Difference between revisions of "Firewall"
| Line 80: | Line 80: | ||
| == [http://www.dlink.com DLink] Router configuration == | == [http://www.dlink.com DLink] Router configuration == | ||
| − | |||
| − | |||
| − | |||
| − | |||
| Log in to your [http://www.dlink.com DLink] router.  There are three steps to take to enable your aMule ports. | Log in to your [http://www.dlink.com DLink] router.  There are three steps to take to enable your aMule ports. | ||
Revision as of 00:50, 17 June 2005
Contents
Distro specific guides
- SuSE Linux users try this HowTo first.
- Fedora Core users try this HowTo first.
IPTables Configuration
If you set TCP port in aMule to XX and UDP port to YY then you have to set your firewall like this:
iptables -A INPUT -p tcp  --dport XX -j ACCEPT
iptables  -A INPUT -p udp  --dport XX+3 -j ACCEPT
iptables -A INPUT  -p udp  --dport YY -j ACCEPT
If you are building your iptables-rules from scratch, you also need to allow ESTABLISHED and RELATED traffic to come through your firewall:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
And you must enable traffic to leave your machine aswell, by either allowing all outgoing traffic:
iptables -P OUTPUT ACCEPT
or specifying special rules.
NOTE: for Mandrake 10.0 Official and iptables you may have to change the multi-port entry to iptables -A INPUT -p udp --dport XX:ZZ -j ACCEPT where XX is the same TCP port number used in first line and ZZ is that number plus 3 (eg: 4662:4665)
If you want to setup aMule behind a NAT gateway, you should add these lines to your iptables configuration script, on the gateway :
EXTIF is your external interface
EMULEPORT=4662
EMULEUDP=4672
EMULEUDP2=`expr $EMULEPORT + 3`
EMULEHOST=10.0.0.2
iptables -t nat -A PREROUTING -i $EXTIF -p tcp --destination-port $EMULEPORT -j DNAT --to-destination $EMULEHOST:$EMULEPORT
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP -j DNAT --to-destination $EMULEHOST:$EMULEUDP
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP2 -j DNAT --to-destination $EMULEHOST:$EMULEUDP2
You also should make sure that your FORWARD-string is set up correctly. Usually, you will have an entry like this:
iptables -A FORWARD -i $EXTIF -o $INTIF -d $EMULEHOST -m state --state ESTABLISHED,RELATED -j ACCEPT
where INTIF is your internal interface and EMULEHOST is the host running the eD2k server on your internal network.
This will prevent new connections. So, you should allow all forwarding for aMule-related ports:
iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport $EMULEPORT -d $EMULEHOST -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP -d $EMULEHOST -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP2 -d $EMULEHOST -j ACCEPT
Once everything is set, you can check here if your ports are now open.
Linksys Router configuration
This portion of the wiki applies only to stock versions of the Linksys firmware. If you are using a Linksys router running a variant of the GPL Code, please follow the guides directly above as you are most likely using iptables.
Log into your Linksys router. After successfully logging in, click on the main menu link labeled Applications & Gaming after which you should see an additional submenu list for this section. Make sure you are under the correct submenu by clicking Port Range Forwarding.
At this point, you should see a table with 6 columns. The columns are: Application, Start to, End, Protocol, IP Address, Enable.
The Application column
Friendly name for the service. Put anything you want here, aMule being suggested.
The Start to -> End column
Start and end ports. Start to should be 4662 but, in the end, this should reflect whatever port you have defined in aMule Preferences -> Connection -> Client TCP Port. End should be 4672 but, in the end, this should reflect whatever port you have defined in aMule Preferences -> Connection -> eMule extended UDP Port.
I suggest using 2 separate entries for each port unless this is not possible.
The Protocol column
Protocol to listen for. If you use one line to open your aMule ports, set this option to Both. If you use a separate entry line for each, select option TCP for Client TCP Port and option UDP for eMule extended UDP Port.
The IP Address column
Internal IP address to forward requests to. This is typically the internal (private) IP address of the computer that will use aMule.
The Enable column
Enable rule. You'll need to check this in order to enable your aMule rules.
After adding your rule, make sure you save your settings. You can verify whether your rules work by testing your ports.
DLink Router configuration
Log in to your DLink router. There are three steps to take to enable your aMule ports.
IP Address setup
In the Home tab, click the DHCP button. This page displays the current IP addresses assigned by the router, both static and dynamic. Look for the name or MAC address of the computer you'll be running aMule on. If your computer is receiving dynamically assigned IP addresses, you will have to change your settings every so often if your IP address changes. To avoid this, use the Static DHCP section, and perform the following steps:
- Name: Type in the name of your computer here, could be anything
- IP: The IP address you want the router to always assign to your computer
- MAC Address: The MAC address of your computer.  You should be already connected to the router, so you can find your computer in the DHCP Client drop-down menu, and click clone, to populate this number.
- Click Apply
Now your computer will always receive the same IP address.
Now click on the Advanced tab, and there are two areas that need to be updated:
Virtual Server
Click the Virtual Server button.  This page forwards external requests to a specific internal IP address in your network.
- Click 'Enabled'
- Enter a name in the Name entry box, eg 'aMule TCP'
- Enter your static IP address in the Private IP box
- Select TCP in Protocol type
- Private port is the port that the router will forward the requests to on your computer.  This can be anything, a good value is the default aMule TCP port, 4662.
- Public port is the port that the router will receive requests on.  Again, a good value is the aMule TCP port of 4662.
- Schedule is the times at which the port is open.  Select Always, or whatever times you wish.
- Click Apply
Applications
Click the Applications button.  This page allows you to enter a range of ports to open for application usage.
<P>
- Click 'Enabled'
- Enter the TCP port in the first Trigger Port box, a good value being 4662.
- Select Trigger Type as TCP
- In Public Port, enter the range from your aMule TCP port to your aMule UDP port, usually 4662-4672.
- Select UDP as the Public Type.
- Click Apply.
<P>
You should now be all set, assuming that your computer firewall is setup to allow access on the selected ports.
