Hi! I don;t know what i am doing wrong because i have still Low ID on aMule. I have action.AllowaMule and accept tcp 4662:4771 and udp 4672. Thanks, Mitja
ajtiM wrote:> Hi! > > I don;t know what i am doing wrong because i have still Low ID on aMule. I > have action.AllowaMule and accept tcp 4662:4771 and udp 4672. >>From what little you have told us, we can''t tell what you are doingwrong either. See http://shorewall.net/support.htm#Guidelines -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> ajtiM wrote:>>I don;t know what i am doing wrong because i have still Low ID on aMule. I >>have action.AllowaMule and accept tcp 4662:4771 and udp 4672.>From what little you have told us, we can''t tell what you are doing > wrong either. >However, at http://www.amule.org/wiki/index.php/Firewall, I find: If you set TCP port in aMule to XX and UDP port to YY then you have to set your firewall like this: iptables -A INPUT -p tcp --dport XX -j ACCEPT iptables -A INPUT -p udp --dport XX+3 -j ACCEPT iptables -A INPUT -p udp --dport YY -j ACCEPT So that means that for input, you need to open 1 tcp port and two UDP ports.>From the above description of your action.AllowaMule file, it appears thatit opens 10 TCP ports and 1 UDP port. Either you or the amule wiki is wrong -- somehow, I''m betting that it is you who are in error... Of course, all of this assumes that you are running amule on your Shorewall box (which is the only way that using an action makes sense). You haven''t even bothered to give us that piece of information. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Saturday 09 April 2005 18:15, ajtiM wrote:> Hi! > > I don;t know what i am doing wrong because i have still Low ID on aMule. I > have action.AllowaMule and accept tcp 4662:4771 and udp 4672. > > Thanks, > > MitjaI need to have open ports: TCP 4662, 4771, 4772 and UDP 4672. I have in the action.AllowaMule: accept tcp 4662:4771 accept udp 4672 When i connected to the server i get a Low ID. This happened on the Ubuntu Linux with Shorewall firewall but under SuSE lInux and SuSE Firewall i get a High ID.
On Saturday 09 April 2005 20:39, Tom Eastep wrote:> Tom Eastep wrote: > > ajtiM wrote: > >>I don;t know what i am doing wrong because i have still Low ID on aMule. > >> I have action.AllowaMule and accept tcp 4662:4771 and udp 4672. > > > >From what little you have told us, we can''t tell what you are doing > > wrong either. > > However, at http://www.amule.org/wiki/index.php/Firewall, I find: > > If you set TCP port in aMule to XX and UDP port to YY then you have > to set your firewall like this: > > iptables -A INPUT -p tcp --dport XX -j ACCEPT > iptables -A INPUT -p udp --dport XX+3 -j ACCEPT > iptables -A INPUT -p udp --dport YY -j ACCEPT > > So that means that for input, you need to open 1 tcp port and two UDP > ports. > > >From the above description of your action.AllowaMule file, it appears that > > it opens 10 TCP ports and 1 UDP port. > > Either you or the amule wiki is wrong -- somehow, I''m betting that it is > you who are in error... > > Of course, all of this assumes that you are running amule on your Shorewall > box (which is the only way that using an action makes sense). You haven''t > even bothered to give us that piece of information. > > -TomI running amule un Ubuntu Linux and Shorewall Firewall running. I read on emule site: 1) Local Port: 4662 Remote Port: any Protocol: TCP Direction: incoming Purpose: Client Port / Connections from other clients, Client to Client Source Exchange Note: You can change this port in Preferences -> Connection -> Client Port This port has to be forwarded in a router. Changing this port in Preferences you must also change the forwarding in the router 2) Local Port: any Remote Port: 4662 Protocol: TCP Direction: outgoing Purpose: Client Port / Connections to other clients, Client to Client Source Exchange Note: 4662 is the default port, but other clients may have different settings. Change the remote port to any when configuring a firewall 3) Local Port: 4672 Remote Port: any Protocol: UDP Direction: incoming Purpose: Clients source asking / extended eMule protocol, Queue Rating, File Reask Ping Note: This port has to be forwarded in a router. Changing this port in Preferences you must also change the forwarding in the router. If you are not able to forward this port check the disable box in Preferences -> Connection -> UDP Port 4) Local Port: any Remote Port: 4672 Protocol: UDP Direction: outgoing Purpose: Clients source asking / extended eMule protocol, Queue Rating, File Reask Ping Note: 4672 is the default port, but other clients may have different settings. Change the remote port to any when configuring a firewall 5) Local Port: any Remote Port: 4661 Protocol: TCP Direction: outgoing Purpose: Connection to server Note: 4661 is the default port of a server. Many server use different ports. Configuring a firewall the remote port again changes to any. 6) Local Port: any Remote Port: 4665 Protocol: UDP Direction: outgoing Purpose: Source asking on servers Note: Servers using the default port 4661 TCP (see #5) automatically set their port for source asking to 4665 UDP. If a server uses a different port in #5 the corresponding UDP port is set to [Connection Port + 4]. For firewalls the remote port here is any. 7) Local Port: 4711 Remote Port: any Protocol: TCP Direction: incoming Purpose: Webserver Note: This is the default port for the web interface. When using a router this port has to be forwarded or no connection to the webserver will be possible. ....and i have in action Allow as i wrote before: ACCEPT - - udp 4672 ACCEPT - - udp 4665 ACCEPT - - tcp 4662 ACCEPT - - tcp 4711 ACCEPT - - tcp 4661 I have this file in /etc/shorewall/ and also in /usr/share/shorewall
ajtiM wrote:> I have this file in /etc/shorewall/ and also in /usr/share/shorewallTo the list: If you feel like it, please help ajtiM I''m not answering any more posts from this person. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
On Saturday 09 April 2005 20:39, Tom Eastep wrote:> Tom Eastep wrote: > > ajtiM wrote: > >>I don;t know what i am doing wrong because i have still Low ID on aMule. > >> I have action.AllowaMule and accept tcp 4662:4771 and udp 4672. > > > >From what little you have told us, we can''t tell what you are doing > > wrong either. > > However, at http://www.amule.org/wiki/index.php/Firewall, I find: > > If you set TCP port in aMule to XX and UDP port to YY then you have > to set your firewall like this: > > iptables -A INPUT -p tcp --dport XX -j ACCEPT > iptables -A INPUT -p udp --dport XX+3 -j ACCEPT > iptables -A INPUT -p udp --dport YY -j ACCEPT > > So that means that for input, you need to open 1 tcp port and two UDP > ports. > > >From the above description of your action.AllowaMule file, it appears that > > it opens 10 TCP ports and 1 UDP port. > > Either you or the amule wiki is wrong -- somehow, I''m betting that it is > you who are in error... > > Of course, all of this assumes that you are running amule on your Shorewall > box (which is the only way that using an action makes sense). You haven''t > even bothered to give us that piece of information. > > -TomIt is mine Shorewall init log: Loading /usr/share/shorewall/functions... Processing /etc/shorewall/shorewall.conf... Loading Modules... Stopping Shorewall...done. Loading /usr/share/shorewall/functions... Processing /etc/shorewall/shorewall.conf... Loading Modules... Starting Shorewall... Initializing... Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Connection Tracking Match: Available Determining Zones... Zones: net loc dmz Validating interfaces file... Validating hosts file... Validating Policy file... Determining Hosts in Zones... Net Zone: eth0:0.0.0.0/0 Warning: Zone loc is empty Warning: Zone dmz is empty Deleting user chains... Creating Interface Chains... Configuring Proxy ARP Setting up NAT... Setting up NETMAP... Adding Common Rules Adding rules for DHCP Enabling RFC1918 Filtering Setting up TCP Flags checking... Setting up Kernel Route Filtering... Pre-processing Actions... Pre-processing /usr/share/shorewall/action.DropSMB... Pre-processing /usr/share/shorewall/action.RejectSMB... Pre-processing /usr/share/shorewall/action.DropUPnP... Pre-processing /usr/share/shorewall/action.RejectAuth... Pre-processing /usr/share/shorewall/action.DropPing... Pre-processing /usr/share/shorewall/action.DropDNSrep... Pre-processing /usr/share/shorewall/action.AllowPing... Pre-processing /usr/share/shorewall/action.AllowFTP... Pre-processing /usr/share/shorewall/action.AllowDNS... Pre-processing /etc/shorewall/action.AllowSSH... Pre-processing /usr/share/shorewall/action.AllowWeb... Pre-processing /usr/share/shorewall/action.AllowSMB... Pre-processing /usr/share/shorewall/action.AllowAuth... Pre-processing /usr/share/shorewall/action.AllowSMTP... Pre-processing /usr/share/shorewall/action.AllowPOP3... Pre-processing /usr/share/shorewall/action.AllowIMAP... Pre-processing /usr/share/shorewall/action.AllowTelnet... Pre-processing /etc/shorewall/action.AllowVNC... Pre-processing /usr/share/shorewall/action.AllowVNCL... Pre-processing /usr/share/shorewall/action.AllowNTP... Pre-processing /usr/share/shorewall/action.AllowRdate... Pre-processing /usr/share/shorewall/action.AllowNNTP... Pre-processing /usr/share/shorewall/action.AllowTrcrt... Pre-processing /usr/share/shorewall/action.AllowSNMP... Pre-processing /usr/share/shorewall/action.AllowPCA... Pre-processing /usr/share/shorewall/action.AllowSPAMD... Pre-processing /usr/share/shorewall/action.AllowSyslog... Pre-processing /usr/share/shorewall/action.AllowAmanda... Pre-processing /usr/share/shorewall/action.AllowLDAP... Pre-processing /usr/share/shorewall/action.AllowICQ... Pre-processing /etc/shorewall/action.AllowBitTorrent... Pre-processing /usr/share/shorewall/action.AllowSMBswat... Pre-processing /usr/share/shorewall/action.DropSMTP... Pre-processing /etc/shorewall/action.AllowCVS... Pre-processing /usr/share/shorewall/action.AllowSVN... Pre-processing /usr/share/shorewall/action.AllowMySQL... Pre-processing /usr/share/shorewall/action.AllowPostgreSQL... Pre-processing /usr/share/shorewall/action.AllowRsync... Pre-processing /usr/share/shorewall/action.AllowDistcc... Pre-processing /usr/share/shorewall/action.Drop... Pre-processing /usr/share/shorewall/action.Reject... Processing /etc/shorewall/rules... Processing Actions... Processing /usr/share/shorewall/action.Drop... Rule "RejectAuth" added. Rule "dropBcast" added. Rule "dropInvalid" added. Rule "DropSMB" added. Rule "DropUPnP" added. Rule "dropNotSyn" added. Rule "DropDNSrep" added. Processing /usr/share/shorewall/action.Reject... Rule "RejectAuth" added. Rule "dropBcast" added. Rule "RejectAuth" added. Rule "dropBcast" added. Rule "dropInvalid" added. Rule "RejectSMB" added. Rule "DropUPnP" added. Rule "dropNotSyn" added. Rule "DropDNSrep" added. Processing /usr/share/shorewall/action.RejectAuth... Rule "REJECT - - tcp 113" added. Processing /usr/share/shorewall/action.DropSMB... Rule "DROP - - udp 135" added. Rule "DROP - - udp 137:139" added. Rule "DROP - - udp 445" added. Rule "DROP - - tcp 135" added. Rule "DROP - - tcp 139" added. Rule "DROP - - tcp 445" added. Processing /usr/share/shorewall/action.DropUPnP... Rule "DROP - - udp 1900" added. Processing /usr/share/shorewall/action.DropDNSrep... Rule "DROP - - udp - 53" added. Processing /usr/share/shorewall/action.RejectSMB... Rule "REJECT - - udp 135" added. Rule "REJECT - - udp 137:139" added. Rule "REJECT - - udp 445" added. Rule "REJECT - - tcp 135" added. Rule "REJECT - - tcp 139" added. Rule "REJECT - - tcp 445" added. Processing /etc/shorewall/policy... Policy ACCEPT for fw to net using chain fw2net Activating Rules... Shorewall Started
The way I fixed LowID when I was behind a router was forwarding ports. Try setting a DNAT rule to your local IP with the ports ,just a guess. On Apr 9, 2005 7:48 PM, ajtiM <ajtim@ctel.net> wrote:> On Saturday 09 April 2005 20:39, Tom Eastep wrote: > > Tom Eastep wrote: > > > ajtiM wrote: > > >>I don;t know what i am doing wrong because i have still Low ID on aMule. > > >> I have action.AllowaMule and accept tcp 4662:4771 and udp 4672. > > > > > >From what little you have told us, we can''t tell what you are doing > > > wrong either. > > > > However, at http://www.amule.org/wiki/index.php/Firewall, I find: > > > > If you set TCP port in aMule to XX and UDP port to YY then you have > > to set your firewall like this: > > > > iptables -A INPUT -p tcp --dport XX -j ACCEPT > > iptables -A INPUT -p udp --dport XX+3 -j ACCEPT > > iptables -A INPUT -p udp --dport YY -j ACCEPT > > > > So that means that for input, you need to open 1 tcp port and two UDP > > ports. > > > > >From the above description of your action.AllowaMule file, it appears that > > > > it opens 10 TCP ports and 1 UDP port. > > > > Either you or the amule wiki is wrong -- somehow, I''m betting that it is > > you who are in error... > > > > Of course, all of this assumes that you are running amule on your Shorewall > > box (which is the only way that using an action makes sense). You haven''t > > even bothered to give us that piece of information. > > > > -Tom > > It is mine Shorewall init log: > > Loading /usr/share/shorewall/functions... > Processing /etc/shorewall/shorewall.conf... > Loading Modules... > Stopping Shorewall...done. > Loading /usr/share/shorewall/functions... > Processing /etc/shorewall/shorewall.conf... > Loading Modules... > Starting Shorewall... > Initializing... > Shorewall has detected the following iptables/netfilter capabilities: > NAT: Available > Packet Mangling: Available > Multi-port Match: Available > Connection Tracking Match: Available > Determining Zones... > Zones: net loc dmz > Validating interfaces file... > Validating hosts file... > Validating Policy file... > Determining Hosts in Zones... > Net Zone: eth0:0.0.0.0/0 > Warning: Zone loc is empty > Warning: Zone dmz is empty > Deleting user chains... > Creating Interface Chains... > Configuring Proxy ARP > Setting up NAT... > Setting up NETMAP... > Adding Common Rules > Adding rules for DHCP > Enabling RFC1918 Filtering > Setting up TCP Flags checking... > Setting up Kernel Route Filtering... > Pre-processing Actions... > Pre-processing /usr/share/shorewall/action.DropSMB... > Pre-processing /usr/share/shorewall/action.RejectSMB... > Pre-processing /usr/share/shorewall/action.DropUPnP... > Pre-processing /usr/share/shorewall/action.RejectAuth... > Pre-processing /usr/share/shorewall/action.DropPing... > Pre-processing /usr/share/shorewall/action.DropDNSrep... > Pre-processing /usr/share/shorewall/action.AllowPing... > Pre-processing /usr/share/shorewall/action.AllowFTP... > Pre-processing /usr/share/shorewall/action.AllowDNS... > Pre-processing /etc/shorewall/action.AllowSSH... > Pre-processing /usr/share/shorewall/action.AllowWeb... > Pre-processing /usr/share/shorewall/action.AllowSMB... > Pre-processing /usr/share/shorewall/action.AllowAuth... > Pre-processing /usr/share/shorewall/action.AllowSMTP... > Pre-processing /usr/share/shorewall/action.AllowPOP3... > Pre-processing /usr/share/shorewall/action.AllowIMAP... > Pre-processing /usr/share/shorewall/action.AllowTelnet... > Pre-processing /etc/shorewall/action.AllowVNC... > Pre-processing /usr/share/shorewall/action.AllowVNCL... > Pre-processing /usr/share/shorewall/action.AllowNTP... > Pre-processing /usr/share/shorewall/action.AllowRdate... > Pre-processing /usr/share/shorewall/action.AllowNNTP... > Pre-processing /usr/share/shorewall/action.AllowTrcrt... > Pre-processing /usr/share/shorewall/action.AllowSNMP... > Pre-processing /usr/share/shorewall/action.AllowPCA... > Pre-processing /usr/share/shorewall/action.AllowSPAMD... > Pre-processing /usr/share/shorewall/action.AllowSyslog... > Pre-processing /usr/share/shorewall/action.AllowAmanda... > Pre-processing /usr/share/shorewall/action.AllowLDAP... > Pre-processing /usr/share/shorewall/action.AllowICQ... > Pre-processing /etc/shorewall/action.AllowBitTorrent... > Pre-processing /usr/share/shorewall/action.AllowSMBswat... > Pre-processing /usr/share/shorewall/action.DropSMTP... > Pre-processing /etc/shorewall/action.AllowCVS... > Pre-processing /usr/share/shorewall/action.AllowSVN... > Pre-processing /usr/share/shorewall/action.AllowMySQL... > Pre-processing /usr/share/shorewall/action.AllowPostgreSQL... > Pre-processing /usr/share/shorewall/action.AllowRsync... > Pre-processing /usr/share/shorewall/action.AllowDistcc... > Pre-processing /usr/share/shorewall/action.Drop... > Pre-processing /usr/share/shorewall/action.Reject... > Processing /etc/shorewall/rules... > Processing Actions... > Processing /usr/share/shorewall/action.Drop... > Rule "RejectAuth" added. > Rule "dropBcast" added. > Rule "dropInvalid" added. > Rule "DropSMB" added. > Rule "DropUPnP" added. > Rule "dropNotSyn" added. > Rule "DropDNSrep" added. > Processing /usr/share/shorewall/action.Reject... > Rule "RejectAuth" added. > Rule "dropBcast" added. > Rule "RejectAuth" added. > Rule "dropBcast" added. > Rule "dropInvalid" added. > Rule "RejectSMB" added. > Rule "DropUPnP" added. > Rule "dropNotSyn" added. > Rule "DropDNSrep" added. > Processing /usr/share/shorewall/action.RejectAuth... > Rule "REJECT - - tcp 113" added. > Processing /usr/share/shorewall/action.DropSMB... > Rule "DROP - - udp 135" added. > Rule "DROP - - udp 137:139" added. > Rule "DROP - - udp 445" added. > Rule "DROP - - tcp 135" added. > Rule "DROP - - tcp 139" added. > Rule "DROP - - tcp 445" added. > Processing /usr/share/shorewall/action.DropUPnP... > Rule "DROP - - udp 1900" added. > Processing /usr/share/shorewall/action.DropDNSrep... > Rule "DROP - - udp - 53" added. > Processing /usr/share/shorewall/action.RejectSMB... > Rule "REJECT - - udp 135" added. > Rule "REJECT - - udp 137:139" added. > Rule "REJECT - - udp 445" added. > Rule "REJECT - - tcp 135" added. > Rule "REJECT - - tcp 139" added. > Rule "REJECT - - tcp 445" added. > Processing /etc/shorewall/policy... > Policy ACCEPT for fw to net using chain fw2net > Activating Rules... > Shorewall Started > > > _______________________________________________ > Shorewall-users mailing list > Post: Shorewall-users@lists.shorewall.net > Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users > Support: http://www.shorewall.net/support.htm > FAQ: http://www.shorewall.net/FAQ.htm >-- Dustin Carl
I''ll give you ONE MORE CHANCE: ajtiM wrote:> > It is mine Shorewall init log: > > Loading /usr/share/shorewall/functions... > Processing /etc/shorewall/shorewall.conf... > Loading Modules... > Stopping Shorewall...done. > Loading /usr/share/shorewall/functions... > Processing /etc/shorewall/shorewall.conf... > Loading Modules... > Starting Shorewall... > Initializing... > Shorewall has detected the following iptables/netfilter capabilities: > NAT: Available > Packet Mangling: Available > Multi-port Match: Available > Connection Tracking Match: AvailableThis has to be an OLD version of Shorewall.> Determining Zones... > Zones: net loc dmz > Validating interfaces file... > Validating hosts file... > Validating Policy file... > Determining Hosts in Zones... > Net Zone: eth0:0.0.0.0/0 > Warning: Zone loc is empty > Warning: Zone dmz is emptyThis doesn''t look good -- it means that you have not set up Shorewall correctly. You really should visit http://shorewall.net/shorewall_quickstart_guide.htm> Deleting user chains... > Creating Interface Chains... > Configuring Proxy ARP > Setting up NAT... > Setting up NETMAP... > Adding Common Rules > Adding rules for DHCP > Enabling RFC1918 Filtering > Setting up TCP Flags checking... > Setting up Kernel Route Filtering... > Pre-processing Actions... > Pre-processing /usr/share/shorewall/action.DropSMB... > Pre-processing /usr/share/shorewall/action.RejectSMB... > Pre-processing /usr/share/shorewall/action.DropUPnP... > Pre-processing /usr/share/shorewall/action.RejectAuth... > Pre-processing /usr/share/shorewall/action.DropPing... > Pre-processing /usr/share/shorewall/action.DropDNSrep... > Pre-processing /usr/share/shorewall/action.AllowPing... > Pre-processing /usr/share/shorewall/action.AllowFTP... > Pre-processing /usr/share/shorewall/action.AllowDNS... > Pre-processing /etc/shorewall/action.AllowSSH... > Pre-processing /usr/share/shorewall/action.AllowWeb... > Pre-processing /usr/share/shorewall/action.AllowSMB... > Pre-processing /usr/share/shorewall/action.AllowAuth... > Pre-processing /usr/share/shorewall/action.AllowSMTP... > Pre-processing /usr/share/shorewall/action.AllowPOP3... > Pre-processing /usr/share/shorewall/action.AllowIMAP... > Pre-processing /usr/share/shorewall/action.AllowTelnet... > Pre-processing /etc/shorewall/action.AllowVNC... > Pre-processing /usr/share/shorewall/action.AllowVNCL... > Pre-processing /usr/share/shorewall/action.AllowNTP... > Pre-processing /usr/share/shorewall/action.AllowRdate... > Pre-processing /usr/share/shorewall/action.AllowNNTP... > Pre-processing /usr/share/shorewall/action.AllowTrcrt... > Pre-processing /usr/share/shorewall/action.AllowSNMP... > Pre-processing /usr/share/shorewall/action.AllowPCA... > Pre-processing /usr/share/shorewall/action.AllowSPAMD... > Pre-processing /usr/share/shorewall/action.AllowSyslog... > Pre-processing /usr/share/shorewall/action.AllowAmanda... > Pre-processing /usr/share/shorewall/action.AllowLDAP... > Pre-processing /usr/share/shorewall/action.AllowICQ... > Pre-processing /etc/shorewall/action.AllowBitTorrent... > Pre-processing /usr/share/shorewall/action.AllowSMBswat... > Pre-processing /usr/share/shorewall/action.DropSMTP... > Pre-processing /etc/shorewall/action.AllowCVS... > Pre-processing /usr/share/shorewall/action.AllowSVN... > Pre-processing /usr/share/shorewall/action.AllowMySQL... > Pre-processing /usr/share/shorewall/action.AllowPostgreSQL... > Pre-processing /usr/share/shorewall/action.AllowRsync... > Pre-processing /usr/share/shorewall/action.AllowDistcc... > Pre-processing /usr/share/shorewall/action.Drop... > Pre-processing /usr/share/shorewall/action.Reject...We didn''t see either copy of action.AllowAmule: Two things: 1) You NEVER add or change any file in /usr/share/shorewall! You should add your actions in /etc/shorewall. 2) When you add an action, you must add it to /etc/shorewall/actions! See http://shorewall.net/Actions.html.> Processing /etc/shorewall/rules... > Processing Actions...The above means that you have no rules -- more evidence that Shorewall isn''t installed correctly. And defining an action like action.AllowAmule does nothing UNLESS YOU HAVE A RULE THAT INVOKES THE ACTION. In your case, you want: AllowAmule net fw> Processing /usr/share/shorewall/action.Drop... > Rule "RejectAuth" added. > Rule "dropBcast" added. > Rule "dropInvalid" added. > Rule "DropSMB" added. > Rule "DropUPnP" added. > Rule "dropNotSyn" added. > Rule "DropDNSrep" added. > Processing /usr/share/shorewall/action.Reject... > Rule "RejectAuth" added. > Rule "dropBcast" added. > Rule "RejectAuth" added. > Rule "dropBcast" added. > Rule "dropInvalid" added. > Rule "RejectSMB" added. > Rule "DropUPnP" added. > Rule "dropNotSyn" added. > Rule "DropDNSrep" added. > Processing /usr/share/shorewall/action.RejectAuth... > Rule "REJECT - - tcp 113" added. > Processing /usr/share/shorewall/action.DropSMB... > Rule "DROP - - udp 135" added. > Rule "DROP - - udp 137:139" added. > Rule "DROP - - udp 445" added. > Rule "DROP - - tcp 135" added. > Rule "DROP - - tcp 139" added. > Rule "DROP - - tcp 445" added. > Processing /usr/share/shorewall/action.DropUPnP... > Rule "DROP - - udp 1900" added. > Processing /usr/share/shorewall/action.DropDNSrep... > Rule "DROP - - udp - 53" added. > Processing /usr/share/shorewall/action.RejectSMB... > Rule "REJECT - - udp 135" added. > Rule "REJECT - - udp 137:139" added. > Rule "REJECT - - udp 445" added. > Rule "REJECT - - tcp 135" added. > Rule "REJECT - - tcp 139" added. > Rule "REJECT - - tcp 445" added. > Processing /etc/shorewall/policy... > Policy ACCEPT for fw to net using chain fw2net > Activating Rules... > Shorewall Started-Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Dustin Carl wrote:> The way I fixed LowID when I was behind a router was forwarding ports. > Try setting a DNAT rule to your local IP with the ports ,just a guess. >ajtiM has a standalone Linux box with Shorewall: a) Shorewall isn''t installed correctly. b) He has created an action.AllowAmule file but hasn''t created a net->fw rules that invokes it. Additionally, he has placed his action.AllowAmule file in /usr/share/shorewall. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
Tom Eastep wrote:> Dustin Carl wrote: >>The way I fixed LowID when I was behind a router was forwarding ports. >>Try setting a DNAT rule to your local IP with the ports ,just a guess. >> > > ajtiM has a standalone Linux box with Shorewall: > > a) Shorewall isn''t installed correctly. > b) He has created an action.AllowAmule file but hasn''t created a net->fw > rules that invokes it. Additionally, he has placed his action.AllowAmule > file in /usr/share/shorewall.Also, he has not added his ''AllowAmule'' action to /etc/shorewall/actions even though http://shorewall.net/Actions.html#id2452710 clearly outlines the steps required to define your own action. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
> On Saturday 09 April 2005 20:39, Tom Eastep wrote:> > > ajtiM wrote: > > >>I don;t know what i am doing wrong because i have still Low ID on aMule. > > >> I have action.AllowaMule and accept tcp 4662:4771 and udp 4672.1.please.follow the problem reporting guidelines here: http://shorewall.net/support.htm#Guidelines get a RECENT shorewall version.. whats the deal using OLD software? 2. and come on ¡¡ RTFM please ¡¡ custom actions needs to be placed in /etc/shorewall DONT MODIFY /usr/share/shorewall ¡¡>tom wrote: >To the list: If you feel like it, please help ajtiM>I''m not answering any more posts from this person.I know Tom,its a very anoyying thing,its clearly specified on the support page,I really understand you. ajTm..we are not magicians,just tech people,please provide the necessary information. bye
On Saturday 09 April 2005 22:12, Tom Eastep wrote:> I''ll give you ONE MORE CHANCE: > > ajtiM wrote: > > It is mine Shorewall init log: > > > > Loading /usr/share/shorewall/functions... > > Processing /etc/shorewall/shorewall.conf... > > Loading Modules... > > Stopping Shorewall...done. > > Loading /usr/share/shorewall/functions... > > Processing /etc/shorewall/shorewall.conf... > > Loading Modules... > > Starting Shorewall... > > Initializing... > > Shorewall has detected the following iptables/netfilter capabilities: > > NAT: Available > > Packet Mangling: Available > > Multi-port Match: Available > > Connection Tracking Match: Available > > This has to be an OLD version of Shorewall. > > > Determining Zones... > > Zones: net loc dmz > > Validating interfaces file... > > Validating hosts file... > > Validating Policy file... > > Determining Hosts in Zones... > > Net Zone: eth0:0.0.0.0/0 > > Warning: Zone loc is empty > > Warning: Zone dmz is empty > > This doesn''t look good -- it means that you have not set up Shorewall > correctly. > > You really should visit http://shorewall.net/shorewall_quickstart_guide.htm > > > Deleting user chains... > > Creating Interface Chains... > > Configuring Proxy ARP > > Setting up NAT... > > Setting up NETMAP... > > Adding Common Rules > > Adding rules for DHCP > > Enabling RFC1918 Filtering > > Setting up TCP Flags checking... > > Setting up Kernel Route Filtering... > > Pre-processing Actions... > > Pre-processing /usr/share/shorewall/action.DropSMB... > > Pre-processing /usr/share/shorewall/action.RejectSMB... > > Pre-processing /usr/share/shorewall/action.DropUPnP... > > Pre-processing /usr/share/shorewall/action.RejectAuth... > > Pre-processing /usr/share/shorewall/action.DropPing... > > Pre-processing /usr/share/shorewall/action.DropDNSrep... > > Pre-processing /usr/share/shorewall/action.AllowPing... > > Pre-processing /usr/share/shorewall/action.AllowFTP... > > Pre-processing /usr/share/shorewall/action.AllowDNS... > > Pre-processing /etc/shorewall/action.AllowSSH... > > Pre-processing /usr/share/shorewall/action.AllowWeb... > > Pre-processing /usr/share/shorewall/action.AllowSMB... > > Pre-processing /usr/share/shorewall/action.AllowAuth... > > Pre-processing /usr/share/shorewall/action.AllowSMTP... > > Pre-processing /usr/share/shorewall/action.AllowPOP3... > > Pre-processing /usr/share/shorewall/action.AllowIMAP... > > Pre-processing /usr/share/shorewall/action.AllowTelnet... > > Pre-processing /etc/shorewall/action.AllowVNC... > > Pre-processing /usr/share/shorewall/action.AllowVNCL... > > Pre-processing /usr/share/shorewall/action.AllowNTP... > > Pre-processing /usr/share/shorewall/action.AllowRdate... > > Pre-processing /usr/share/shorewall/action.AllowNNTP... > > Pre-processing /usr/share/shorewall/action.AllowTrcrt... > > Pre-processing /usr/share/shorewall/action.AllowSNMP... > > Pre-processing /usr/share/shorewall/action.AllowPCA... > > Pre-processing /usr/share/shorewall/action.AllowSPAMD... > > Pre-processing /usr/share/shorewall/action.AllowSyslog... > > Pre-processing /usr/share/shorewall/action.AllowAmanda... > > Pre-processing /usr/share/shorewall/action.AllowLDAP... > > Pre-processing /usr/share/shorewall/action.AllowICQ... > > Pre-processing /etc/shorewall/action.AllowBitTorrent... > > Pre-processing /usr/share/shorewall/action.AllowSMBswat... > > Pre-processing /usr/share/shorewall/action.DropSMTP... > > Pre-processing /etc/shorewall/action.AllowCVS... > > Pre-processing /usr/share/shorewall/action.AllowSVN... > > Pre-processing /usr/share/shorewall/action.AllowMySQL... > > Pre-processing /usr/share/shorewall/action.AllowPostgreSQL... > > Pre-processing /usr/share/shorewall/action.AllowRsync... > > Pre-processing /usr/share/shorewall/action.AllowDistcc... > > Pre-processing /usr/share/shorewall/action.Drop... > > Pre-processing /usr/share/shorewall/action.Reject... > > We didn''t see either copy of action.AllowAmule: > > Two things: > > 1) You NEVER add or change any file in /usr/share/shorewall! You should add > your actions in /etc/shorewall. > 2) When you add an action, you must add it to /etc/shorewall/actions! See > http://shorewall.net/Actions.html. > > > Processing /etc/shorewall/rules... > > Processing Actions... > > The above means that you have no rules -- more evidence that Shorewall > isn''t installed correctly. And defining an action like action.AllowAmule > does nothing UNLESS YOU HAVE A RULE THAT INVOKES THE ACTION. In your case, > you want: > > AllowAmule net fw > > > Processing /usr/share/shorewall/action.Drop... > > Rule "RejectAuth" added. > > Rule "dropBcast" added. > > Rule "dropInvalid" added. > > Rule "DropSMB" added. > > Rule "DropUPnP" added. > > Rule "dropNotSyn" added. > > Rule "DropDNSrep" added. > > Processing /usr/share/shorewall/action.Reject... > > Rule "RejectAuth" added. > > Rule "dropBcast" added. > > Rule "RejectAuth" added. > > Rule "dropBcast" added. > > Rule "dropInvalid" added. > > Rule "RejectSMB" added. > > Rule "DropUPnP" added. > > Rule "dropNotSyn" added. > > Rule "DropDNSrep" added. > > Processing /usr/share/shorewall/action.RejectAuth... > > Rule "REJECT - - tcp 113" added. > > Processing /usr/share/shorewall/action.DropSMB... > > Rule "DROP - - udp 135" added. > > Rule "DROP - - udp 137:139" added. > > Rule "DROP - - udp 445" added. > > Rule "DROP - - tcp 135" added. > > Rule "DROP - - tcp 139" added. > > Rule "DROP - - tcp 445" added. > > Processing /usr/share/shorewall/action.DropUPnP... > > Rule "DROP - - udp 1900" added. > > Processing /usr/share/shorewall/action.DropDNSrep... > > Rule "DROP - - udp - 53" added. > > Processing /usr/share/shorewall/action.RejectSMB... > > Rule "REJECT - - udp 135" added. > > Rule "REJECT - - udp 137:139" added. > > Rule "REJECT - - udp 445" added. > > Rule "REJECT - - tcp 135" added. > > Rule "REJECT - - tcp 139" added. > > Rule "REJECT - - tcp 445" added. > > Processing /etc/shorewall/policy... > > Policy ACCEPT for fw to net using chain fw2net > > Activating Rules... > > Shorewall Started > > -TomI did as you said and i had problem still. Than i uninstalled Shorewall, install SuSE firewall2 and works fine. Thank you for help. Best regards, Mitja