Difference between revisions of "Firewall"
m (link + typo) |
|||
| Line 17: | Line 17: | ||
''iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP -j DNAT --to-destination $EMULEHOST:$EMULEUDP''<br> | ''iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP -j DNAT --to-destination $EMULEHOST:$EMULEUDP''<br> | ||
''iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP2 -j DNAT --to-destination $EMULEHOST:$EMULEUDP2''<br> | ''iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP2 -j DNAT --to-destination $EMULEHOST:$EMULEUDP2''<br> | ||
| + | |||
| + | |||
| + | You also should make sure that your FORWARD-chain is set up correctly. Usually, you will have an entry like this: | ||
| + | |||
| + | ''INTIF'' is your internal interface, ''INTIP'' its IP | ||
| + | |||
| + | ''iptables -A FORWARD -i $EXTIF -o $INTIF -d $INTIP -m state --state ESTABLISHED,RELATED -j ACCEPT'' | ||
| + | |||
| + | This will prevent new connections. So, you should allow all forwarding for [[aMule]]-related ports: | ||
| + | |||
| + | ''iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport $EMULEPORT -d $INTIP -j ACCEPT''<br> | ||
| + | ''iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP -d $INTIP -j ACCEPT''<br> | ||
| + | ''iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP2 -d $INTIP -j ACCEPT''<br> | ||
Revision as of 18:41, 21 October 2004
If you set TCP port in aMule to XX and UDP port to YY then you have to set your firewall like this:
iptables -A INPUT -p tcp --dport XX -j ACCEPT
iptables -A INPUT -p udp --dport XX+3 -j ACCEPT
iptables -A INPUT -p udp --dport YY -j ACCEPT
If you want to setup aMule behind a NAT gateway, you should add these lines to your iptables configuration script, on the gateway :
EXTIF is your external interface
EMULEPORT=5595
EMULEUDP=5595
EMULEUDP2=`expr $EMULEPORT + 3`
EMULEHOST=10.0.0.2
iptables -t nat -A PREROUTING -i $EXTIF -p tcp --destination-port $EMULEPORT -j DNAT --to-destination $EMULEHOST:$EMULEPORT
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP -j DNAT --to-destination $EMULEHOST:$EMULEUDP
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP2 -j DNAT --to-destination $EMULEHOST:$EMULEUDP2
You also should make sure that your FORWARD-chain is set up correctly. Usually, you will have an entry like this:
INTIF is your internal interface, INTIP its IP
iptables -A FORWARD -i $EXTIF -o $INTIF -d $INTIP -m state --state ESTABLISHED,RELATED -j ACCEPT
This will prevent new connections. So, you should allow all forwarding for aMule-related ports:
iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport $EMULEPORT -d $INTIP -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP -d $INTIP -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP2 -d $INTIP -j ACCEPT
