Ubuntu 7.10 server, 8.04 client. I seem to have a problem opening ports. I know this since when I test the opened ports with Deluge it tells me that the ports are closed. The router is a Linksys AG241 v2 with firmware 2.01.03. This has an IP of 192.168.1.1 and is connected to the server on eth0 with an IP of 192.168.1.64. So the settings on the router are to port forward a range 40000-40010 and use the same range in Deluge, the bit torrent program. Both TCP and UDP are forwarded and the IP address of 192.168.1.64 is used. Eth0 is managed by Shorewall (ver. 3.4.4) which also manages eth1 which connects to the network. Eth1 uses the IP 10.0.0.1. The settings in Shorewall are two entries Action – Source – Destination – Protocol – Source Ports – Destination Ports Accept - Zone net - Firewall – TCP - Any - 40000 - 40010 Accept – Zone net – Firewall – UDP – Any – 40000 - 40010 In Deluge I have set the ports to use as 40000 – 40010. The performance is very poor and when the ports are tested 40000 is reported to be closed. I downloaded uTorrent and installed that under Wine and that has the same problems. It is only with bit torrent that there is a problem. All other applications work and work well. Download speeds are very good (for here). So obviously I have got something wrong. Could someone tell me what that is please? I guess it is glaring obvious to all but me :) Also I see that Shorewall is now in version 4.x. Is there an easy way (like apt) to upgrade from 3.4.4? ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
peter wrote:> Ubuntu 7.10 server, 8.04 client. > > I seem to have a problem opening ports. I know this since when I test > the opened ports with Deluge it tells me that the ports are closed. > > The router is a Linksys AG241 v2 with firmware 2.01.03. This has an IP > of 192.168.1.1 and is connected to the server on eth0 with an IP of > 192.168.1.64. > > So the settings on the router are to port forward a range 40000-40010 > and use the same range in Deluge, the bit torrent program. Both TCP and > UDP are forwarded and the IP address of 192.168.1.64 is used. > > Eth0 is managed by Shorewall (ver. 3.4.4) which also manages eth1 which > connects to the network. Eth1 uses the IP 10.0.0.1. > > The settings in Shorewall are two entries > > Action – Source – Destination – Protocol – Source Ports – Destination Ports > Accept - Zone net - Firewall – TCP - Any - 40000 - 40010 > Accept – Zone net – Firewall – UDP – Any – 40000 - 40010I have no idea what the above entries are trying to show. They are neither Shorewall rules nor are they ''iptables -L'' output. So we have no way of knowing what your rules really are. We prefer that problem reports concerning connection problems include the output of "shorewall dump"; see http://www.shorewall.net/support.htm#Guidelines.> > In Deluge I have set the ports to use as 40000 – 40010. The performance > is very poor and when the ports are tested 40000 is reported to be > closed. I downloaded uTorrent and installed that under Wine and that has > the same problems.Where is Deluge/uTorrent running? On the Shorewall system or on a system connected to eth1?> > > Also I see that Shorewall is now in version 4.x. Is there an easy way > (like apt) to upgrade from 3.4.4?Check the Shorewall download page (http://www.shorewall.net/download.htm) and look for ''Debian''. The Debian Shorewall maintainer has an Etch repository and the packages found there work fine on Ubuntu. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Hello Tom, thank you for your response and your patience :) I have appended the output of the Shorewall dump. I had to cut a chunk out of the middle of this file (most of the conntrack table) since it was originally 13.5MB Deluge is running on a client (10.0.0.2) on the network which is connected to eth1. Thanks for your help. Peter Tom Eastep wrote: peter wrote: Ubuntu 7.10 server, 8.04 client. I seem to have a problem opening ports. I know this since when I test the opened ports with Deluge it tells me that the ports are closed. The router is a Linksys AG241 v2 with firmware 2.01.03. This has an IP of 192.168.1.1 and is connected to the server on eth0 with an IP of 192.168.1.64. So the settings on the router are to port forward a range 40000-40010 and use the same range in Deluge, the bit torrent program. Both TCP and UDP are forwarded and the IP address of 192.168.1.64 is used. Eth0 is managed by Shorewall (ver. 3.4.4) which also manages eth1 which connects to the network. Eth1 uses the IP 10.0.0.1. The settings in Shorewall are two entries Action – Source – Destination – Protocol – Source Ports – Destination Ports Accept - Zone net - Firewall – TCP - Any - 40000 - 40010 Accept – Zone net – Firewall – UDP – Any – 40000 - 40010 I have no idea what the above entries are trying to show. They are neither Shorewall rules nor are they ''iptables -L'' output. So we have no way of knowing what your rules really are. We prefer that problem reports concerning connection problems include the output of "shorewall dump"; see http://www.shorewall.net/support.htm#Guidelines. In Deluge I have set the ports to use as 40000 – 40010. The performance is very poor and when the ports are tested 40000 is reported to be closed. I downloaded uTorrent and installed that under Wine and that has the same problems. Where is Deluge/uTorrent running? On the Shorewall system or on a system connected to eth1? Also I see that Shorewall is now in version 4.x. Is there an easy way (like apt) to upgrade from 3.4.4? Check the Shorewall download page (http://www.shorewall.net/download.htm) and look for ''Debian''. The Debian Shorewall maintainer has an Etch repository and the packages found there work fine on Ubuntu. -Tom ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
peter wrote:> Hello Tom, > > thank you for your response and your patience :) > > I have appended the output of the Shorewall dump. > > I had to cut a chunk out of the middle of this file (most of the > conntrack table) since it was originally 13.5MB > > > Deluge is running on a client (10.0.0.2) on the network which is > connected to eth1. >You have no port forwarding rules. Please review: - Shorewall Port Forwarding documentation: http://www.shorewall.net/two-interface.htm#DNAT - Shorewall FAQ 1: http://www.shorewall.net/FAQ.htm#faq1 You need to both forward the traffic through the Linksys to the Shorewall box and forward the traffic through the Shorewall box to the system running Deluge. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Thanks for the comments Tom. I have changed the settings and I think it is correct. I can see that the router forwards a range of ports to the IP of eth0. I can also see that the traffic from eth0 is redirected to the network IP where Deluge is resident. Well at least the settings look that way to me. However, Deluge tests the ports and still reports that the ports are blocked. The inward traffic is generally absent (very slow). The outbound traffic is not great but up to 50 times faster than the inward. I have appended a fresh file. Is anything obvious where I am wrong? Peter Tom Eastep wrote:> peter wrote: >> Hello Tom, >> >> thank you for your response and your patience :) >> >> I have appended the output of the Shorewall dump. >> I had to cut a chunk out of the middle of this file (most of the >> conntrack table) since it was originally 13.5MB >> >> >> Deluge is running on a client (10.0.0.2) on the network which is >> connected to eth1. >> > > You have no port forwarding rules. Please review: > > - Shorewall Port Forwarding documentation: > http://www.shorewall.net/two-interface.htm#DNAT > > - Shorewall FAQ 1: http://www.shorewall.net/FAQ.htm#faq1 > > You need to both forward the traffic through the Linksys to the > Shorewall box and forward the traffic through the Shorewall box to the > system running Deluge. > > -Tom > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
peter wrote:> Thanks for the comments Tom. > > I have changed the settings and I think it is correct. I can see that > the router forwards a range of ports to the IP of eth0. I can also see > that the traffic from eth0 is redirected to the network IP where Deluge > is resident. Well at least the settings look that way to me. > > However, Deluge tests the ports and still reports that the ports are > blocked. The inward traffic is generally absent (very slow). The > outbound traffic is not great but up to 50 times faster than the inward. > > I have appended a fresh file. Is anything obvious where I am wrong?Why are you specifying a source ip address on your DNAT rules? Get rid of it. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/
Hi Tom, When I first set this up I did not have the source IP address and it did not work (even after rebooting). I got the port blocked message on running a test. Prompted by your message I just removed the source IP and as if by magic the ports are now open :) There is of course no performance but that is no doubt another issue. Why this did not work the first time round is not something I will pretend to understand ......... Many thanks for your help :) Peter Tom Eastep wrote:> peter wrote: >> Thanks for the comments Tom. >> >> I have changed the settings and I think it is correct. I can see >> that the router forwards a range of ports to the IP of eth0. I can >> also see that the traffic from eth0 is redirected to the network IP >> where Deluge is resident. Well at least the settings look that way >> to me. >> >> However, Deluge tests the ports and still reports that the ports are >> blocked. The inward traffic is generally absent (very slow). The >> outbound traffic is not great but up to 50 times faster than the inward. >> >> I have appended a fresh file. Is anything obvious where I am wrong? > > Why are you specifying a source ip address on your DNAT rules? Get rid > of it. > > -Tom > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/