Firewall

From AMule Project FAQ
Revision as of 10:30, 31 May 2005 by Ateo (Talk | contribs)

Jump to: navigation, search
English | Español

IPTables Configuration

NOTE: If you run SuSE Linux, try this HowTo first.

If you set TCP port in aMule to XX and UDP port to YY then you have to set your firewall like this:

iptables -A INPUT -p tcp --dport XX -j ACCEPT
iptables -A INPUT -p udp --dport XX+3 -j ACCEPT
iptables -A INPUT -p udp --dport YY -j ACCEPT

If you are building your iptables-rules from scratch, you also need to allow ESTABLISHED and RELATED traffic to come through your firewall:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

And you must enable traffic to leave your machine aswell, by either allowing all outgoing traffic:

iptables -P OUTPUT ACCEPT

or specifying special rules.

NOTE: for Mandrake 10.0 Official and iptables you may have to change the multi-port entry to iptables -A INPUT -p udp --dport XX:ZZ -j ACCEPT where XX is the same TCP port number used in first line and ZZ is that number plus 3 (eg: 4662:4665)

If you want to setup aMule behind a NAT gateway, you should add these lines to your iptables configuration script, on the gateway :

EXTIF is your external interface

EMULEPORT=4662
EMULEUDP=4672
EMULEUDP2=`expr $EMULEPORT + 3`
EMULEHOST=10.0.0.2
iptables -t nat -A PREROUTING -i $EXTIF -p tcp --destination-port $EMULEPORT -j DNAT --to-destination $EMULEHOST:$EMULEPORT
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP -j DNAT --to-destination $EMULEHOST:$EMULEUDP
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP2 -j DNAT --to-destination $EMULEHOST:$EMULEUDP2

You also should make sure that your FORWARD-string is set up correctly. Usually, you will have an entry like this:

iptables -A FORWARD -i $EXTIF -o $INTIF -d $EMULEHOST -m state --state ESTABLISHED,RELATED -j ACCEPT

where INTIF is your internal interface and EMULEHOST is the host running the eD2k server on your internal network.

This will prevent new connections. So, you should allow all forwarding for aMule-related ports:

iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport $EMULEPORT -d $EMULEHOST -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP -d $EMULEHOST -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP2 -d $EMULEHOST -j ACCEPT

Once everything is set, you can check here if your ports are now open.

Linksys Router configuration

This portion of the wiki applies only to stock versions of the Linksys firmware. If you are using a Linksys router running a variant of the GPL Code, please follow the guides directly above as you are most likely using iptables.

Log into your Linksys router. After successfully logging in, click on the main menu link labeled Applications & Gaming after which you should see an additional submenu list for this section. Make sure you are under the correct submenu by clicking Port Range Forwarding.

At this point, you should see a table with 6 columns. The columns are: Application, Start to, End, Protocol, IP Address, Enable.

The Application column
Friendly name for the service. Put anything you want here, aMule being suggested.

The Start to -> End column
Start and end ports. Start to should be 4662 but, in the end, this should reflect whatever port you have defined in aMule Preferences -> Connection -> Client TCP Port. End should be 4672 but, in the end, this should reflect whatever port you have defined in aMule Preferences -> Connection -> eMule extended UDP Port.

I suggest using 2 separate entries for each port unless this is not possible.

The Protocol column
Protocol to listen for. If you use one line to open your aMule ports, set this option to Both. If you use a separate entry line for each, select option TCP for Client TCP Port and option UDP for eMule extended UDP Port.

The IP Address column
Internal IP address to forward requests to. This is typically the internal (private) IP address of the computer that will use aMule.

The Enable column
Enable rule. You'll need to check this in order to enable your aMule rules.

After adding your rule, make sure you save your settings. You can verify whether your rules work by testing your ports.

DLink Router configuration

Information on configuring a DLink router for aMule coming soon...