hi,
I'm using kubuntu, kernel 2.6, it works as a router, I have 2 windows clients. one needs to run ed2k client, skype, etc.
eth0: internet, this interface receives a valid internet ip address from the modem
eth1: second netcard, it's the gateway for other machines
my firewall:
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -A POSTROUTING -s 10.1.1.0/255.255.255.0 -o eth0 -j MASQUERADE
iptables -A INPUT -i eth0 -p ICMP -j ACCEPT
# ports as they are configured on 10.1.1.4 ed2k client
iptables -A INPUT -i eth0 -p TCP --dport 41001 -m state --state NEW -j ACCEPT
iptables -A INPUT -i eth0 -p UDP --dport 41002 -m state --state NEW -j ACCEPT
iptables -A INPUT -i eth0 -p UDP --dport 41004 -m state --state NEW -j ACCEPT
iptables -A INPUT -p TCP -m state --state RELATED -j ACCEPT
# redirect those ports
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 41001 -j DNAT --to 10.1.1.4:41001
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 41002 -j DNAT --to 10.1.1.4:41002
iptables -t nat -A PREROUTING -i eth0 -p udp --dport 41004 -j DNAT --to 10.1.1.4:41004
on that windows clients this test works:
http://www.amule.org/testport.php "Success"
connects with high id, *but does not download anything, neither uploads*. we selected several files all with high avail. no other options were changed on the ed2k client, just the ports. no firewall on that windows, or antivirus
tried the same without this rule:
iptables -A INPUT -p TCP -m state --state RELATED -j ACCEPT
i read again and again the (iptables) targets section, but I don't understand what's wrong
using wireshark I noticed several udp packets from 10.1.1.4 to internet ip addresses which I believe to be other p2p clients.
any ideas?
thanks!
