Difference between revisions of "Firewall-cn"

From AMule Project FAQ
Jump to: navigation, search
m (some new translation add)
m (OpenBSD: finish this part translation)
Line 230: Line 230:
 
   rdr pass on egress proto udp to port 4665 -> IPADDR
 
   rdr pass on egress proto udp to port 4665 -> IPADDR
  
IPADDR is the internal ip-address of the computer in your network that runs aMule.
 
 
IPADDR是在网络上运行aMule电脑的内网IP地址。
 
IPADDR是在网络上运行aMule电脑的内网IP地址。
Pf guesses automatically the name of the outter interface (connected with the internet), thanks to the keyword "egress" (
+
 
this means: "the interface where goes  the default route", and it's updated dynamicaly in case of change).<br>
+
所使用关键字''egress'',Pf能够自动猜测外部网络接口名称(连接互联网部分)(这意味着,对于默认路由器通过的网络接口,如果有更改它将动态更新)。<br>
多亏关键字''egress'',Pf能够自动猜测外部网络接口名称(连接互联网的),(这意味着,''网络接口''网络接口''如果有更改它将动态更新)。<br>
+
  
 
示例(运行aMule的电脑IP是'''192.168.1.10'''):
 
示例(运行aMule的电脑IP是'''192.168.1.10'''):
Line 265: Line 263:
  
 
   no nat on egress proto udp from '''192.168.1.10''' port 4672 to any
 
   no nat on egress proto udp from '''192.168.1.10''' port 4672 to any
 
 
  
 
查看[[FAQ eD2k-Kademlia|the FAQ]]中的''[[FAQ eD2k-Kademlia#Why does Kademlia still say it is firewalled?|为什么我的Kademlia仍然显示被防火墙阻拦?]]''
 
查看[[FAQ eD2k-Kademlia|the FAQ]]中的''[[FAQ eD2k-Kademlia#Why does Kademlia still say it is firewalled?|为什么我的Kademlia仍然显示被防火墙阻拦?]]''
 
  
 
== 这里找不到我的路由器类型怎么办? ==
 
== 这里找不到我的路由器类型怎么办? ==

Revision as of 07:55, 5 September 2011

English | Deutsch | Español |简体中文

Routers路由器

这里是一些路由器介绍以及如何进行允许设置连接到aMule的端口。

在下面的介绍中,示例使用的是默认的端口(就是4662标准客户端TCP端口4672扩展客户端UDP端口以及4665扩展服务器请求UDP端口)。

Linksys WRT54GSV4

  1. 打开您的浏览器,输入地址 http://192.168.1.1然后登录。
  2. 进入Gaming applications
  3. 然后允许连接到您电脑的端口:
    1. [[Standard client TCP port]|标准客户端TCP端口]
      1. 更改起始端口(Ports start)结束端口(End)全部为4662
      2. 在下一项目设置为TCP
      3. 在项目中,最后3个数字是您的局域网 IP
    2. 扩展客户端UDP端口
      1. 更改起始端口(Ports start)结束端口(End)全部为4672
      2. 下一项目设置为UDP
      3. 在项目中,最后3个数字是您的局域网 IP
    3. 扩展服务器请求UDP端口
      1. 更改起始端口(Ports start)结束端口(End)全部为4665
      2. 下一项目设置为UDP
      3. 在项目中,最后3个数字是您的局域网 IP
  4. 然后选中 允许(Enable)'
  5. 然后点击保存设置(Save settings)
  6. 然后重启aMule :)

Linksys路由器配置

This portion of the wiki applies only to stock versions of the Linksys firmware. If you are using a Linksys router running a variant of the GPL code, please follow the guides directly above as you are most likely using iptables.

Log into your Linksys router. After successfully logging in, click on the main menu link labeled Applications & Gaming after which you should see an additional submenu list for this section. Make sure you are under the correct submenu by clicking Port Range Forwarding.

At this point, you should see a table with 6 columns. The columns are: Application, Start to, End, Protocol, IP Address, Enable.

The Application column
Friendly name for the service. Put anything you want here, aMule being suggested.

The Start to -> End column
Start and end ports. Start to should be 4662 but, in the end, this should reflect whatever port you have defined in aMule Preferences -> Connection -> Client TCP Port. End should be 4672 but, in the end, this should reflect whatever port you have defined in aMule Preferences -> Connection -> eMule extended UDP Port.

I suggest using 2 separate entries for each port unless this is not possible.

The Protocol column
Protocol to listen for. If you use one line to open your aMule ports, set this option to Both. If you use a separate entry line for each, select option TCP for Client TCP Port and option UDP for eMule extended UDP Port.

The IP Address column
Internal IP address to forward requests to. This is typically the internal (private) IP address of the computer that will use aMule.

The Enable column
Enable rule. You'll need to check this in order to enable your aMule rules.

After adding your rule, make sure you save your settings. You can verify whether your rules work by testing your ports.

DLink Router configuration

Log in to your DLink router. There are three steps to take to enable your aMule ports.

IP Address setup

In the Home tab, click the DHCP button. This page displays the current IP addresses assigned by the router, both static and dynamic. Look for the name or MAC address of the computer you'll be running aMule on. If your computer is receiving dynamically assigned IP addresses, you will have to change your settings every so often if your IP address changes. To avoid this, use the Static DHCP section, and perform the following steps:

  • Name: Type in the name of your computer here, could be anything
  • IP: The IP address you want the router to always assign to your computer
  • MAC Address: The MAC address of your computer. You should be already connected to the router, so you can find your computer in the DHCP Client drop-down menu, and click clone, to populate this number
  • Click Apply

Now your computer will always receive the same IP address.

Now click on the Advanced tab, and there are two areas that need to be updated:

Virtual Server

  • Click the Virtual Server button. This page forwards external requests to a specific internal IP address in your network
  • Click Enabled
  • Enter a name in the Name entry box, eg aMule TCP
  • Enter your static IP address in the Private IP box
  • Select TCP in Protocol type
  • Private port is the port that the router will forward the requests to on your computer. This can be anything, a good value is the default aMule TCP port, 4662
  • Public port is the port that the router will receive requests on. Again, a good value is the aMule TCP port of 4662
  • Schedule is the times at which the port is open. Select Always, or whatever times you wish
  • Click Apply

Applications

  • Click the Applications button. This page allows you to enter a range of ports to open for application usage
  • Click Enabled
  • Enter the TCP port in the first Trigger Port box, a good value being 4662
  • Select Trigger Type as TCP
  • In Public Port, enter the range from your aMule TCP port to your aMule UDP port, usually 4662-4672
  • Select UDP as the Public Type
  • Click Apply

You should now be all set, assuming that your computer firewall is setup to allow access on the selected ports.

Alternate Configuration (ie instead of Applications) for D-Link

  • Go back to virtual server and set 2 other virtual servers for the UDP ports

(It works only that way on my D-Link DI-804HV)

  • Virtual server aMuleUDP4665 - select your IP address and UDP and 4665 (port)
  • Virtual Server aMuleUDP4672 - select your ip address and UDP and 4672 (port)

(disable the above amule applications if you did try and it do not work). Then you shoudl have all arrows green ( and 3 virtual servers running for amule, 1 for TCP and 2 for UDP).

Another Alternate Configuration (using Firewall rules) for D-Link (tested on D-Link DI-624)

  • Click on Advanced tab then click on Firewall. This page can be used to setup firewall rules directly Without ANY further settings in Virtual server or Applications tabs
  • Click Enabled
  • Enter your preferred name for the rule (must be unique)
  • Select WAN as source interface and * for source IP Range Start (IP Range End can be left blank)
  • Select LAN as destination interface and enter the static IP of your PC running aMule for destination IP Range Start (IP Range End can be left blank)
  • Select * as destination protocol
  • Enter 4662-4672 as destination port range
  • Select your preferred scheduling
  • Click apply

IMPORTANT NOTE: disable all existing entries for aMule you may have specified in Virtual server or Applications tabs.

  • Reboot your router to be sure new configuration is applied (Tools -> Misc).


Belkin Router configuration

Log in to your Belkin router: 192.168.2.1. You will be following these steps twice: once to create a TCP record, and again to create a UDP record.

  • Click the Virtual Servers link in the Firewall section on the left. This page forwards external requests to a specific internal IP address in your network
  • Pick the first empty row
  • Check Enabled
  • Enter any name you like in the Description entry box, eg: aMule TCP/UDP
  • For the Inbound port entry boxes, enter 4660 and 4712.
  • Select TCP or UDP out of the Type dropdown. If you already have one set up, pick the other.
  • For Private IP address enter the IP address the router assigned your machine. There are many ways to find this. Ubuntu users might want to use gnome-nettool (Network Tools) and look at the IPv4 entry under the appropriate network interface. If you like the terminal, type ifconfig and look for the inet addr entry. If you're in Windows, you can type ipconfig from the command line. No matter how you do it, the number should look like 192.168.2.x where x is the number you will be entering.
  • Private port is the port that the router will forward the requests to on your computer. Though this can be anything, the default aMule port is 4662 for TCP and 4672 for UDP. Entering 4660 and 4712, same as the inbound port range above, will cover other possible ports.
  • Repeat the steps above to make sure you have an entry for both TCP and another entry for UDP.
  • Click Apply
  • If you have aMule open, go to it click Disconnect. When the button changes, click Connect. Kad should no longer be firewalled and you should not get another Low ID error. If you do still have issues, make sure you completed all the steps correctly by testing your ports: http://www.amule.org/testport.php

Keep in mind that the Private IP address number could change if you're ever disconnected from the router, because it is dynamically assigned by default.

美国网件(Netgear)路由器

首先,进入您的路由器控制页面,在http://routerlogin.net/start.htm。然后,在屏幕的左侧,高级选项下面,点击”端口转发(Port Forwarding)/端口触发(Port Triggering)“。点击“添加自定义服务”按钮,命名为aMule1(或者其他的),使它为仅TCP转发,开始端口(starting port)和结束端口( ending port)都为4662,服务器IP地址为当前使用的地址(如果您是唯一一个连接到路由器上的话,或许是192.168.1.2,但还是要检查一下),然后点击“应用(Apply)”。重复以上步骤,使用aMule2,aMule3,都选择“仅用UDP”,aMule2起始端口和结束端口都为4665,aMule3的起始端口和结束端口都为4672。(也就是,对于aMule2和aMule3起始端口和结束端口都是一样的,但是aMule2=4665,aMule3=4672.)保证iptables在运行aMule(如上)的机器上被正确设置好,这就算大功告成。

很明显,不是所有的美国网件(Netgear)的路由器都一样,毕竟在 DG834G上这会更复杂。到路由器配置页面:

  1. 内容过滤(Content Filtering)菜单下选择服务(Services)
  2. 根据您的aMule连接配置(Connection preferences)添加三条规则(1条TCP,2条UDP)
  3. 在同一菜单下选择防火墙规则(Firewall Rules)
  4. 将三条规则添加为Inbound Services
  5. 将UDP规则添加为 Outbound Services(只有一条是必须的但是为了防止意外我也添加了其他的)

TRENDnet 路由器TW100

首先连接到您的路由器:通常打开浏览器然后直接输入路由器IP地址:例如 192.168.0.1 (或者 192.168.1.1),然后登录框会出现(具体依赖于在您的路由器配置)-如果这样,输入用户名'admin',密码为空(或者是您设定好的那个)。

然后在左侧菜单,选择网络(Internet)然后选择高级设置(高级网络,Advanced Internet),然后点击/选择,[Special Applications|特殊应用程序(Special Applications)]:

在特殊应用程序(Special Applications)列表中添加或者替换成两行内容: (请不要删除您在使用和已经被可用的内容) (例如仅仅在Nr.5或者Nr.6后面添加新的amule应用程序)

创建如下全部内容:

amuleU4665 TCP-4665-4665 UDP-4665-4665

amuleU4672 TCP-4672-4672 UDP-4672-4672 )

(在我的应用列表中 “amuleU4665” 和 “amule4672”处于Nr1和Nr2,但可以在您列表中的任何位置)。

->点击左侧的小框[ ]中的类似amuleUxxxx的应用程序来使特殊应用程序可以工作。

然后点击[保存],接着点击[关闭]

接着在页面-高级网络(Advanced Internet)点击[保存]

最后的步骤就是点击左侧的“虚拟服务器(Virtual Servers)”菜单,“虚拟服务器页面会出现“

添加一个新的虚拟服务器,名称为:AmuleTCP

选择您电脑*IP地址:在下拉菜单中选择

选择:TCP

输入4662端口和4662端口(两个输入为同一端口)

然后[添加为新服务器(Add as new server)]

Then you are set to have High ID and Kad ON. Finished with the Low-ID, yellow arrows and Kad Firewalled. Now all you arrows should be green and you should have access to Kad and ed2K. 接着就会设置为拥有 高ID(HighID)和Kad网络允许(ON)。

特别注意:

  • 在您的电脑使用DHCP时您要更加小心(就像从路由器获取IP地址)。

路由器可能不会总给您的电脑相同的IP地址。 (通常情况下会这样,但是有时候会有所改变)。 如果您发现您获得了低ID,您有两个解决办法:(2个解决办法)

1)再次登回路由器,回到虚拟服务器 (virtual server),选择您建立的"amuleTCP虚拟服务器",在"PC(server)"中重新选择您的电脑。然后选择[更新此服务器(Update this server)]然后退出。这样应该可以了。

或者另外方法:

2)如果您愿意您可以给您的电脑配置固定IP地址。如果因为您的DHCP路由器总给您分配不同的IP地址而导致您经常获得低ID的话,您可以将您的电脑设置为静态IP模式或者DHCP保留地址。但是您在这之前需要知道您的DNS服务器地址。所以向您的ISP查看DNS服务器。然后将您的电脑配置成 固定DHCP (Fixed DHCP)/静态地址(Static Address)/手动地址(Manual Address)(这个名字是根据您运行的操作系统)。您的网络设置,输入您希望的IP地址,您的网关(即您的路由器IP地址)和从您的ISP获得的DNS地址。


假如您的 TRENDNet路由器崩溃或者停止从/到您装有aMule的电脑上的传输数据。(这个发生在我身上),应该:

- 减少连接限制到100(或者50)(在选项 Preferences -> 连接Connection)

- 减少"最多新建连接/5秒(Max new connections / 5 secs)"为10(或者5)(在选项 Preferences->Core Tweaksr)

停止amule并且重新启动aMule保证配置可以使用。


测试以保证您的配置正确。这会使您的路由器更稳定和防止路由器崩溃(就像您不得不重置路由并且/或者启动停止)。这或许对其他路由器也适用(?)。

(TRENDnet Firewall from RFV - --Robert364 17:05, 5 Nov 2006 (CET))

OpenBSD

OpenBSD上的防火墙叫做 packetfilter (pf),为了是aMule运行,您必须将下面规则添加到您的pf.conf文件(/etc/pf.conf):

 # aMule TCP 和 UDP
 rdr pass on egress proto tcp to port 4662 -> IPADDR
 rdr pass on egress proto udp to port 4672 -> IPADDR
 rdr pass on egress proto udp to port 4665 -> IPADDR

IPADDR是在网络上运行aMule电脑的内网IP地址。

所使用关键字egress,Pf能够自动猜测外部网络接口名称(连接互联网部分)(这意味着,对于默认路由器通过的网络接口,如果有更改它将动态更新)。

示例(运行aMule的电脑IP是192.168.1.10):

 # aMule TCP 和 UDP
 rdr pass on egress proto tcp to port 4662 -> 192.168.1.10
 rdr pass on egress proto udp to port 4672 -> 192.168.1.10
 rdr pass on egress proto udp to port 4665 -> 192.168.1.10

当然,为了使运行aMule的电脑必须有权限连接网络,所以也要添加下面规则:

 nat on egress from IPADDR to any -> (egress)

IPADDR是在网络上运行aMule电脑的内网IP地址。

示例(像上面):

 nat on egress from 192.168.1.10 to any -> (egress)

为了激活更改后的配置,重启或者执行下面命令:

 pfctl -f /etc/pf.conf

为了在启动时自动加载防火墙:

 echo PF=yes >> /etc/rc.conf.local


为了使KAD顺利连接而不是被防火墙阻拦,将下面内容放在pf.conf文件NAT字段的前面(因为NAT规则使用列表的第一个匹配,而不像pf.conf的其他部分):

 no nat on egress proto udp from 192.168.1.10 port 4672 to any

查看the FAQ中的为什么我的Kademlia仍然显示被防火墙阻拦?

这里找不到我的路由器类型怎么办?

如果您用的是其他类型的路由器,在网址: http://www.portforward.com/ 中 查看您对应类型的正确的A-Mule (或者 E-Mule)的 NAT-设置