Firewall SuSE

From AMule Project FAQ
Revision as of 08:39, 9 July 2006 by Cmo (Talk | contribs | merge | delete)

Jump to: navigation, search

By Tuxlover

Preamble

This document has been tested on SuSE Linux 8.2 and OpenSUSE 10.1

For non-SuSE distributions help, take a look at this HowTo.

Using SuSE Linux as a client machine

If you run SuSE Linux on your client machine which runs a firewall itself, you need to do the following to allow the correct ports to come through:

You basically need to allow TCP and UDP ports 4662 and 4672 to be open.

Open /etc/sysconfig/SuSEfirewall2, and locate FW_SERVICES_EXT_TCP and FW_SERVICES_EXT_UDP. Now add to both of these the above ports:

FW_SERVICES_EXT_TCP="4662 4672"
FW_SERVICES_EXT_UDP="4662 4672"

Note that you should keep ports that are already in there.

After making these changes save the file.

Using SuSE Linux as a router/firewall

If you use SuSE Linux on your router/firewall to connect to the internet you can do the following to forward the ports used by aMule/eMule/etc to your client:

Set your firewall to forward all connections coming to it thorugh ports 4662 and 4672 in TCP and UDP to your internal client machine.

Open /etc/sysconfig/SuSEfirewall2 and locate FW_FORWARD_MASQ (it's in 14.). Now, assuming your client's IP is 192.168.0.3, set this to this value:

FW_FORWARD_MASQ="0/0,192.168.0.3,tcp,4662 0/0,192.168.0.3,udp,4662 0/0,192.168.0.3,tcp,4672 0/0,192.168.0.3,udp,4672"

Note that a rule like "0/0,192.168.0.3,tcp,4662" simply means that incoming TCP connections through port 4662 from any address (0/0) will be forwarded to your the machine 192.168.0.3 on the same port.)

For this to work, you have to have FW_ROUTE (in 5.) set to "yes" in the same file.

After making these changes, save the file.

For both: Restarting the firewall

Once you finish configurating the firewall, you must restart the firewall daemon for the changes to take effect.

You can restart SuSEfirewall2 through two different ways:

  1. Restarting the daemon
  2. Through YaST

Use the first one whenever possible. If you can't then restart the firewall through YaST.

The clean way: Restart the daemon

Thanks to g-maverick for this tip.

Just run:

/sbin/SuSEfirewall2 stop && /sbin/SuSEfirewall2 start

Be aware that if you are connected to the router remotely, if something failed during this process, this could terminate your connection and so, leave the router in an accessible way.

The dirty way: YaST gives us a hand

Start YaST. Go to "Security and users" (or similar), and once there choose "Firewall". Now simply go through all dialogs and end up with them. At the end it will restart your firewall with these new rules.