Difference between revisions of "Firewall"
Line 7: | Line 7: | ||
''iptables -A INPUT -p udp --dport '''YY''' -j ACCEPT''<br> | ''iptables -A INPUT -p udp --dport '''YY''' -j ACCEPT''<br> | ||
+ | (for Mandrake 10.0 Official and iptables I found i had to change the multi port entry to this ''iptables -A INPUT -p udp --dport '''XX:ZZ''' -j ACCEPT'' where XX is the same TCP port # used in 1st line and ZZ is that number added to by 3 eg 4662:4665) | ||
If you want to setup [[aMule]] behind a NAT gateway, you should add these lines to your [http://www.netfilter.org iptables] configuration script, on the gateway : | If you want to setup [[aMule]] behind a NAT gateway, you should add these lines to your [http://www.netfilter.org iptables] configuration script, on the gateway : |
Revision as of 10:23, 24 January 2005
NOTE: If you run SuSE Linux, try this HowTo first.
If you set TCP port in aMule to XX and UDP port to YY then you have to set your firewall like this:
iptables -A INPUT -p tcp --dport XX -j ACCEPT
iptables -A INPUT -p udp --dport XX+3 -j ACCEPT
iptables -A INPUT -p udp --dport YY -j ACCEPT
(for Mandrake 10.0 Official and iptables I found i had to change the multi port entry to this iptables -A INPUT -p udp --dport XX:ZZ -j ACCEPT where XX is the same TCP port # used in 1st line and ZZ is that number added to by 3 eg 4662:4665)
If you want to setup aMule behind a NAT gateway, you should add these lines to your iptables configuration script, on the gateway :
EXTIF is your external interface
EMULEPORT=4662
EMULEUDP=4672
EMULEUDP2=`expr $EMULEPORT + 3`
EMULEHOST=10.0.0.2
iptables -t nat -A PREROUTING -i $EXTIF -p tcp --destination-port $EMULEPORT -j DNAT --to-destination $EMULEHOST:$EMULEPORT
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP -j DNAT --to-destination $EMULEHOST:$EMULEUDP
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP2 -j DNAT --to-destination $EMULEHOST:$EMULEUDP2
You also should make sure that your FORWARD-string is set up correctly. Usually, you will have an entry like this:
iptables -A FORWARD -i $EXTIF -o $INTIF -d $EMULEHOST -m state --state ESTABLISHED,RELATED -j ACCEPT
where INTIF is your internal interface and EMULEHOST is the host running the eD2k server on your internal network.
This will prevent new connections. So, you should allow all forwarding for aMule-related ports:
iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport $EMULEPORT -d $EMULEHOST -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP -d $EMULEHOST -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP2 -d $EMULEHOST -j ACCEPT