aMule Forum
English => en_Linux => Topic started by: ashwin on December 16, 2004, 07:24:00 PM
-
Hi,
I am using Fedora Core 3 linux. I know it has built-in firewall. I want to know how to open port 4662 in my OS. Apart from port 4662 what others should i open to b able to exchange files. Are there any security issues with opening these ports.
Thank you,
with regards,
ashwin
-
http://www.amule.org/wiki/index.php/Firewall
smth about the ports
cheers
-
Running Amule rc7.
http://forum.amule.org/images/bunfirlite/icons/icon7.gif Last night i did follow the commands and got a high ID, all well and good.
I then added a TOS command to minimize-delay :D (everything was fine and dandy).
8o Today I check the listing and it was as i had it yesterday :D
8o then i loaded amule up and BANG LOW-ID ;( klled amule killed the TOS saved / reloaded the rules all fine so loaded amule again :( and again LOW-ID.
what is it i have done ???
is a copy of my rules below.....
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4672
ACCEPT udp -- anywhere anywhere udp multiport dports 4662,4663,4664,4665
any help would be appreciated,
dave.
-
dglnz,
To make sure it is firewall related, disable it temporarily by:
$ ipfilter -F
The run aMule and see if you got lowid. If you do, it is not firewall related.
Cheers!
-
8o ?( Well phoenix after doing what you asked it appears as if it isn´t related to the firewall.
as I still got a LOW-id after re-starting amule.
any suggestion as to what port to try ???
I´ve already tried some ports around 6642 and 6672 for TCP and UDP plus at least 4 other values in the 66xx range.
although i find it funny that i did get it to run once ?????
suggestions please. :)
dave.
-
Originally posted by dglnz
suggestions please. :)
Yes, one suggestion:
Originally posted by dglnz
Running Amule rc7.
Try rc8 or preferrably latest cvs.
Also, while running aMule, go to your web browser and point it to this address:
http://uberpenguin.they-are.us/temp/testport/index.php?
Put there your port and click test. Then report your results.
Cheers!
-
okay upgrade to RC8.
phoenix wrote....
>> Also, while running aMule, go to your web browser and point it to this address:
>> http://uberpenguin.they-are.us/temp/testport/index.php?
used the site referenced above and got no where, even went to 80 and got a LOW id but the test site gave me a success notification.
got an error code 111.
finally looked again at the howto for iptables firewall and realised that i had failed to do _everything_ correctly :( as you see for yourself.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4672
ACCEPT tcp -- anywhere anywhere tcp dpts:4662:4665
^^^ should be udp :]
I have now corrected the offending line and now restarted amule and I got a LOW id again.
here is the corrected iptables firewall for input.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4672
ACCEPT udp -- anywhere anywhere udp dpts:4662:4665
I now get an error 110 code.
So what do i do now ???
your help _is_ great by the way.
dave
ps how do you do the quote ??? tried using the quote button but in preview i saw what was inserted (naaamely ).
-
Originally posted by dglnz
ps how do you do the quote ??? tried using the quote button but in preview i saw what was inserted (naaamely ).
You mean that? :P
Isn't there a quote button at the right side of the sceen on the top of the messages? Write like this (substitute the curly brackets for square brackets:
{quote}{i}Originally posted by dglnz{/i}
bla bla bla
{/quote}
Originally posted by dglnz
okay upgrade to RC8.
good. But cvs tarball would be better, more stable and lots of less bugs.
Originally posted by dglnz
phoenix wrote....
>> Also, while running aMule, go to your web browser and point it to this address:
>> http://uberpenguin.they-are.us/temp/testport/index.php?
used the site referenced above and got no where, even went to 80 and got a LOW id but the test site gave me a success notification.
got an error code 111.
Sorry, but I failed to understand. Error code of 111 is not a success notification.
Error: TCP port 6662 is unavailable. Make sure your firewall or router is allowing/forwarding this TCP service port and your ED2K client is running.
Explanation
TCP Error 111: The port is available for connections but a connection was refused meaning there is nothing listening on that port. This most likely means you can use ED2K but your client is not currently running. Try using this test again with an ED2K client running to make sure you can really establish a connection.
This means that the outside world can reach me, but that aMule is probably not running, because he got no answer.
Success The TCP port 8662 is available. You should be able to use the ED2K P2P service without any problems.
This is a success notification.
Originally posted by dglnz
finally looked again at the howto for iptables firewall and realised that i had failed to do _everything_ correctly :( as you see for yourself.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4672
ACCEPT tcp -- anywhere anywhere tcp dpts:4662:4665
^^^ should be udp :]
I have now corrected the offending line and now restarted amule and I got a LOW id again.
here is the corrected iptables firewall for input.
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4672
ACCEPT udp -- anywhere anywhere udp dpts:4662:4665
I now get an error 110 code.
So what do i do now ???
Please, paste here:
$iptables -n -L -v
Pay attention to the OUTPUT chain, maybe you are blocking outgoing packets, I say that because your INPUT chain has DROP policy.
Originally posted by dglnz
your help _is_ great by the way.
dave
Hey, thanks, you are wellcome. :)
Cheers!
-
Oppppsss found out how to do the QUOTE thingy after i´d posted my last message ;)
Please, paste here:
$iptables -n -L -v
iptables -n -L -v
Chain INPUT (policy DROP 385 packets, 24345 bytes)
pkts bytes target prot opt in out source destination
36034 12M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
55 3420 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 104 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4662
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4672
3 239 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:4662:4665
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 53963 packets, 23M bytes)
pkts bytes target prot opt in out source destination
Now I did have aMule client running at the time i did the tests at the website last night too.
Should i have a rule in OUTPUT like that in the FORWARD chain ???
(what the hell I´ll give it a go and let you know the result before I post this message.
well added this to the iptables...
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
>>>>ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED <<<<<
and i noticed that when i tried to do a new connect to another server i got the following messages
25/01/05 18:56:46: New external connection accepted
25/01/05 18:56:46: Invalid EC packet received <<<< Not seen this before !!!
25/01/05 18:56:56: Warning: DonkeyServer No1 (62.241.53.2:4242) - NG : You have a lowid. Please review your network config and/or your settings.
and still getting a LOW id.
quote:
Originally posted by dglnz
okay upgrade to RC8.
good. But cvs tarball would be better, more stable and lots of less bugs.
In the past i have had dependancy issues with tarballs _but_ I will download one tonight and give it a try.
-
Fedora Core 3? I set my firewall like this (except from my personal blocking rules):
iptables -N RH-Firewall-1-INPUT
iptables -A INPUT -j RH-Firewall-1-INPUT
iptables -A FORWARD -j RH-Firewall-1-INPUT
iptables -A RH-Firewall-1-INPUT -s 66.187.233.4 -p udp -m udp --sport 123 --dport 123 -j ACCEPT
iptables -A RH-Firewall-1-INPUT -i lo -j ACCEPT
iptables -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
iptables -A RH-Firewall-1-INPUT -p esp -j ACCEPT
iptables -A RH-Firewall-1-INPUT -p ah -j ACCEPT
iptables -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
Notice that it differs from your settings in the FORWARD chain.
originally posted by dglnz
25/01/05 18:56:46: New external connection accepted
25/01/05 18:56:46: Invalid EC packet received <<<< Not seen this before !!!
25/01/05 18:56:56: Warning: DonkeyServer No1 (62.241.53.2:4242) - NG : You have a lowid. Please review your network config and/or your settings.
and still getting a LOW id.
Man, I believe this must be amuleweb trying to connect. If you have never seen this before it is because port 4712 was previously disabled. On the rules you show me, this line would match for this port:
pkts bytes target prot opt in out source destination
55 3420 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
All open for interface lo.
Anyway, if you flush your tables, you should have been able to connect (iptables -F). Try first to solve the problem without any rules on the firewall, then you add them.
I will attach a script that I use. Take a look and see if you have any doubt. The intruders table is a table for those suckers that keep scanning my machine everyday X( And amuleports chain is for running in several different amule ports, you probably dont need so many, i did this once when I was testing other things.
Cheers!
-
On 13-01-05 You asked me to try iptables -F and I did.
Result on that occasion was LOW-id being got from the connected server.
to be sure it was right i closed amule and restarted it with no firewall (I mean having the rules flushed).
Today I started amule and got LOW-id again (will dso the -F thing with iptables and report back)
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
after doing the iptables -F command and get a LOW-id.
Now changing the INPUT Policy to accept (Errrrr).
now rules look like this...
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
the test (from website http://uberpenguin.they-are.us/temp/testport/index.php) is below.
Error: TCP port 4662 is unavailable. Make sure your firewall or router is allowing/forwarding this TCP service port and your ED2K client is running.
Explanation
TCP Error 111: The port is available for connections but a connection was refused meaning there is nothing listening on that port. This most likely means you can use ED2K but your client is not currently running. Try using this test again with an ED2K client running to make sure you can really establish a connection.
185.reserved.callplus.net.nz (203.184.24.185)
Coding by uberpenguin, idea by deltaHF, which he found here
Loaded amule up and got a LOW id.
BTW i am running MDK 10.0 Official with IPtables ver 1.2.9
One last thing i have tried and that is to add NEW to the -state option so the INPUT chain looks like this now....
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:4662
ACCEPT udp -- anywhere anywhere udp dpt:4672
ACCEPT udp -- anywhere anywhere udp dpts:4662:4665
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Now i loaded aMule and got a LOW id again (closed it down then reloaded with rules above in operation.
the website referred to earlier gave me a success as below
Success The TCP port 4662 is available. You should be able to use the ED2K P2P service without any problems.
185.reserved.callplus.net.nz (203.184.24.185)
Coding by uberpenguin, idea by deltaHF, which he found here
So what is going on ????
Also my concern is that anyone will be able to getin via the rule in my firewall.
-
dglnz,
I fail to understand how the situation can look better when the firewall is up. With flushed rules you get 111, and with some rules you get ok? That escapes me... ?(
What I can tell you is that: you get a low id if the server at the moment of connection does not get an answer to a EDONKEY HELLO packet that he sent to your TCP port (4662 in your case). Assuming you have firewall rules flushed, and that your IP is not NAT'ed, he should be able to do that. Are you sure your ISP does give you a valid routable IP? Maybe your ISP is blocking port 4662, have you tryied to change the default amule TCP port? Change it to say, 9662 (any unused value will do).
-
Are you sure your ISP does give you a valid routable IP? Maybe your ISP is blocking port 4662, have you tryied to change the default amule TCP port? Change it to say, 9662 (any unused value will do).
8)
@dglnz try this page it will display your private ip.
http://www.whatismyipaddress.com/
Your ISP use for go to internet IP of the NAT/PAT (Network Address Translator / Port Address Translator). It has policy on firewall for block this traffic.
If you will have ip 10.x.x.x or 172.x.x.x ( Network class A or B ) contact your ISP.
Byez
-
snac
thanks for URL have gone to it to try it out.
think about what you both have said _maybe_ the isp _IS_ blocking the port ´cause i did try emule (from another box i was working on for a friend at home here)[/B] and was able to use the onboard message screen (something i am unable to do in amule also) and got a suggestion to goto another port and bingo went from a LOW id to a HIGH id instantly.
the website info tells me this
What is my IP Address?
Your IP Address:
203.184.24.128
and the info i get from my kppp remote address is 203.184.24.128
I am also trying another port ( see earlier messages i had tried 2 or 3 in the 6000 range with no luck).
phoenix
It is a puzzling matter to me also.
when i got the success from the website i though my problems were solved but they were not.
Would me not being able to use the message area that comes with amule program show a problem ?
because all that i get is a notepad icon in top left corner.
did change as asked iptables are now...
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:9662
ACCEPT udp -- anywhere anywhere udp dpt:9672
ACCEPT udp -- anywhere anywhere udp dpts:9662:9665
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ALSO changed the default policy from drop to accept again no change i still get a LOW id.
BOY talk about things getting merky....
the above iptables settings are current okay i got back to the tester site and test on port 9662, 8662
both failed as in previous messages then i try 4662 and get a success as below...
I have had amule running during the testing.
Success The TCP port 4662 is available. You should be able to use the ED2K P2P service without any problems.
128.reserved.callplus.net.nz (203.184.24.128)
Coding by uberpenguin, idea by deltaHF, which he found here
Now just for the hell of it i have gone to 10662, 10672 etc teset gave me a failure and i still get a LOW id
just thinking would i be able to do a VPN for amule ???
I haven´t used or done anything with VPN for windows or linux before.
below are some images of my config for amule incase i´ve done something and it is important and i haven´t said anything about it.