Difference between revisions of "Firewall"

From AMule Project FAQ
Jump to: navigation, search
Line 3: Line 3:
 
If you set TCP port in [[aMule]] to XX and UDP port to YY then you have to set your firewall like this:
 
If you set TCP port in [[aMule]] to XX and UDP port to YY then you have to set your firewall like this:
  
''iptables -A INPUT -p tcp  --dport XX -j ACCEPT''<br>
+
''iptables -A INPUT -p tcp  --dport '''XX''' -j ACCEPT''<br>
''iptables  -A INPUT -p udp  --dport XX+3 -j ACCEPT''<br>
+
''iptables  -A INPUT -p udp  --dport '''XX+3''' -j ACCEPT''<br>
''iptables -A INPUT  -p udp  --dport YY -j ACCEPT''<br>
+
''iptables -A INPUT  -p udp  --dport '''YY''' -j ACCEPT''<br>
  
  
Line 12: Line 12:
 
''EXTIF'' is your external interface
 
''EXTIF'' is your external interface
  
''EMULEPORT=5595''<br>
+
''EMULEPORT='''4662'''''<br>
''EMULEUDP=5595''<br>
+
''EMULEUDP='''4672'''''<br>
 
''EMULEUDP2=`expr $EMULEPORT + 3`''<br>
 
''EMULEUDP2=`expr $EMULEPORT + 3`''<br>
''EMULEHOST=10.0.0.2''<br>
+
''EMULEHOST='''10.0.0.2'''''<br>
 
''iptables -t nat -A PREROUTING -i $EXTIF -p tcp --destination-port $EMULEPORT -j DNAT --to-destination $EMULEHOST:$EMULEPORT''<br>
 
''iptables -t nat -A PREROUTING -i $EXTIF -p tcp --destination-port $EMULEPORT -j DNAT --to-destination $EMULEHOST:$EMULEPORT''<br>
 
''iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP -j DNAT --to-destination $EMULEHOST:$EMULEUDP''<br>
 
''iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP -j DNAT --to-destination $EMULEHOST:$EMULEUDP''<br>
Line 21: Line 21:
  
  
You also should make sure that your FORWARD-chain is set up correctly. Usually, you will have an entry like this:
+
You also should make sure that your FORWARD-string is set up correctly. Usually, you will have an entry like this:
  
 
''iptables -A FORWARD -i $EXTIF -o $INTIF -d $INTIP -m state --state ESTABLISHED,RELATED -j ACCEPT''
 
''iptables -A FORWARD -i $EXTIF -o $INTIF -d $INTIP -m state --state ESTABLISHED,RELATED -j ACCEPT''
  
 
where ''INTIF'' is your internal interface and ''INTIP'' is your [http://www.ietf.org/rfc/rfc0791.txt IP].
 
where ''INTIF'' is your internal interface and ''INTIP'' is your [http://www.ietf.org/rfc/rfc0791.txt IP].
 
  
 
This will prevent new connections. So, you should allow all forwarding for [[aMule]]-related ports:
 
This will prevent new connections. So, you should allow all forwarding for [[aMule]]-related ports:

Revision as of 14:10, 25 November 2004

NOTE: If you run SuSE Linux, try this HowTo first.

If you set TCP port in aMule to XX and UDP port to YY then you have to set your firewall like this:

iptables -A INPUT -p tcp --dport XX -j ACCEPT
iptables -A INPUT -p udp --dport XX+3 -j ACCEPT
iptables -A INPUT -p udp --dport YY -j ACCEPT


If you want to setup aMule behind a NAT gateway, you should add these lines to your iptables configuration script, on the gateway :

EXTIF is your external interface

EMULEPORT=4662
EMULEUDP=4672
EMULEUDP2=`expr $EMULEPORT + 3`
EMULEHOST=10.0.0.2
iptables -t nat -A PREROUTING -i $EXTIF -p tcp --destination-port $EMULEPORT -j DNAT --to-destination $EMULEHOST:$EMULEPORT
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP -j DNAT --to-destination $EMULEHOST:$EMULEUDP
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP2 -j DNAT --to-destination $EMULEHOST:$EMULEUDP2


You also should make sure that your FORWARD-string is set up correctly. Usually, you will have an entry like this:

iptables -A FORWARD -i $EXTIF -o $INTIF -d $INTIP -m state --state ESTABLISHED,RELATED -j ACCEPT

where INTIF is your internal interface and INTIP is your IP.

This will prevent new connections. So, you should allow all forwarding for aMule-related ports:

iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport $EMULEPORT -d $INTIP -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP -d $INTIP -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP2 -d $INTIP -j ACCEPT