Hi everybody! I''m very happy with shorewall, seems to safe my computer well, a little bit to well. But i''m sure it''s a mistake of mine: I can''t get edonkey working! They say that edonkey needs the following ports enabled: 4665 udp in / out 3665,4665,7665,8665 udp out 4661,4662,4666 tcp in thats what i wrote in the rules file: ACCEPT fw net udp 4665 ACCEPT net fw udp 4665 ACCEPT fw net udp 3665,4665,7665,8665 ACCEPT net fw tcp 4661,4662,4666 But this ~stupid~ (e)donkey can''t connect to any servers at all... and there are entries about it in /var/log/messages, "complaining" about those tries from edonkey i guess... Whats wrong? Apache for example works great with ports opened in the rules file! Please write back directly to me (and also to the list, though I''m not enlisted yet... but I will soon be!) Thank you very very much!!! Regards Simon Sunke
On Thu, 30 May 2002, Simon Sunke wrote:> Hi everybody! > > I''m very happy with shorewall, seems to safe my computer well, a little > bit to well. But i''m sure it''s a mistake of mine: > I can''t get edonkey working! They say that edonkey needs the following > ports enabled: > 4665 udp in / out > 3665,4665,7665,8665 udp out > 4661,4662,4666 tcp in > > thats what i wrote in the rules file: > ACCEPT fw net udp 4665 > ACCEPT net fw udp 4665 > ACCEPT fw net udp 3665,4665,7665,8665 > ACCEPT net fw tcp 4661,4662,4666 > > But this ~stupid~ (e)donkey can''t connect to any servers at all... and > there are entries about it in /var/log/messages, "complaining" about > those tries from edonkey i guess... >If you don''t let us see those messages, I don''t know how we can help you. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Hi again! (Thanks Tom...) I forgot some information: I use RedHat 7.2 with iptables 1.2.4. Here''s an extract of the /var/log/messages file May 30 22:34:35 Warrior kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=217.162.60.195 DST=194.109.18.201 LEN=60 TOS=0x00 PRE C=0x00 TTL=64 ID=13360 PROTO=TCP SPT=48138 DPT=4661 WINDOW=5840 RES=0x00 SYN URGP=0 May 30 22:34:35 Warrior kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=217.162.60.195 DST=213.229.33.5 LEN=60 TOS=0x00 PREC0x00 TTL=64 ID=13360 PROTO=TCP SPT=48139 DPT=4661 WINDOW=5840 RES=0x00 SYN URGP=0 May 30 22:34:36 Warrior kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=217.162.60.195 DST=213.114.97.161 LEN=60 TOS=0x00 PRE C=0x00 TTL=64 ID=13360 PROTO=TCP SPT=48140 DPT=4661 WINDOW=5840 RES=0x00 SYN URGP=0 May 30 22:34:36 Warrior kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=217.162.60.195 DST=213.221.129.121 LEN=60 TOS=0x00 PR EC=0x00 TTL=64 ID=13360 PROTO=TCP SPT=48141 DPT=4661 WINDOW=5840 RES=0x00 SYN URGP=0 May 30 22:34:36 Warrior kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=217.162.60.195 DST=217.128.201.224 LEN=60 TOS=0x00 PR EC=0x00 TTL=64 ID=13360 PROTO=TCP SPT=48142 DPT=4661 WINDOW=5840 RES=0x00 SYN URGP=0 So, can you help me on? Thank you! Simon --- ORIGINAL MESSAGE --- Hi everybody! I''m very happy with shorewall, seems to safe my computer well, a little bit to well. But i''m sure it''s a mistake of mine: I can''t get edonkey working! They say that edonkey needs the following ports enabled: 4665 udp in / out 3665,4665,7665,8665 udp out 4661,4662,4666 tcp in thats what i wrote in the rules file: ACCEPT fw net udp 4665 ACCEPT net fw udp 4665 ACCEPT fw net udp 3665,4665,7665,8665 ACCEPT net fw tcp 4661,4662,4666 But this ~stupid~ (e)donkey can''t connect to any servers at all... and there are entries about it in /var/log/messages, "complaining" about those tries from edonkey i guess... Whats wrong? Apache for example works great with ports opened in the rules file! Please write back directly to me (and also to the list, though I''m not enlisted yet... but I will soon be!) Thank you very very much!!! Regards Simon Sunke
On Thu, 30 May 2002, Simon Sunke wrote:> Hi again! > (Thanks Tom...) > > I forgot some information: > I use RedHat 7.2 with iptables 1.2.4. > > Here''s an extract of the /var/log/messages file > May 30 22:34:35 Warrior kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 > SRC=217.162.60.195 DST=194.109.18.201 LEN=60 TOS=0x00 PRE > C=0x00 TTL=64 ID=13360 PROTO=TCP SPT=48138 DPT=4661 WINDOW=5840 RES=0x00 > SYN URGP=0 > May 30 22:34:35 Warrior kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 > SRC=217.162.60.195 DST=213.229.33.5 LEN=60 TOS=0x00 PREC> 0x00 TTL=64 ID=13360 PROTO=TCP SPT=48139 DPT=4661 WINDOW=5840 RES=0x00 > SYN URGP=0 > May 30 22:34:36 Warrior kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 > SRC=217.162.60.195 DST=213.114.97.161 LEN=60 TOS=0x00 PRE > C=0x00 TTL=64 ID=13360 PROTO=TCP SPT=48140 DPT=4661 WINDOW=5840 RES=0x00 > SYN URGP=0 > May 30 22:34:36 Warrior kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 > SRC=217.162.60.195 DST=213.221.129.121 LEN=60 TOS=0x00 PR > EC=0x00 TTL=64 ID=13360 PROTO=TCP SPT=48141 DPT=4661 WINDOW=5840 > RES=0x00 SYN URGP=0 > May 30 22:34:36 Warrior kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 > SRC=217.162.60.195 DST=217.128.201.224 LEN=60 TOS=0x00 PR > EC=0x00 TTL=64 ID=13360 PROTO=TCP SPT=48142 DPT=4661 WINDOW=5840 > RES=0x00 SYN URGP=0 > > So, can you help me on? >Looks like you need to enable TCP port 4661 for output from the firewall. And I think you could have concluded that yourself if you had compared the above messages to the ones in the sample at http://www.shorewall.net/troubleshoot.htm. The fact that there is no IN= interface means that the packets are originating on the firewall. The OUT=eth0 means that they are being sent out eth0 (which I assume is your internet interface). You can see the PROTO=TCP and DPT=4661 which indicates that the packets are being sent to TCP port 4661 Hence: ACCEPT fw net tcp 4661 After you do that, you may still have problems but you can just look at the messages and determine what other rules you may need. This isn''t brain surgery... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net