Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[FlyHigh]

I follow this wiki page:

http://wiki.amule.org/wiki/Firewall

For setting up aMule, I'm tutored to make a bash script including lines below:

iptables -t nat -A PREROUTING -i $EXTIF -p tcp --destination-port $EMULEPORT -j DNAT --to-destination $EMULEHOST:$EMULEPORT
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP -j DNAT --to-destination $EMULEHOST:$EMULEUDP
iptables -t nat -A PREROUTING -i $EXTIF -p udp --destination-port $EMULEUDP2 -j DNAT --to-destination $EMULEHOST:$EMULEUDP2

as well as these three lines:

iptables -A FORWARD -i $EXTIF -o $INTIF -p tcp --dport $EMULEPORT -d $EMULEHOST -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP -d $EMULEHOST -j ACCEPT
iptables -A FORWARD -i $EXTIF -o $INTIF -p udp --dport $EMULEUDP2 -d $EMULEHOST -j ACCEPT

I save the script file and then execute it, but I get these error messages:

Bad argument `tcp'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `udp'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `udp'
Try `iptables -h' or 'iptables --help' for more information.

I can't figure out where the errors locate, frankly I know only a bit of scripts about iptables. Though '-p' implying protocol is absolutely legal in iptables usage. How come a protocal name right behind that indicator is a bad argument?

[HKM]

Did you read the page correctly? What are you trying to do? Just open the ports in IPTables?

TCP port 4662 is used for client to client transfer. (This is needed to obtain HighID on ED2K)
UDP port 4665 is used for global server queries.
UDP port 4672 is used for KAD and extended ED2K quires. (This is needed to obtain Ok status on KAD along side TCP 4662)

1) /sbin/service iptables save
This will dump the current table on file.

2) vi /etc/sysconfig/iptables
This will open IPTable config file with VI editior.

3) PRESS 'i'
This will enable INSERT mode so you can write to the file.

4) -A INPUT -p tcp -m state --state NEW --match multiport --dport 4662 -j ACCEPT
5) -A INPUT -p udp -m state --state NEW --match multiport --dport 4665,4672 -j ACCEPT
This will add multi-ports on IPTable. Place this under *filter section.

6) PRESS [Esc]
7) :wq
This will write to the file and exit VI editor.

service iptables restart
This will restart the IPTable service.

[FlyHigh]

I wanna exactly open tcp port 4662, therefore my client can receive a high ID as I learn. I've forwarded accordingly ports in my router. And yet kad server log tells to open tcp port 4662 and udp port which I've configured to port 4673. I think firewall rule fail my client to get a high ID. Though there are a couple of tutorial pages for specific OS users inside that wiki page, I still found it doesn't work for my Fedora workstation after I've done what it demonstrates. Could someone do me a favour for telling me what I've got wrong?

[HKM]

Did you do what I told you?

[FlyHigh]

Yes, I manage to do but things don't go on well and I can't fix.

Of this command, /sbin/service iptables save, I get this message:

'The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.'

And yet I don't understand how to place a configured IPTable file under *filter section. Do you mean the filter table inside IPTable? Nevertheless, I don't know how to do that.

Another problem is when I type in 'service iptables restart', it tells:

'Redirecting to /bin/systemctl restart  iptables.service
Failed to restart iptables.service: Unit iptables.service failed to load: No such file or directory.'

Thanks to you

[HKM]

Ok ill make this very easy, open cli and as root type these cmds below:

1: systemctl enable iptables
2: systemctl start iptables
3: iptables -F
4: iptables -A INPUT -p tcp -m state --state NEW --match multiport --dport 4662 -j ACCEPT
5: iptables -A INPUT -p udp -m state --state NEW --match multiport --dport 4665,4672 -j ACCEPT
6: /sbin/iptables-save
7: iptables -L -v -n --line-numbers

This will enable and start IPTables and as I don't know what you did so it will flush all current rules and then add the ports. Which after you will save and you can view it was added. Post back if you still have problem.

[FlyHigh]

Problem occurs just from the first command line:

'systemctl enable iptables
Failed to execute operation: No such file or directory'

I make it a go as a root user as you told.

Thank you by the way.

[HKM]

From your first post I assumed you disabled firewalld and installed iptables. So in your case if you didn't then as root using YUM install it.

1: yum install iptables
2: yum install iptables-services

This will install iptables and systemd scripts for iptables services. After its installed repeat the last post and post back if you still have problems.

[FlyHigh]

I've installed those two packages and continue with your instructions. Then new problems occur:

'systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.'

I thought the process above is not a problem somehow. Rather this proceeding:

'systemctl start iptables
Job for iptables.service failed because the control process exited with error code. See "systemctl status iptables.service" and "journalctl -xe" for details.'

Therefore I type in "systemctl status iptables.service" and then I get lines of report:

'systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sun 2016-04-24 19:19:05 CST; 50s ago
  Process: 320 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=1/FAILURE)
 Main PID: 320 (code=exited, status=1/FAILURE)

Apr 24 19:19:03 localhost.localdomain systemd[1]: Starting IPv4 firewall with...
Apr 24 19:19:04 localhost.localdomain iptables.init[320]: iptables: Applying ...
Apr 24 19:19:05 localhost.localdomain iptables.init[320]: [FAILED]
Apr 24 19:19:05 localhost.localdomain systemd[1]: iptables.service: Main proc...
Apr 24 19:19:05 localhost.localdomain systemd[1]: Failed to start IPv4 firewa...
Apr 24 19:19:05 localhost.localdomain systemd[1]: iptables.service: Unit ente...
Apr 24 19:19:05 localhost.localdomain systemd[1]: iptables.service: Failed wi...
Hint: Some lines were ellipsized, use -l to show in full.'

It's tremendous information for me. I hope you can work it out. Always thanks to you.

[HKM]

Sorry I was asleep. But do the following cmds as root in cli and then do the original 7steps again after.

1) systemctl disable firewalld
2) systemctl stop firewalld

This will disable and stop the new firewalld so you can start iptables now thus no conflict. Post back if more problems.

[FlyHigh]

Those two command lines are successfully proceeded. And then I go back to follow your instructions.Yet no problem occurs from the first line. Things appeared the same way after that:

'systemctl start iptables
Job for iptables.service failed because the control process exited with error code. See "systemctl status iptables.service" and "journalctl -xe" for details.'

I managed to see the details which reads almost no difference with last one:

'systemctl status iptables.service -l
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Mon 2016-04-25 11:47:21 CST; 23s ago
  Process: 7735 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=1/FAILURE)
 Main PID: 7735 (code=exited, status=1/FAILURE)

Apr 25 11:47:21 localhost.localdomain systemd[1]: Starting IPv4 firewall with iptables...
Apr 25 11:47:21 localhost.localdomain iptables.init[7735]: iptables: Applying firewall rules: iptables-restore: line 1 failed
Apr 25 11:47:21 localhost.localdomain iptables.init[7735]: [FAILED]
Apr 25 11:47:21 localhost.localdomain systemd[1]: iptables.service: Main process exited, code=exited, status=1/FAILURE
Apr 25 11:47:21 localhost.localdomain systemd[1]: Failed to start IPv4 firewall with iptables.
Apr 25 11:47:21 localhost.localdomain systemd[1]: iptables.service: Unit entered failed state.
Apr 25 11:47:21 localhost.localdomain systemd[1]: iptables.service: Failed with result 'exit-code'.'

Thanks to you.

[HKM]

Maybe there is something wrong in the current iptable rules so try this.

1: iptables -F
2: iptables -A INPUT -p tcp -m state --state NEW --match multiport --dport 4662 -j ACCEPT
3: iptables -A INPUT -p udp -m state --state NEW --match multiport --dport 4665,4672 -j ACCEPT

Step 1-3 will flush the current iptable rules and implement rule 2/3. Then do the following:

4: iptables -L -v -n --line-numbers
5: /sbin/iptables-save

With step 4 you can verify that rules have been amended and with 5 you save it. Post back if more problems.

[FlyHigh]

Things are going well. No more problems so far. What do I need to do right now? Anyway, great thanks to you.

[HKM]

Ok so whats the current status? Right now according to the first post you made you should have the ports open using IPTables.

[FlyHigh]

Hi, HKM, how do you do?

I'm sorry that I'm absent for such a long time. However, I'm always concerned on this post and our discussion. 

Today, I come to review our threads for closing my question which is still unresolved. 

I go to follow your instructions at very beginning. The reason for doing this is that the conditon is not the same as before, which will be explained below.

1) /sbin/service iptables save
This will dump the current table on file.

2) vi /etc/sysconfig/iptables
This will open IPTable config file with VI editior.

3) PRESS 'i'
This will enable INSERT mode so you can write to the file.

4) -A INPUT -p tcp -m state --state NEW --match multiport --dport 4662 -j ACCEPT
5) -A INPUT -p udp -m state --state NEW --match multiport --dport 4665,4672 -j ACCEPT
This will add multi-ports on IPTable. Place this under *filter section.

6) PRESS [Esc]
7) :wq
This will write to the file and exit VI editor.

service iptables restart
This will restart the IPTable service.

I'd like to say all stuff is OKAY. After that, I manage to reconnect aMule. Sadly, in Kad info section, it's told to open tcp port 4662 and in edk2 section, I can only get a low ID.

Should I get your help once again?