Difference between revisions of "Firewall"
| Line 1: | Line 1: | ||
| <center>'''English''' | [[Firewall-es|Español]] </center> | <center>'''English''' | [[Firewall-es|Español]] </center> | ||
| − | |||
| − | |||
| − | |||
| == IPTables Configuration == | == IPTables Configuration == | ||
| Line 51: | Line 48: | ||
| Once everything is set, you can check [http://www.amule.org/testport.php here] if your ports are now open. | Once everything is set, you can check [http://www.amule.org/testport.php here] if your ports are now open. | ||
| + | |||
| + | == Linksys Router configuration == | ||
| + | Information on configuring a Linksys router for [[aMule]] coming soon... [[User:Ateo|-- Juan]] 19:44, 28 May 2005 (CEST) | ||
| + | |||
| + | == DLink Router configuration == | ||
| + | Information on configuring a Dlink router for [[aMule]] coming soon... [[User:Ateo|-- Juan]] 19:44, 28 May 2005 (CEST) | ||
Revision as of 18:46, 28 May 2005
IPTables Configuration
NOTE: If you run SuSE Linux, try this HowTo first.
If you set TCP port in aMule to XX and UDP port to YY then you have to set your firewall like this:
iptables -A INPUT -p tcp  --dport XX -j ACCEPT
iptables  -A INPUT -p udp  --dport XX+3 -j ACCEPT
iptables -A INPUT  -p udp  --dport YY -j ACCEPT
If you are building your iptables-rules from scratch, you also need to allow ESTABLISHED and RELATED traffic to come through your firewall:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
And you must enable traffic to leave your machine aswell, by either allowing all outgoing traffic:
iptables -P OUTPUT ACCEPT
or specifying special rules.
NOTE: for Mandrake 10.0 Official and iptables you may have to change the multi-port entry to iptables -A INPUT -p udp --dport XX:ZZ -j ACCEPT where XX is the same TCP port number used in first line and ZZ is that number plus 3 (eg: 4662:4665)
If you want to setup aMule behind a NAT gateway, you should add these lines to your iptables configuration script, on the gateway :
EXTIF is your external interface
EMULEPORT=4662
EMULEUDP=4672
EMULEUDP2=`expr $EMULEPORT + 3`
EMULEHOST=10.0.0.2
iptables -t nat -A PREROUTING -i $EXTIF -p tcp --destination-port $EMULEPORT -j DNAT --to-destination $EMULEHOST:$EMULEPORT
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP -j DNAT --to-destination $EMULEHOST:$EMULEUDP
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP2 -j DNAT --to-destination $EMULEHOST:$EMULEUDP2
You also should make sure that your FORWARD-string is set up correctly. Usually, you will have an entry like this:
iptables -A FORWARD -i $EXTIF -o $INTIF -d $EMULEHOST -m state --state ESTABLISHED,RELATED -j ACCEPT
where INTIF is your internal interface and EMULEHOST is the host running the eD2k server on your internal network.
This will prevent new connections. So, you should allow all forwarding for aMule-related ports:
iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport $EMULEPORT -d $EMULEHOST -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP -d $EMULEHOST -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP2 -d $EMULEHOST -j ACCEPT
Once everything is set, you can check here if your ports are now open.
Linksys Router configuration
Information on configuring a Linksys router for aMule coming soon... -- Juan 19:44, 28 May 2005 (CEST)
DLink Router configuration
Information on configuring a Dlink router for aMule coming soon... -- Juan 19:44, 28 May 2005 (CEST)
