTPUT ACCEPT [1285:83346]
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4661 -j DNAT --to-destination 10.0.0.254:4661
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4662 -j DNAT --to-destination 10.0.0.254:4662
-A PREROUTING -i ppp0 -p udp -m udp --dport 4672 -j DNAT --to-destination 10.0.0.254:4672
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Sun Oct 17 16:42:51 2004

 

and iptable -L gives me

 

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:telnet state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:4661 state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:4661 state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:4662 state ESTABLISHED

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

 

What am I doing wrong here?

Link to post
Share on other sites
-A INPUT -i eth0 -p tcp -m tcp --sport 4661 -m state --state ESTABLISHED -j ACCEPT

-A INPUT -i ppp0 -p tcp -m tcp --sport 4661 -m state --state ESTABLISHED -j ACCEPT

-A INPUT -i ppp0 -p tcp -m tcp --sport 4662 -m state --state ESTABLISHED -j ACCEPT

Are you sure you want '--sport' (source port)? I'm not really into that eMule stuff but I am pretty sure you mean destination ports (like you used in the PREROUTING chain): '--dport'.

 

-A INPUT -i ppp0 -p tcp -m tcp --sport 23 -m state --state ESTABLISHED -j ACCEPT

What is that good for anyways (besides the '--sport' thing)? You only accept incoming telnet connections when they're already established - with INPUT's and OUTPUT's default policy ACCEPT. :blink:

 

-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4661 -j DNAT --to-destination 10.0.0.254:4661

'iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 4661 -j DNAT --to 10.0.0.254' is quite enough.

 

z0ny

Link to post
Share on other sites

ok I kinda modified my config, it looks like this now:

# Generated by iptables-save v1.2.9 on Mon Oct 18 18:49:02 2004
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 4661 -j DNAT --to-destination 10.0.0.254
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Oct 18 18:49:02 2004
# Generated by iptables-save v1.2.9 on Mon Oct 18 18:49:02 2004
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -p tcp -m tcp --dport 23 -m state --state ESTABLISHED -j ACCEPT
-A FORWARD -i ppp0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o ppp0 -j ACCEPT
COMMIT
# Completed on Mon Oct 18 18:49:02 2004

 

But still I get a lowID on all servers.. Any ideas?

Link to post
Share on other sites

// Flush (clear) all relevant tables
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
iptables -t nat -F PREROUTING
iptables -t nat -F POSTROUTING

// Setup the default policies
iptables -P INPUT ACCEPT // you may want DROP here...
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP // ...or even ACCEPT over here :)
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT

// Enable port routing
iptables -t nat -I PREROUTING -i ppp0 -p tcp --dport 4661 -j DNAT --to 10.0.0.254
// Enable port forwarding and in-to-out communication
iptables -I FORWARD -i ppp0 -p tcp --dport 4661 -j ACCEPT
iptables -I FORWARD -i eth1 -j ACCEPT
// Enable masquerading (NAT)
iptables -t nat -I POSTROUTING -i eth1 -j MASQUERADE

 

Try it exactly like this before complaining again! :ph34r: The paket enters your computer on 4661/tcp through ppp0 and enters the PREROUTING chain. This chain sends the paket (due to the above ruleset) to the FORWARD chain which allows the forwarding of 4661/tcp. Afterwards it will be sent to the POSTROUTING chain (where it won't be touch in this case). This should work... B)

 

z0ny

Link to post
Share on other sites

ok I got it.. kinda combined the code you z0ny gave me with my masquerade script so now my code looks like this:

IPTABLES=/sbin/iptables
EXTIF="ppp0"
INTIF="eth1"
                                                                                                              
                                                                                                              
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
                                                                                                              
$IPTABLES -t nat -I PREROUTING -i ppp0 -p tcp --dport 4661 -j DNAT --to 10.0.0.254
$IPTABLES -I FORWARD -i ppp0 -p tcp --dport 4661 -j ACCEPT
$IPTABLES -I FORWARD -i eth1 -j ACCEPT
                                                                                                              
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
                                                                                                              
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

 

Thanks alot for your help!

Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...