Hi, I''m running mldonkey on same box as shorewall. I follow this http://mldonkey.sourceforge.net/ShorewallConfiguration to open ports for edonkey protocol I add in /etc/shorewall/rules: # eDonkey 2000 ACCEPT net $FW tcp 4662 ACCEPT net $FW udp 4666 but I could not connect to any edonkey server. I check logs and notice that udp traffic on port 4666 is still dropped. Jul 8 22:35:57 BSN-77-157-156 Shorewall:fw2net:REJECT: IN= OUT=ppp0 MACSRC=132.71.17.156 DST=213.150.62.180 LEN=34 TOS=00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=4666 DPT=4665 LEN=14 Why? regards Brumela ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On 7/8/07, bruma <brumela@gmail.com> wrote:> Hi, > > I''m running mldonkey on same box as shorewall. > I follow this > http://mldonkey.sourceforge.net/ShorewallConfiguration to > open ports for edonkey protocol > > I add in /etc/shorewall/rules: > # eDonkey 2000 > ACCEPT net $FW tcp 4662 > ACCEPT net $FW udp 4666 > but I could not connect to any edonkey server. > I check logs and notice that udp traffic on port 4666 is still dropped. > Jul 8 22:35:57 BSN-77-157-156 Shorewall:fw2net:REJECT: IN= OUT=ppp0 MAC> SRC=132.71.17.156 DST=213.150.62.180 LEN=34 TOS=00 PREC=0x00 TTL=64 ID=0 DF > PROTO=UDP SPT=4666 DPT=4665 LEN=14 > > Why?Because as the log message you quote says, the destination port is 4665, which you have not allowed. ~David ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
> Because as the log message you quote says, the destination port is > 4665, which you have not allowed.In last two weeks I switched from firewall builder to shorewall. As I remember opening two ports tcp 4662 udp 4666 on firewall builder was enough to allow edonkey traffic. So I guess I have to open more ports on shorewall? What''s the rule to do this? Brumela ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
On Mon, Jul 09, 2007 at 01:32:08PM +0200, bruma wrote:> > Because as the log message you quote says, the destination port is > > 4665, which you have not allowed. > > In last two weeks I switched from firewall builder to shorewall. As I > remember opening two ports > tcp 4662 > udp 4666 > on firewall builder was enough to allow edonkey traffic.edonkey has always used one tcp port, and one udp port three places higher. 4662 and 4666 will never have worked. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
Le lundi 09 juillet 2007 à 13:17 +0100, Andrew Suffield a écrit :> On Mon, Jul 09, 2007 at 01:32:08PM +0200, bruma wrote: > > > Because as the log message you quote says, the destination port is > > > 4665, which you have not allowed. > > > > In last two weeks I switched from firewall builder to shorewall. As I > > remember opening two ports > > tcp 4662 > > udp 4666 > > on firewall builder was enough to allow edonkey traffic. > > edonkey has always used one tcp port, and one udp port three places > higher. 4662 and 4666 will never have worked.I'm not so sure of that, because these ports are also configured on client side. But this should be default config. * in my /etc/shorewall/params i use: # Gnutella 2 ports: GNUTELLA2_TCP=6346 GNUTELLA2_UDP=6347,4637 # Edonkey ports: EDONKEY_TCP=4662 EDONKEY_UDP=4662,4666 # Active P2P protocols: P2P_TCP=$GNUTELLA2_TCP,$EDONKEY_TCP P2P_UDP=$GNUTELLA2_UDP,$EDONKEY_UDP and i allow from wan side these P2P_TCP/UDP traffic. But: my fw IS my p2p client. If it is not, you should consider port forwarding to your p2p client.> > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On Mon, Jul 09, 2007 at 02:27:31PM +0200, Tristan DEFERT wrote:> Le lundi 09 juillet 2007 à 13:17 +0100, Andrew Suffield a écrit : > > On Mon, Jul 09, 2007 at 01:32:08PM +0200, bruma wrote: > > > > Because as the log message you quote says, the destination port is > > > > 4665, which you have not allowed. > > > > > > In last two weeks I switched from firewall builder to shorewall. As I > > > remember opening two ports > > > tcp 4662 > > > udp 4666 > > > on firewall builder was enough to allow edonkey traffic. > > > > edonkey has always used one tcp port, and one udp port three places > > higher. 4662 and 4666 will never have worked. > I''m not so sure of that, because these ports are also configured on > client side. But this should be default config.Only one value can be configured. The other is always +/- 3 from it. This is built into the protocol (yes, it''s strange). ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
> Because as the log message you quote says, the destination port is > 4665, which you have not allowed.Yes, I haven''t allowed this traffic, but I was not aware of that. Yes I''m a shorewall newbie. The problem was in default policy rules which I took from two-interfaces example. I add this line to policy file $FW net ACCEPT and now it''s working :) ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/